cybernews.com Open in urlscan Pro
2606:4700:3108::ac42:2bc5 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cybernews.com/news/att-hit-everest-ransomware/
Submission: On November 25 via api (November 25th 2022, 10:33:09 am UTC) from US — Scanned from DE

Summary HTTP 118 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 26 IPs in 5 countries across 29 domains to perform 118 HTTP transactions. The main IP is 2606:4700:3108::ac42:2bc5, located in United States and belongs to CLOUDFLARENET, US. The main domain is cybernews.com. The Cisco Umbrella rank of the primary domain is 313175.
TLS certificate: Issued by E1 on October 22nd 2022. Valid for: 3 months.

This is the only time cybernews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	2606:4700:310... 2606:4700:3108::ac42:2bc5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2008	15169 (GOOGLE) (GOOGLE)
4	2001:4860:480... 2001:4860:4802:36::178	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
14	2606:4700:20:... 2606:4700:20::681a:bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2620:116:800d... 2620:116:800d:21:93ca:31d8:d86e:38f6	16509 (AMAZON-02) (AMAZON-02)
1 1	35.157.182.139 35.157.182.139	16509 (AMAZON-02) (AMAZON-02)
9	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
4 4	69.192.160.219 69.192.160.219	16625 (AKAMAI-AS) (AKAMAI-AS)
2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
4 4	104.18.33.19 104.18.33.19	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8100:3d7c:b3e5:1d0f:44c5	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::ac43:444e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 4	142.250.185.134 142.250.185.134	15169 (GOOGLE) (GOOGLE)
4 4	84.200.5.215 84.200.5.215	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1	46.4.41.145 46.4.41.145	24940 (HETZNER-AS) (HETZNER-AS)
1	78.46.85.162 78.46.85.162	24940 (HETZNER-AS) (HETZNER-AS)
1 1	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:7f05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
118	26

13 2606:4700:3108::ac42:2bc5 (United States)

ASN13335 (CLOUDFLARENET, US)

cybernews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
media.cybernews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700:20::681a:bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:93ca:31d8:d86e:38f6 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.182.139 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-182-139.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.192.160.219 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.33.19 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8100:3d7c:b3e5:1d0f:44c5 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:444e (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.134 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 84.200.5.215 (Germany) 4 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

www.telefonica-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.lead-alliance.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.4.41.145 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: nonstopads2.sunbonet.de

partner.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.46.85.162 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: nonstopads1.sunbonet.de

partner.blau.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.239.217 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7f05 (United States)

ASN13335 (CLOUDFLARENET, US)

www.conrad.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 stats.g.doubleclick.net — Cisco Umbrella Rank: 94 cm.g.doubleclick.net — Cisco Umbrella Rank: 207 ad.doubleclick.net — Cisco Umbrella Rank: 168	52 KB
25	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 116 tpc.googlesyndication.com — Cisco Umbrella Rank: 147	992 KB
14	ad4m.at as.ad4m.at — Cisco Umbrella Rank: 23672 ad4m.at — Cisco Umbrella Rank: 8597 assets.ad4m.at — Cisco Umbrella Rank: 32089	378 KB
13	cybernews.com cybernews.com — Cisco Umbrella Rank: 313175 media.cybernews.com — Cisco Umbrella Rank: 568509	416 KB
8	google.com www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 4138 adservice.google.com — Cisco Umbrella Rank: 83	2 KB
5	google.de www.google.de — Cisco Umbrella Rank: 5405 adservice.google.de — Cisco Umbrella Rank: 7898	2 KB
4	casalemedia.com 4 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 450	4 KB
4	addthis.com 4 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1455	3 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 40	20 KB
4	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 3247 onesignal.com — Cisco Umbrella Rank: 1204	82 KB
2	lead-alliance.net 2 redirects www.lead-alliance.net — Cisco Umbrella Rank: 70695	732 B
2	telefonica-partner.de 2 redirects www.telefonica-partner.de — Cisco Umbrella Rank: 73623	512 B
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 681	1 KB
2	openx.net rtb.openx.net — Cisco Umbrella Rank: 1486	486 B
2	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 649	925 B
2	ad4mat.net prod-rtb.ad4mat.net — Cisco Umbrella Rank: 83407 static-de.ad4mat.net — Cisco Umbrella Rank: 115873	4 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 178	95 KB
2	gstatic.com www.gstatic.com	14 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 67	157 KB
1	conrad.de www.conrad.de — Cisco Umbrella Rank: 55420	639 B
1	awin1.com 1 redirects www.awin1.com — Cisco Umbrella Rank: 13556	694 B
1	blau.de partner.blau.de — Cisco Umbrella Rank: 91452	1 KB
1	o2online.de partner.o2online.de — Cisco Umbrella Rank: 78147	1 KB
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1473	297 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 314	459 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 566	98 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 587	761 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 860	699 B
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
118	29

	Domain	Requested by
17	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
14	googleads.g.doubleclick.net	www.googletagmanager.com pagead2.googlesyndication.com cybernews.com googleads.g.doubleclick.net
9	cm.g.doubleclick.net	googleads.g.doubleclick.net cybernews.com
8	media.cybernews.com	cybernews.com
8	pagead2.googlesyndication.com	cybernews.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
6	assets.ad4m.at	as.ad4m.at
6	www.google.com	cybernews.com googleads.g.doubleclick.net tpc.googlesyndication.com
5	cybernews.com	cybernews.com
4	ad.doubleclick.net	4 redirects
4	ad4m.at	as.ad4m.at ad4m.at
4	ssum-sec.casalemedia.com	4 redirects
4	e.dlx.addthis.com	4 redirects
4	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
4	www.google.de	cybernews.com
4	www.google-analytics.com	cybernews.com www.google-analytics.com
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.lead-alliance.net	2 redirects
2	www.telefonica-partner.de	2 redirects
2	onesignal.com	cdn.onesignal.com
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	googleads.g.doubleclick.net
2	cms.quantserve.com	googleads.g.doubleclick.net
2	www.googletagservices.com	googleads.g.doubleclick.net
2	www.gstatic.com	googleads.g.doubleclick.net
2	www.googletagmanager.com	cybernews.com www.googletagmanager.com
2	cdn.onesignal.com	cybernews.com cdn.onesignal.com
1	www.conrad.de	as.ad4m.at
1	www.awin1.com	1 redirects
1	partner.blau.de	as.ad4m.at
1	partner.o2online.de	as.ad4m.at
1	static-de.ad4mat.net	as.ad4m.at
1	ag.innovid.com	googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	id.rlcdn.com	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	prod-rtb.ad4mat.net	cybernews.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	region1.analytics.google.com	www.googletagmanager.com
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
118	41

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
www.youtube.com
www.linkedin.com
flipboard.com
careers.cybernews.com

Subject Issuer	Validity	Valid
*.cybernews.com E1	`2022-10-22` - `2023-01-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-03` - `2023-06-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2022-10-15` - `2023-01-13`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.innovid.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-15` - `2023-04-15`	a year	crt.sh

This page contains 13 frames:

Primary Page: https://cybernews.com/news/att-hit-everest-ransomware/
Frame ID: 3F2A4902CAFE650EE5958D69CBFE9410
Requests: 50 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
Frame ID: C25C6C0729F16CC266A703D99548AC66
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&adk=1812271804&adf=3025194257&lmt=1669299560&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383006&bpp=3&bdt=186&idt=229&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3691892219548&frm=20&pv=2&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=245
Frame ID: C535E6AD0322CA5CCBB00EC9F0156AA0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=8387108948&adk=2217422274&adf=2933161405&pi=t.ma~as.8387108948&w=350&fwrn=4&fwrnh=100&lmt=1669299560&rafmt=1&format=350x280&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383009&bpp=1&bdt=188&idt=245&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1023&ady=1336&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=T0AvjyHGp5&p=https%3A//cybernews.com&dtd=250
Frame ID: 751B4485F14E1704EA09381133ACE683
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260
Frame ID: 3635A63F63D820318B89C18ACE7116B2
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CohPF35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSIAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38QdFHZbB-87mWvXwGoNOIlO_nEbrLOZxgEb0IWBtvicTjATp8-kN4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01OTI4MTYxMDc0Nzc5MzgwGAA&sigh=f3ol8x7Z__U&uach_m=[UACH]&cid=CAQSKQDq26N9P6t7jot1Gbcq9kcMj1BZPu918vtKHzM5IxR_F8v0u3oxaFFoGAEgEw
Frame ID: 307F41F471DD17B7F4003F91DB1885A0
Requests: 7 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1jnf4rbmbt4ex0h36a02c2am1aja16bs0thgdyd2b2a44yw3aa9qc8ztapd80a7xnvghpy7da5bzrryqjrf887sa6vy2smp54bytrmcbbswf0whp6wtg37d9k5xxry1tdqh18avh7f9gm8v72c6e5a3q83vyxna7k4n0s94yv3vy90tj99sv09v4pvfz28xfry5svwwafyg9468cqrw6b3f93cmkwa170sc5eqwjwe4n58ev5n9a67daxn42yx2234pnpganw6zsw6pv6s42xd5952d4jjbvcn2ywsnz2cxgm5fj8yftc9vj11npdrknt9c9gyq9re7h8v2dczyr7hd4484f58k4qkrcpgcbn68xm6rv599ns3e66cebkfwn1fpv6rsb7w4a5a7qhb6qdn7bkx7xkm55r3b88qjsbs93tk4z9m3k2&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%26client%3Dca-pub-5928161074779380%26adurl%3D
Frame ID: 83EC3EA6C504DEC023A6AC9BC4B9D275
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D7EFF8176C86E625D964B13C3D1C8064
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4B22192E5FC0099F58EEED39CA6C9353
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 7B524917CFA89ED46BF270A0CF2335E7
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=300&d=250&e=&g=d47fa36164ca89098b802a91568f96b8%2F8479885452760686459&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1669372384375&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jhwp3tp7pp2aec6q3d2z2zj8pv49mwjvcm1haz9ratj4djyc2m8gxkzqnswgps2fxreks2aktcx4nzjf80e188rcr1z7whrbz0b5b0rxpgwgkh1gbj0t8c0xzrf1s89prjwwr4518z9ne4s2r95mg2qq2ne8wwj97wyfa1ncw0aqbn5ppasd5jd2ahac1bwsdd5va93j34dkxxjp2120nd14rp66a1vx0pp3h404ykk3mxdmb09dch03zwvex9753z3nyzqkmd5tsbetdpg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%2526client%253Dca-pub-5928161074779380%2526adurl%253D&y=1&s=&z=0
Frame ID: 5D72175D5FC5148D7126B6FCCC4FC018
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9759915192D4F0C63BE3E3DA10893B19
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2C8C8DB79BDE956918E7D56C81ED3BAE
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Everest ransom group adds AT&T to its victim list | Cybernews

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Page Statistics

118
Requests

91 %
HTTPS

61 %
IPv6

29
Domains

41
Subdomains

26
IPs

5
Countries

2217 kB
Transfer

3890 kB
Size

46
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/CyberNews

Search URL Search Domain Scan URL

URL: https://www.facebook.com/cybernewscom/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/CyberNews

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cybernews

Search URL Search Domain Scan URL

URL: https://flipboard.com/@CyberNews_com

Search URL Search Domain Scan URL

URL: https://careers.cybernews.com/
Title: Careers

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 78

https://d.agkn.com/pixel/2175/?google_gid=CAESEM4xK9UlNFw9h-s7bsUV69k&google_cver=1&google_push=ASkJ3FYc_2hQxn3DDM2AbN4Qln95MTlZ4iy4LoWllFH_7ZlJxGb-6W2UOqRoarQ3fefGBi6xNbYwsj1APdr32Ud1AlgYYmMD7k-2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FYc_2hQxn3DDM2AbN4Qln95MTlZ4iy4LoWllFH_7ZlJxGb-6W2UOqRoarQ3fefGBi6xNbYwsj1APdr32Ud1AlgYYmMD7k-2&google_hm=Q0FFU0VNNHhLOVVsTkZ3OWgtczdic1VWNjlr

Request Chain 80

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3Fb7Bj3Dy3NHSBzJJPdvTFCwtB0EZv3QMFLwDlOK1PmEG9mXCNjrTbl9fOYNoBFkrf0-G9xg2Xmvl0DrAzWQPDtxthV90Ld6&google_gid=CAESEKJk8KVN8UeDzjmfI9iE-JQ&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3Fb7Bj3Dy3NHSBzJJPdvTFCwtB0EZv3QMFLwDlOK1PmEG9mXCNjrTbl9fOYNoBFkrf0-G9xg2Xmvl0DrAzWQPDtxthV90Ld6&google_gid=CAESEKJk8KVN8UeDzjmfI9iE-JQ&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjExMjUxMDMzMDQwMDAxMzkwMTc5NTIxNg%3D%3D&google_push=ASkJ3Fb7Bj3Dy3NHSBzJJPdvTFCwtB0EZv3QMFLwDlOK1PmEG9mXCNjrTbl9fOYNoBFkrf0-G9xg2Xmvl0DrAzWQPDtxthV90Ld6

Request Chain 82

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEERaNq4kQerTv2yqx1Axffc&google_cver=1&google_push=ASkJ3FZcf8dLntWRKj-Yv5UPiyhIEK0MQDj8joswODsTUlWUSXv7gbWxQsChmmOnxiMBTIGHEwm_7lHcekNYmfoINxfClZ9koxE HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEERaNq4kQerTv2yqx1Axffc&google_push=ASkJ3FZcf8dLntWRKj-Yv5UPiyhIEK0MQDj8joswODsTUlWUSXv7gbWxQsChmmOnxiMBTIGHEwm_7lHcekNYmfoINxfClZ9koxE&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEERaNq4kQerTv2yqx1Axffc&google_hm=Y4CZ4CrLLq8ZOheI0ps0FgAABLMAAAIB&google_nid=index&google_push=ASkJ3FZcf8dLntWRKj-Yv5UPiyhIEK0MQDj8joswODsTUlWUSXv7gbWxQsChmmOnxiMBTIGHEwm_7lHcekNYmfoINxfClZ9koxE

Request Chain 86

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3FaJdAs5okREDnq8wiiuM1R4tU5jxQKXVO3_lWsTDReIoRAB3fzOQbLtPc_k3UDMgVwlX9lPwBAfqBSNxzq1J6b7MaQ9fbdVXQ&google_gid=CAESEBTFzkH_lc_Asbjeww2kQ0Q&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3FaJdAs5okREDnq8wiiuM1R4tU5jxQKXVO3_lWsTDReIoRAB3fzOQbLtPc_k3UDMgVwlX9lPwBAfqBSNxzq1J6b7MaQ9fbdVXQ&google_gid=CAESEBTFzkH_lc_Asbjeww2kQ0Q&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjExMjUxMDMzMDQwMDAxNTc3ODkxMjgxNw%3D%3D&google_push=ASkJ3FaJdAs5okREDnq8wiiuM1R4tU5jxQKXVO3_lWsTDReIoRAB3fzOQbLtPc_k3UDMgVwlX9lPwBAfqBSNxzq1J6b7MaQ9fbdVXQ

Request Chain 88

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELx4ZoJndBouEw2bD6zwVec&google_cver=1&google_push=ASkJ3FbUDtPwwZd6eQ9Rx01bnx15rwnH5G9ZZh6dAgtqudFXOthfBtYtal5IGWVvgTJI87eFe6EjPU1ckjBWoQ1EWKg_V-9N3_hq HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELx4ZoJndBouEw2bD6zwVec&google_cver=1&google_push=ASkJ3FbUDtPwwZd6eQ9Rx01bnx15rwnH5G9ZZh6dAgtqudFXOthfBtYtal5IGWVvgTJI87eFe6EjPU1ckjBWoQ1EWKg_V-9N3_hq&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=76tsxQ90Rxewd-ykCb99RA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FbUDtPwwZd6eQ9Rx01bnx15rwnH5G9ZZh6dAgtqudFXOthfBtYtal5IGWVvgTJI87eFe6EjPU1ckjBWoQ1EWKg_V-9N3_hq

Request Chain 89

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEP6S-YXfl5FaAiUgKR89dZU&google_cver=1&google_push=ASkJ3FbVLn89E7mebn5y1qtey1spONauT09DsFw-UBhqhBCAv1Ns4ewsczw5Y8s_T336gxcWV_W1MAH0qUoJZhphg6A6u9Liob7iVw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEFXRDdSRDEtSy1NMEk0&google_push=ASkJ3FbVLn89E7mebn5y1qtey1spONauT09DsFw-UBhqhBCAv1Ns4ewsczw5Y8s_T336gxcWV_W1MAH0qUoJZhphg6A6u9Liob7iVw

Request Chain 90

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKYrvpJEJhhCSCc9uE-Frlc&google_cver=1&google_push=ASkJ3FZ0TbUlefE0ncK7NvkE11m8048rTRqTCkH2dXwatG9fUR9M3ZE1mI1U1kkeJ683Y1YxTjncVoobTZwwuJFJFPUDJ3iKxHdS2Q HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEKYrvpJEJhhCSCc9uE-Frlc&google_push=ASkJ3FZ0TbUlefE0ncK7NvkE11m8048rTRqTCkH2dXwatG9fUR9M3ZE1mI1U1kkeJ683Y1YxTjncVoobTZwwuJFJFPUDJ3iKxHdS2Q&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEKYrvpJEJhhCSCc9uE-Frlc&google_hm=Y4CZ4CrLLq8ZOheI0ps0FgAABLMAAAIB&google_nid=index&google_push=ASkJ3FZ0TbUlefE0ncK7NvkE11m8048rTRqTCkH2dXwatG9fUR9M3ZE1mI1U1kkeJ683Y1YxTjncVoobTZwwuJFJFPUDJ3iKxHdS2Q

Request Chain 112

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D117703V1226132702M%26subid%3Dviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=CIaN6d-QyfsCFcN_4Aod3oAKsA;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D117703V1226132702M%26subid%3Dviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://www.telefonica-partner.de/tpv.php?t=117703V1226132702M&subid=viewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=117703V1226132702M&subid=viewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117703&s_id=2022112511330478865730175X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&cons=0&spid=2022112511330478865730175X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&wfid=117703&partnerid=12218

Request Chain 115

https://ad.doubleclick.net/ddm/trackimp/N773418.3163536BLAU_AFFILIATE/B25532621.345088000;dc_trk_aid=536454876;dc_trk_cid=177082088;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D113752V1225131106M%26subid%3DviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N773418.3163536BLAU_AFFILIATE/B25532621.345088000;dc_pre=CP2O6d-QyfsCFY8y4AodLEwGcA;dc_trk_aid=536454876;dc_trk_cid=177082088;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D113752V1225131106M%26subid%3DviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=viewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=viewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2022112511330478865730173X113752V1225131106MSviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&cons=0

Request Chain 118

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.conrad.de/ztpv.php?awc=11354_412871_1669372384_8b4df470-6cac-11ed-9d10-2262c713b6c4&insert=AW&&gdpr=0&gdpr_consent=

118 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
cybernews.com/news/att-hit-everest-ransomware/ 121 KB
26 KB 309ms
237ms Document
text/html 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7e1ebac33ecb2f6316df7acce08a9c1ad1df48ed968916bed0345363ff4aa27

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 76f9b94f2f545b8c-FRA
content-encoding: br
content-security-policy: default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
ct-content-bucket: News
ct-content-type: Editorial
date: Fri, 25 Nov 2022 10:33:02 GMT
expires: Fri, 25 Nov 2022 14:33:02 GMT
last-modified: Thu, 24 Nov 2022 14:19:20 GMT
referrer-policy: no-referrer
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 85ms
30ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d12c6745eca14e06d4dea70f4c2bd875769b349770d04300477ab18d0db005d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:02 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1306
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 76f9b95119999066-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 28 Nov 2022 10:33:02 GMT

GET
H2 200 base-9058b41af4.js Show response
cybernews.com/js/ 21 KB
9 KB 81ms
80ms Script
application/javascript 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybernews.com/js/base-9058b41af4.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e017bf092aed0ef4d904cce0115aaed7ae9dfe17c57305e753667cb82d4a1e8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
content-security-policy: default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
age: 73858
cf-polished: origSize=21775
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 24 Nov 2022 09:32:09 GMT
cf-bgj: minify
server: cloudflare
etag: W/"637f3a19-550f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 76f9b950daaa5b8c-FRA
expires: Fri, 25 Nov 2022 14:33:02 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
49 KB 119ms
72ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5928161074779380

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

459700c779b6fca49ae4f1802dd616bf4133c8373b461b66f282a2125b01e8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: https://cybernews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:02 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49128
x-xss-protection: 0
server: cafe
etag: 9621458263645795585
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 25 Nov 2022 10:33:02 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 233 KB
81 KB 85ms
39ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KMWQ6GT

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4b779487cf2d04eb8d1c47011b581d3112cf0dfb85274bbfab8a4f46a383e603

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 82653
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 25 Nov 2022 10:33:02 GMT

GET
DATA 200
OK truncated
/ 61 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34a9b8c3e6088d42a01e3cf800492030fe7432bc24fa9f6ce83e8471f4ab58b2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 61 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6976b1e225d48e5e0097d79498a99fc73f8b43cd4b693080aa5f6960e1ce50e4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 61 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e138d129f38769d7080ed6ac6519dce8a4d546b7da5709b12aedff39673fa021

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f290a3a287182664a81ea150c04e7d1a451f1bf74f6738b43d382e3d40d98002

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 65 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb830317bac065a5fc2c58ae1d9645abf4633632382af96f86a0be5b06de15eb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 63 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9fca9ae04b4bca7ef7d4f2c43505769b1f03fd173ecf3871dd7b7ee0f115dd48

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 62 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab8f0b6cec3eb6cd02efd0a9324053b868cac7dcda99fc89871b4e87141bdf14

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 68ms
18ms Script
text/javascript 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 25 Nov 2022 09:24:49 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 4093
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Fri, 25 Nov 2022 11:24:49 GMT

GET
H2 200 Jurgita.jpg
media.cybernews.com/images/124w/2022/05/ 3 KB
3 KB 91ms
79ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/124w/2022/05/Jurgita.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80dc17ad7b2896c6aef51b6dd8bca9799c18d1f8b8124131406dc0f3076c582f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2997
cf-resized: internal=ok/h q=0 n=18 c=4+41 v=2022.11.7 l=2997
last-modified: Wed, 27 Jul 2022 11:16:31 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cfbrEeycgBr7pESXSWw4ltOKwhu8a78mnQ6fWd3Ow7BQ:fb5426068b9a01fdd9fd53aa091741ba"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f9b9517bca5b8c-FRA

GET
H2 200 ATandTlogovisible.jpg
media.cybernews.com/images/750w/2022/10/ 84 KB
84 KB 768ms
755ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/750w/2022/10/ATandTlogovisible.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e21f9e0b83aad6bdef46a24b5ad30b49c7f05cc0ef74d7afb1a2e5c73950eeb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 964a39834d1c30d492d23adf450cc62c.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 86137
cf-resized: internal=ok/h q=0 n=293 c=9+337 v=2022.11.7 l=86137
last-modified: Fri, 28 Oct 2022 08:26:39 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cfXNw5V7T7GhLUd6m6vGUonAu-u5KfpxHRw9djGO55BQ:449a8c7548439f522097d341cc1e53e6"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 76f9b9517bc65b8c-FRA

GET
H2 200 erverestransompage.png
media.cybernews.com/2022/10/ 266 KB
266 KB 296ms
283ms Image
image/png 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/2022/10/erverestransompage.png

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccc5a1f8ce53359c95a0e7baa4176a052d3caa1ee0f9e85bff16f77167c79158

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 794b3484558c523be0731771cea601ca.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-cf-pop: OTP50-C1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 272183
last-modified: Fri, 28 Oct 2022 08:19:23 GMT
server: cloudflare
etag: "0dcd03edcb3ec2a080abbf0180942f16"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=15780000
accept-ranges: bytes
cf-ray: 76f9b9517bd95b8c-FRA
x-amz-cf-id: AWMyIWcjVBHVhVN7osF8w7fDyuCsa93ITfBN5GnZLzjduzOBAXU-1A==
expires: Sat, 27 May 2023 01:53:03 GMT

GET
H2 200 attack-of-drone.jpg
media.cybernews.com/images/thumbnail/2022/11/ 6 KB
6 KB 76ms
64ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail/2022/11/attack-of-drone.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e375c9bea0b8741023ba0fa27a551012e340a6480c7bc7f269c5f1f7d11f141d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 0921eae154c93e666b192fa267ea4bfa.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5660
cf-resized: internal=ok/h q=0 n=13 c=8+86 v=2022.11.7 l=5660
last-modified: Wed, 23 Nov 2022 12:44:59 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cf9FhSOvWLwYBahqIIWwlpTwoSPri99XVCPD58WiJxBQ:e35529c1768da086b42d77f0bd0887db"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 76f9b9517bd35b8c-FRA

GET
H2 200 arrest-police-enforcement.jpg
media.cybernews.com/images/thumbnail_small/2022/11/ 6 KB
6 KB 81ms
69ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail_small/2022/11/arrest-police-enforcement.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3220d2121ccecefccf4dad1efdfea13f352756d461d27bd1c7569009749ffffb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 c49bda74c25f4f26cc20173eec28da1e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6220
cf-resized: internal=ok/e q=0 n=196 c=7+110 v=2022.11.7 l=6220
last-modified: Thu, 24 Nov 2022 12:14:17 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cfdzTggVflIy7vQIB_EPlOmE6V8iFZYhIqdjUqgfspBQ:d526197f25b9cfe2c82c9e301f932bc5"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 76f9b9517bd15b8c-FRA

GET
H2 200 strange-eleven-coke.jpg
media.cybernews.com/images/thumbnail_small/2022/11/ 3 KB
3 KB 76ms
64ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail_small/2022/11/strange-eleven-coke.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62158794ebacc276bdb4b64499da06cefc3f6ba2ceccc16ce10e856ee4684385

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2808
cf-resized: internal=ok/h q=0 n=27 c=5+210 v=2022.11.7 l=2808
last-modified: Fri, 18 Nov 2022 10:15:02 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cfh6FKnejdPisSBmDS9qZOQu8J8iFZYhIqdjUqgfspBQ:bb1f88144a337b8716111d07f6f7691d"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 76f9b9517bcc5b8c-FRA

GET
H3 200 weakest-passwords-2022.png
media.cybernews.com/images/thumbnail_small/2022/11/ 3 KB
3 KB 82ms
82ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail_small/2022/11/weakest-passwords-2022.png

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f22e9f962892c56a7ea38b57a8d062520b6877d5387336aabefde558e9e0c12

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2697
cf-resized: internal=ok/h q=0 n=74 c=9+53 v=2022.11.7 l=2697
last-modified: Mon, 14 Nov 2022 11:30:16 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cf-AeV9YZkM3k9M2KIGDEZ3aMI8iFZYhIqdjUqgfspBQ:bb17d884c4653136a0e11d8bd3befb45"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 76f9b951e93290b8-FRA

GET
H3 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 283 KB
68 KB 66ms
43ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

843114448aaeeda7e8caa0cf76d61e0c63b8bffccd34517483363fdb15cdc80c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:02 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1299
etag: W/"2f96824aee4bf927e734cc519e3e726d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 76f9b9518eebbbd3-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 28 Nov 2022 10:33:02 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/589784210/ 2 KB
1 KB 84ms
35ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/589784210/?random=1669372382983&cv=11&fst=1669372382983&bg=ffffff&guid=ON&async=1&gtm=2wgb90&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&tiba=Everest%20ransom%20group%20adds%20AT%26T%20to%20its%20victim%20list%20%7C%20Cybernews&auid=564574597.1669372383&uaw=0&data=contentBucket%3DNews%3BcontentType%3DEditorial&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMWQ6GT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b200b6bb7bb5beedcf448fcaac7a5d34eb79d251cbe58b53b1f562d0ab3a992f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 952
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 217 KB
75 KB 72ms
28ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KT8DKCHF41&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMWQ6GT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

76cbc6fde17fa6880a685b13bccd16ecd11a52103be91dfbd9e1e5229afc8e39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77123
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 25 Nov 2022 10:33:03 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/ 355 KB
117 KB 134ms
92ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5928161074779380&plah=cybernews.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5928161074779380

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a0a1f7a0aee9d6f23f2d09f2b5fe7a083cb71b45897d9057bdcc28f379a03f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119613
x-xss-protection: 0
server: cafe
etag: 14126618086573609962
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 25 Nov 2022 10:33:03 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/ Frame C25C 10 KB
5 KB 37ms
18ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5928161074779380

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 78753
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 24 Nov 2022 12:40:30 GMT
etag: 10353107486223812946
expires: Thu, 08 Dec 2022 12:40:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 64ms
26ms XHR
text/plain 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=407573065&t=pageview&_s=1&dl=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&ul=en-us&de=UTF-8&dt=Everest%20ransom%20group%20adds%20AT%26T%20to%20its%20victim%20list%20%7C%20Cybernews&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IADAAEABAAAAACAAI~&jid=1767560637&gjid=310118087&cid=153206492.1669372382&tid=UA-149779697-1&_gid=669699561.1669372383&_r=1&_slc=1&cd1=Jurgita%20Lapienyt%C4%97&cd2=News&cd3=Editorial&z=334723770

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 61ms
26ms XHR
text/plain 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=407573065&t=event&ni=1&_s=1&dl=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&ul=en-us&de=UTF-8&dt=Everest%20ransom%20group%20adds%20AT%26T%20to%20its%20victim%20list%20%7C%20Cybernews&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=cookieFooter&ea=load&el=organic&_u=YADAAEABAAAAACAAI~&jid=1496099327&gjid=1984210948&cid=153206492.1669372382&tid=UA-149779697-1&_gid=669699561.1669372383&_r=1&cd1=Jurgita%20Lapienyt%C4%97&cd2=News&cd3=Editorial&gtm=2wgb90KMWQ6GT&cg1=News&cg2=Editorial&cd6=2022-11-25T10%3A33%3A02.992Z&z=786121621

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/589784210/ 42 B
548 B 82ms
31ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/589784210/?random=1669372382983&cv=11&fst=1669370400000&bg=ffffff&guid=ON&async=1&gtm=2wgb90&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&tiba=Everest%20ransom%20group%20adds%20AT%26T%20to%20its%20victim%20list%20%7C%20Cybernews&data=contentBucket%3DNews%3BcontentType%3DEditorial&fmt=3&is_vtc=1&random=1441089533&rmt_tld=0&ipr=y

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/589784210/ 42 B
548 B 83ms
34ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/589784210/?random=1669372382983&cv=11&fst=1669370400000&bg=ffffff&guid=ON&async=1&gtm=2wgb90&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&tiba=Everest%20ransom%20group%20adds%20AT%26T%20to%20its%20victim%20list%20%7C%20Cybernews&data=contentBucket%3DNews%3BcontentType%3DEditorial&fmt=3&is_vtc=1&random=1441089533&rmt_tld=1&ipr=y

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
345 B 86ms
25ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-KT8DKCHF41&gtm=2oeb90&_p=407573065&_gaz=1&cid=153206492.1669372382&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1669372383&sct=1&seg=0&dl=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&dt=Everest%20ransom%20group%20adds%20AT%26T%20to%20its%20victim%20list%20%7C%20Cybernews&en=page_view&_fv=1&_ss=1&ep.contentBucket=News
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KT8DKCHF41&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 82ms
28ms Ping
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-KT8DKCHF41&cid=153206492.1669372382&gtm=2oeb90&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KT8DKCHF41&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 53ms
45ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KT8DKCHF41&cid=153206492.1669372382&gtm=2oeb90&aip=1&z=1159819936

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
440 B 80ms
26ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-149779697-1&cid=153206492.1669372382&jid=1767560637&gjid=310118087&_gid=669699561.1669372383&_u=IADAAEAAAAAAACAAI~&z=200985826

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 80ms
27ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-149779697-1&cid=153206492.1669372382&jid=1496099327&gjid=1984210948&_gid=669699561.1669372383&_u=YADAAEABAAAAACAAI~&z=320051833

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 90ms
46ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-149779697-1&cid=153206492.1669372382&jid=1767560637&_u=IADAAEAAAAAAACAAI~&z=758406505

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 91ms
46ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-149779697-1&cid=153206492.1669372382&jid=1767560637&_u=IADAAEAAAAAAACAAI~&z=758406505

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 90ms
46ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-149779697-1&cid=153206492.1669372382&jid=1496099327&_u=YADAAEABAAAAACAAI~&z=455388669

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 91ms
47ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-149779697-1&cid=153206492.1669372382&jid=1496099327&_u=YADAAEABAAAAACAAI~&z=455388669

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 393 B
699 B 97ms
28ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=cybernews.com&callback=_gfp_s_&client=ca-pub-5928161074779380&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5928161074779380&plah=cybernews.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6ebd9fd37aacb1837e946ec2ab14653774b36b8d05e90da3e56358166cb67ca0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 254
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 111ms
29ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=cybernews.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 95ms
31ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=cybernews.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C535 0
20 B 207ms
161ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&adk=1812271804&adf=3025194257&lmt=1669299560&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383006&bpp=3&bdt=186&idt=229&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3691892219548&frm=20&pv=2&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=245

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 10:33:03 GMT
expires: Fri, 25 Nov 2022 10:33:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 751B 31 KB
12 KB 611ms
573ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=8387108948&adk=2217422274&adf=2933161405&pi=t.ma~as.8387108948&w=350&fwrn=4&fwrnh=100&lmt=1669299560&rafmt=1&format=350x280&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383009&bpp=1&bdt=188&idt=245&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1023&ady=1336&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=T0AvjyHGp5&p=https%3A//cybernews.com&dtd=250

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f71eb5d7c97ceb9812ad67434ffe5facdd931ef823d0e3f2b09fe5ebbfd1a7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 12530
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 10:33:03 GMT
expires: Fri, 25 Nov 2022 10:33:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3635 139 KB
30 KB 531ms
503ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0c8472253c350281f2c142cf3d4789586f539c3af3fd9baf68ba1048a21bec3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 31056
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 10:33:03 GMT
expires: Fri, 25 Nov 2022 10:33:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 6548e2693f53f59daa3961d0dd1d6f1f.js Show response
www.gstatic.com/mysidia/ Frame 3635 9 KB
5 KB 70ms
19ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6548e2693f53f59daa3961d0dd1d6f1f.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71a8be1afe6e03fc91ef705cffaf7f3058159e8d86b7adb9d78a56cd7f18f577

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 01:50:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 290568
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4197
x-xss-protection: 0
last-modified: Tue, 15 Nov 2022 00:08:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 20 Feb 2023 01:50:15 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 3635 2 KB
846 B 75ms
24ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 11:55:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 81468
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 11:55:15 GMT

GET
H2 200 c42ecac5b0a5717c99bf1e3a0e3a76fe.js Show response
www.gstatic.com/mysidia/ Frame 3635 22 KB
9 KB 70ms
20ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c42ecac5b0a5717c99bf1e3a0e3a76fe.js?tag=exit_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b6d42772cb994d3a02eb092408136bf7d30a301feddff6495fdab708242de62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 22 Nov 2022 01:50:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 290541
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9519
x-xss-protection: 0
last-modified: Tue, 15 Nov 2022 00:08:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 20 Feb 2023 01:50:42 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame 3635 23 KB
10 KB 67ms
18ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 07:15:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11861
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9428
x-xss-protection: 0
server: cafe
etag: 246362764157784863
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Dec 2022 07:15:22 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 3635 3 KB
1 KB 172ms
131ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 07:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Dec 2022 07:15:21 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 3635 18 KB
7 KB 69ms
21ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 16:34:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64731
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 16:34:12 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3635 0
0 28ms
27ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR1x10gW0ceLD_mUXFqa01gMaadsstZYypjGLm5Sl9ZKuOyDfh_85V8lDd2TZAVaX1MsUldUdfzJiH5Rl2NybMNSvq3VA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3635 154 KB
48 KB 87ms
30ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 10:33:03 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 307F 0
0 64ms
63ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CohPF35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSIAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38QdFHZbB-87mWvXwGoNOIlO_nEbrLOZxgEb0IWBtvicTjATp8-kN4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01OTI4MTYxMDc0Nzc5MzgwGAA&sigh=f3ol8x7Z__U&uach_m=[UACH]&cid=CAQSKQDq26N9P6t7jot1Gbcq9kcMj1BZPu918vtKHzM5IxR_F8v0u3oxaFFoGAEgEw

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=8387108948&adk=2217422274&adf=2933161405&pi=t.ma~as.8387108948&w=350&fwrn=4&fwrnh=100&lmt=1669299560&rafmt=1&format=350x280&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383009&bpp=1&bdt=188&idt=245&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1023&ady=1336&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=T0AvjyHGp5&p=https%3A//cybernews.com&dtd=250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 307F 0
0 81ms
28ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1ktnmrrnnwsxw8pna1s8hg99smvs01ed6t58w16sk6mdr22np2rsqrt47b3967r4m99tc0vrsffjq4cphxtag9yt2mkacnsc0rh99r4gg0m801218pme66nesgaddc84xc1a6ac70retwtv9zaphkem65bzdtqschswra8q8fpk71h0jwytp8rnw6hy1gd68hnrr1p8qetaxdftnfkc13ssdt2skj1345g171xxszn5e8kmpvj9a1h8hjze7p9jrf717q7tmthh6c3r48h0ea08j759tmzkvxp13e1x9wpdawwvjk0egg9wjteagr64ht2k8y22p9wp70xpva40e24arvdhs2s2t8nsy9jgs2daeq0d5k55cxhqaz7c0t58k2t8xf2axrr&b=Y4CZ3wAFA_IKcaISAACVEgNeqmGAX4KRGO81Og
Requested by: Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 25 Nov 2022 10:33:03 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 83EC 2 KB
3 KB 99ms
47ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1jnf4rbmbt4ex0h36a02c2am1aja16bs0thgdyd2b2a44yw3aa9qc8ztapd80a7xnvghpy7da5bzrryqjrf887sa6vy2smp54bytrmcbbswf0whp6wtg37d9k5xxry1tdqh18avh7f9gm8v72c6e5a3q83vyxna7k4n0s94yv3vy90tj99sv09v4pvfz28xfry5svwwafyg9468cqrw6b3f93cmkwa170sc5eqwjwe4n58ev5n9a67daxn42yx2234pnpganw6zsw6pv6s42xd5952d4jjbvcn2ywsnz2cxgm5fj8yftc9vj11npdrknt9c9gyq9re7h8v2dczyr7hd4484f58k4qkrcpgcbn68xm6rv599ns3e66cebkfwn1fpv6rsb7w4a5a7qhb6qdn7bkx7xkm55r3b88qjsbs93tk4z9m3k2&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%26client%3Dca-pub-5928161074779380%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=8387108948&adk=2217422274&adf=2933161405&pi=t.ma~as.8387108948&w=350&fwrn=4&fwrnh=100&lmt=1669299560&rafmt=1&format=350x280&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383009&bpp=1&bdt=188&idt=245&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1023&ady=1336&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=T0AvjyHGp5&p=https%3A//cybernews.com&dtd=250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41e1fe7a9aa10bd0de43e02cde11da632db807e0ef54c3ede0bba12ef9c95d71

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 76f9b957bf53bbd1-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 10:33:03 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 307F 3 KB
1 KB 67ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 07:15:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11862
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 09 Dec 2022 07:15:21 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D7EF 1 KB
643 B 22ms
21ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 85737
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 24 Nov 2022 10:44:06 GMT
etag: 48472445140208031
expires: Fri, 25 Nov 2022 10:44:06 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 307F 18 KB
7 KB 66ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 16:34:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64731
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 08 Dec 2022 16:34:12 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 307F 0
0 28ms
28ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR1OlCtP6lpjJzOAnRRvC-VIVw1C498wzMm3MZC669SjxarUdVfD8kbVZG6g4lvnyJEOHIQJKcveYfFPZfaFLnOCmtHpQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=8387108948&adk=2217422274&adf=2933161405&pi=t.ma~as.8387108948&w=350&fwrn=4&fwrnh=100&lmt=1669299560&rafmt=1&format=350x280&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383009&bpp=1&bdt=188&idt=245&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1023&ady=1336&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=T0AvjyHGp5&p=https%3A//cybernews.com&dtd=250
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 307F 154 KB
47 KB 123ms
61ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 10:33:03 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16521704864087451799/ Frame 3635 93 KB
93 KB 68ms
31ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16521704864087451799/downsize_200k_v1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd4b21bf16796f8b1cdf801e048df3d36f3f05893b9e249ae871c1d6096c2ffd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sat, 19 Nov 2022 16:09:00 GMT
x-content-type-options: nosniff
age: 498243
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95418
x-xss-protection: 0
last-modified: Wed, 07 Sep 2022 08:04:54 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 19 Nov 2023 16:09:00 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5138588182162159514/ Frame 3635 193 KB
193 KB 92ms
57ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5138588182162159514/downsize_200k_v1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5d3260c728a6ca7f7a6dcac312981111c0c174e30590d6c2fa4e283b8f062cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 09:46:16 GMT
x-content-type-options: nosniff
age: 2807
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197320
x-xss-protection: 0
last-modified: Tue, 17 May 2022 09:08:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 25 Nov 2023 09:46:16 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/1809314668812461967/ Frame 3635 78 KB
78 KB 98ms
62ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1809314668812461967/downsize_200k_v1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1235d81875a51f31a89667b233bc97d0e0a1f30b9162c7fa64a3ac1159aa2e56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 00:39:09 GMT
x-content-type-options: nosniff
age: 208434
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 79884
x-xss-protection: 0
last-modified: Tue, 25 Oct 2022 14:21:48 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 00:39:09 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/4489447244828712068/ Frame 3635 97 KB
97 KB 84ms
48ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4489447244828712068/downsize_200k_v1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af5d717c4f973cf4908235043c879c4deb8cfdc2c6cde5a167a5be080874141d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 00:04:20 GMT
x-content-type-options: nosniff
age: 469723
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98903
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 10:47:02 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 20 Nov 2023 00:04:20 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/751516476816281718/ Frame 3635 37 KB
37 KB 59ms
23ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/751516476816281718/downsize_200k_v1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1154fe55b34e603bb549d3ff3abc7da93fd4221dda16c47f44e5bcd2d5215a7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 14:00:27 GMT
x-content-type-options: nosniff
age: 160356
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38339
x-xss-protection: 0
last-modified: Wed, 20 Jul 2022 13:35:55 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 14:00:27 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15664187174659265142/ Frame 3635 74 KB
74 KB 105ms
70ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15664187174659265142/downsize_200k_v1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b59c8bd0c6c6298fd94f1ad0f8161d8a90d6d58e506f0ed10a731d008b0407e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 18:06:18 GMT
x-content-type-options: nosniff
age: 59205
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75777
x-xss-protection: 0
last-modified: Sun, 22 Mar 2020 15:22:27 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 24 Nov 2023 18:06:18 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/7338254032652317758/ Frame 3635 152 KB
152 KB 100ms
70ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7338254032652317758/downsize_200k_v1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c2563302031840b7c7c661bc9f9a44ddb9a93cdbbc951dd8142560f52c6be80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 18:30:15 GMT
x-content-type-options: nosniff
age: 316968
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156022
x-xss-protection: 0
last-modified: Mon, 15 Jun 2020 12:27:24 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 21 Nov 2023 18:30:15 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/3249684619284996841/ Frame 3635 35 KB
35 KB 72ms
42ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3249684619284996841/downsize_200k_v1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1dfbdf2c18892f5b78223dad4346727eb1fbe9da0a476ca2f26a326e19678eaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 23:15:49 GMT
x-content-type-options: nosniff
age: 127034
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35813
x-xss-protection: 0
last-modified: Wed, 16 Nov 2022 09:57:08 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 23:15:49 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3635 0
0 66ms
66ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CSJbd35mAY8SLFOH5xgPYh6GoCoSSjMht49CRqOoQk6e0gJgOEAEgttfpeygIYJWCgICwB6ABmqrH9gHIAQaoAwHIAwKqBJECT9DCmw8Oki8pwwLN4kCGRLgyWLS5IU6JVUTPekev9C3E78Ir3l2meLSzCgpxEu5lj8lShkVkaOomno0I1t3g2uCpeH8QWDpn-Uv5_C_hV-0x-kC2_e8Dih66U5mhs11QS-SvSlVOqBBPJwDUfCM1cVGY3_zpMq0g0DV_WWpQHXRsReYRIrscreumLCKXjkTnGuf9lJ_fRrUoy_IxnVCHCuMdN-nsforJaGKiZBH9O93fj_56Jt4-q_eqzXzBmLbtO9BUrPsUzX6r1XtZzpuAlyjxNu4TCVM2pt4CVz77XJEsIGISr9gfWKazVUEXoiSvuQJE3MCQnyi9KXOE6C_jk0pg0hY7tXrLzH_FbTP3PXu_wASxuoyZnASSBQQIBBgBkgUECAUYBKAGN4AHxufEiQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBC_zgbSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDNAVAYAXAbIXHAoaCAASFHB1Yi01OTI4MTYxMDc0Nzc5MzgwGAA&sigh=z7Zod5n2Eoo&uach_m=[UACH]&cid=CAQSKQDq26N9I_hlQYpr2Ft1YeLWb6bQqRoLq3hMfGeAoPNLESsKOGSz_qsDGAEgEw&template_id=492

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3635 0
0 67ms
64ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CIZKM35mAY8SLFOH5xgPYh6GoCqT558xtqOaizqQQgau1iJQOEAIgttfpeygIYJWCgICwB6ABt5iBoijIAQapAoyvsUkNGXs-qAMByAMCqgSXAk_QpUlDF6gWmnAOo_hbgVOkOUqw5GxCi4L_yUpEorVhxOIh8OkDuniwsEMfcV70fojeTo1XYDWnKpzPSd3P5IauvHgmVVknPrFY6us491C0bulPq-HtGZwNrRlWQLGeqlgtLdvdOTAabyYhARO1t5C6eQIWAqo1zibuf7Fphe6C70fmEJNNH-3rhtjUlI6G588R_pSf_bNDK8vyMUimhArjH8If736KyZ-UoGQR_M4r3I7-etIoPav3qjiKwpi27c4mV6z7lDiIqdV7Wbttg5Yo8cMYEAlRNkYto-j5bl6RLTI6JRYW9194d5HR0IksTnqVCM7qXJgD8udNACmDYQVvUBfdrCZf8QTxSePzHuKloUmfs_Nsm8AE_9zCuo0EkgUECAQYAZIFBAgFGASgBjeAB_3Ypq0DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQv84G0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwzQFQGAFwGyFxwKGggAEhRwdWItNTkyODE2MTA3NDc3OTM4MBgA&sigh=UyYfPJXfoDo&uach_m=[UACH]&cid=CAQSKQDq26N9I_hlQYpr2Ft1YeLWb6bQqRoLq3hMfGeAoPNLESsKOGSz_qsDGAEgEw&template_id=492

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3635 0
0 67ms
64ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CVbnP35mAY8SLFOH5xgPYh6GoCqrups1tt62Jr5oRoe_N2ZcOEAMgttfpeygIYJWCgICwB6ABwfzC4CjIAQapAvRYLv7Td7E-qAMByAMCqgSUAk_Q2SIRF6kWmnAOo_hbgVOkOUqw5GxCi4L_yUpEorVhxOIh8OkDuniwsEMfcV70fojeTo1XYDWnKpzPSd3P5IauvHgmVVknPrFY6us491C0bulPq-HtGZwNrRlWQLGe0lstbdvOMTCdZfZ9yHwjTH1RmJz36TLkJM017F-fF-p37AETE1e4HGwehdnhl66z5O_k_5Rq_LO2KOsHMmhThwoWHMLq7Hx_yp1ho2Tk_8_e344LedPdPqsCqTh_wZhD7s7TVKwOlzh9qlWOWjqYgJfd8sPtEwmkNUbYougZarnQzy2ldqLL09ysfh0pS1MT1HD3mnA8ntCoLouS8Xcky5pkeB7ztK2aGFpW6XXaMvoZU5PXGMAE6uWuu5IEkgUECAQYAZIFBAgFGASgBjeAB8G0k8ADqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQv84G0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItNTkyODE2MTA3NDc3OTM4MBgA&sigh=fzmRiBAGJi0&uach_m=[UACH]&cid=CAQSKQDq26N9I_hlQYpr2Ft1YeLWb6bQqRoLq3hMfGeAoPNLESsKOGSz_qsDGAEgEw&template_id=492

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3635 0
0 70ms
67ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CQMDO35mAY8SLFOH5xgPYh6GoCqrK6Mxt5KOhi-YQkZnVrpMOEAQgttfpeygIYJWCgICwB6ABp5_BpCjIAQaoAwHIAwKqBJUCT9DOVBIXrhaacA6j-FuBU6Q5SrDkbEKLgv_JSkSitWHE4iHw6QO6eLCwQx9xXvR-iN5OjVdgNacqnM9J3c_khq68eCZVWSc-sVjq6zj3ULRu6U-r4e0ZnA2tGVZAsZ7SWy1t284xMMglig3JfCNMfVGYnPfpMuQkzTXsX58X6nfsARMTV7gcbB6F2eGXrrPk7-T_lGr8s7Yo6wcyaFOHChYcwursfH_KnWGjZOT_z97fjgt5090-qwKpOH_BmEPuztNUrA6XOH2qVY5aOpiAl93yw-0TCaQ1Rtii6BlqtK2BeKV2osvT3Kx-HdsdgWzUcPaaI3zWpasuw4OCdyTLDU1aHv-gPpAxTuniV9o87L1A7fvcO8AErLXPl5MEkgUECAQYAZIFBAgFGASgBjeAB6fXkYQDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQv84G0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItNTkyODE2MTA3NDc3OTM4MBgA&sigh=NeCRxF5Gs0o&uach_m=[UACH]&cid=CAQSKQDq26N9I_hlQYpr2Ft1YeLWb6bQqRoLq3hMfGeAoPNLESsKOGSz_qsDGAEgEw&template_id=492

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3635 0
0 70ms
68ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C-9Rj35mAY8SLFOH5xgPYh6GoCujP_bltm_b09J4Qjfi4gZ4yEAUgttfpeygIYJWCgICwB6ABzczukgHIAQapAirusN3IC10-qAMByAMCqgSpAk_QxHffDrIoo8O9r5ZBmlSzJUGi4DEPh4Aockx0obggiOIsEzI05GSwtEBWZF64ZJPZWZFccjH6Z5DNC5zE9oLy8m0mDBwmI-gQ-fgv4EazN7ZcpPzxG4Ybvg4cj1CcUaEtrFne-PIKouzgMHjqXWBRmOX76TKnL801pVuCF3lxGUbkENf86W5rhtkgYo1GJ-_ECJef_7G23cjyMWhzcgnjH8LqGX2KyZ1jVmcR_M7eKoz_etPcy6j3qjh_NJu27c7Toa_7lDh9X9Z7WTsYdZQp8cPt5gpRNkbYVev5bFxxy_gRTTr7FbihbdFfF0wkJiWurV7CZ3ZotYipFOHuUWvXUB5ECKDLwOTGwVfaPOu9TOOJngepjWi9rWXnkxIrl0g7i1TYoNgUbsAEzdDCwIYEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBjeAB5uzke0CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQv84G0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItNTkyODE2MTA3NDc3OTM4MBgA&sigh=nmbudhmTkm0&uach_m=[UACH]&cid=CAQSKQDq26N9I_hlQYpr2Ft1YeLWb6bQqRoLq3hMfGeAoPNLESsKOGSz_qsDGAEgEw&template_id=492

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3635 0
0 67ms
65ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CKoe335mAY8SLFOH5xgPYh6GoCqi80IZtj4Ch__EO1diN1JQOEAYgttfpeygIYJWCgICwB6ABjezk2QLIAQapAgQOomkHLak-qAMByAMCqgSYAk_Q-jgbF68WmnAOo_hbgVOkOUqw5GxCi4L_yUpEorVhxOIh8OkDuniwsEMfcV70fojeTo1XYDWnKpzPSd3P5IauvHgmVVknPrFY6us491C0bulPq-HtGZwNrRlWQLGeqlgtLdvdOTAabyZZOzaYt5C6eQIWAqo1zibuf7Fphe6C70fmEJNNH-3rhtjUlI6G588R_pSf_bNDK8vyMUimhArjH8If736KyZ-UoGQR_M4r3I7-etIoPav3qjiKwpi27c4mV6z7lDiIqdV7Wbttg5Yo8cMYEAlRNkYto-j5bl6RLWIgLwMU9194d5HR0Ikspv7qCM7rXLsgydtzAAeaSHNuULn2jiZT5dSZXN46FMClr19pwrBsVkDABLC-nczmA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAY3gAfbk5umAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEL_OBtIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMNiBQI0BUBgBcBshccChoIABIUcHViLTU5MjgxNjEwNzQ3NzkzODAYAA&sigh=r9doM8krR_c&uach_m=[UACH]&cid=CAQSKQDq26N9I_hlQYpr2Ft1YeLWb6bQqRoLq3hMfGeAoPNLESsKOGSz_qsDGAEgEw&template_id=492

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3635 0
0 68ms
66ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CeOsF35mAY8SLFOH5xgPYh6GoCquV_MxtqebT8PEQvPigxuk2EAcgttfpeygIYJWCgICwB6ABuJiL-wLIAQaoAwHIAwKqBJgCT9DcGBQXrRaacA6j-FuBU6Q5SrDkbEKLgv_JSkSitWHE4iHw6QO6eLCwQx9xXvR-iN5OjVdgNacqnM9J3c_khq68eCZVWSc-sVjq6zj3ULRu6U-r4e0ZnA2tGVZAsZ6qWC0t2905MA1vJjp9A_y2kLp5AhYCqjXOJu5_sWmF7oLvR-YQk00f7euG2NSUjobnzxH-lJ_9s0Mry_IxSKaECuMfwh_vforJn5SgZBH8zivcjv560ig9q_eqOIrCmLbtziZXrPuUOIip1XtZu22DlijxwxgQCVE2Ri2j6PluXpEtSmkEIBT3X3h3kdHQiSAcQuoIzutc10Du1EgAWtE3BW9QvvWOJlPl1MQXoUwVwKWvX2mu0EtZe8AE3dnUiJQEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBjeAB7Dn9IQBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQv84G0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItNTkyODE2MTA3NDc3OTM4MBgA&sigh=7pyTvazikNU&uach_m=[UACH]&cid=CAQSKQDq26N9I_hlQYpr2Ft1YeLWb6bQqRoLq3hMfGeAoPNLESsKOGSz_qsDGAEgEw&template_id=492

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3635 0
0 68ms
66ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CYBAP35mAY8SLFOH5xgPYh6GoCqHX8Yds3beZ5McQ2dkeEAggttfpeygIYJWCgICwB6ABjoS93QPIAQapAqBFs2e-vI0-qAMByAMCqgSUAk_Qrm0uF6IWmnAOo_hbgVOkOUqw5GxCi4L_yUpEorVhxOIh8OkDuniwsEMfcV70fojeTo1XYDWnKpzPSd3P5IauvHgmVVknPrFY6us491C0bulPq-HtGZwNrRlWQLGe0lstbdvOMTDNOqZX0HwjTH1RmJz36TLkJM017F-fF-p37AETE1e4HGwehdnhl66z5O_k_5Rq_LO2KOsHMmhThwoWHMLq7Hx_yp1ho2Tk_8_e344LedPdPqsCqTh_wZhD7s7TVKwOlzh9qlWOWjqYgJfd8sPtEwmkNUbYougZav24kMdGkXvRk1JruxXbHcG2RFndXSNQ0G2_hMejh8klO5lkeB7ztIyUEUtX6XXaMvpiQMH9FMAE_7XizqQEkgUECAQYAZIFBAgFGASgBjeAB8v-qTioB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBC_zgbSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDYgUAtAVAZgWAYAXAbIXHAoaCAASFHB1Yi01OTI4MTYxMDc0Nzc5MzgwGAA&sigh=jIOBDe3gYsk&uach_m=[UACH]&cid=CAQSKQDq26N9I_hlQYpr2Ft1YeLWb6bQqRoLq3hMfGeAoPNLESsKOGSz_qsDGAEgEw&template_id=492

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 25 Nov 2022 10:33:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4B22 1 KB
643 B 21ms
19ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 85737
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 24 Nov 2022 10:44:06 GMT
etag: 48472445140208031
expires: Fri, 25 Nov 2022 10:44:06 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3635 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8801400aab5c9d32dd9f98ecc4f3bd151783dc72d66bd33c53c1c161d10eadb3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame D7EF 35 B
463 B 85ms
20ms Image
image/gif 2620:116:800d:21:93ca:31d8:d86e:38f6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECHCUmpBCXcuQbzIjmcu3aA&google_cver=1&google_push=ASkJ3Fbbj-6e2FKS6e5puQtxj_8PKCrzLyIwGgdPJDhvBjOWeqjSresqQAFCNQWYzn1gEsq06B7xrqUnQaxK-dca-Ubk6Qguf79q

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:93ca:31d8:d86e:38f6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D7EF
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEM4xK9UlNFw9h-s7bsUV69k&google_cver=1&google_push=ASkJ3FYc_2hQxn3DDM2AbN4Qln95MTlZ4iy4LoWllFH_7ZlJxGb-6W2UOqRoarQ3fefGBi6xNbYwsj1APdr32Ud1AlgYYmMD7k-2
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FYc_2hQxn3DDM2AbN4Qln95MTlZ4iy4LoWllFH_7ZlJxGb-6W2UOqRoarQ3fefGBi6xNbYwsj1APdr32Ud1AlgYYmMD7k-2&google_hm=Q0FFU0VNNHhLOVVsTkZ3O...

170 B
188 B

72ms
30ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FYc_2hQxn3DDM2AbN4Qln95MTlZ4iy4LoWllFH_7ZlJxGb-6W2UOqRoarQ3fefGBi6xNbYwsj1APdr32Ud1AlgYYmMD7k-2&google_hm=Q0FFU0VNNHhLOVVsTkZ3OWgtczdic1VWNjlr

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 25 Nov 2022 10:33:03 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FYc_2hQxn3DDM2AbN4Qln95MTlZ4iy4LoWllFH_7ZlJxGb-6W2UOqRoarQ3fefGBi6xNbYwsj1APdr32Ud1AlgYYmMD7k-2&google_hm=Q0FFU0VNNHhLOVVsTkZ3OWgtczdic1VWNjlr
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 451 466606.gif
id.rlcdn.com/ Frame D7EF 0
98 B 86ms
34ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DASkJ3FbFzTZUFCZNTIB0UvLp0-BQdt7MZXxgYigUh1781JzSYUn7Vcyw7y2lWUb-SfM527mli827uekLXqpZsTa-4w6h9DGatR5T&google_gid=CAESEEU1HudHLAg1fAK_YTmCpA8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=8387108948&adk=2217422274&adf=2933161405&pi=t.ma~as.8387108948&w=350&fwrn=4&fwrnh=100&lmt=1669299560&rafmt=1&format=350x280&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383009&bpp=1&bdt=188&idt=245&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1023&ady=1336&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=T0AvjyHGp5&p=https%3A//cybernews.com&dtd=250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D7EF
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3Fb7Bj3D...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3Fb7Bj3D...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjExMjUxMDMzMDQwMDAxMzkwMTc5NTIxNg%3D%3D&google_push=ASkJ3Fb7Bj3Dy3NHSBzJJPdvTFCwtB0EZv3QMFLwDlOK1PmEG9mXCNjrTbl9fOYNoBFkrf...

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjExMjUxMDMzMDQwMDAxMzkwMTc5NTIxNg%3D%3D&google_push=ASkJ3Fb7Bj3Dy3NHSBzJJPdvTFCwtB0EZv3QMFLwDlOK1PmEG9mXCNjrTbl9fOYNoBFkrf0-G9xg2Xmvl0DrAzWQPDtxthV90Ld6

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjExMjUxMDMzMDQwMDAxMzkwMTc5NTIxNg%3D%3D&google_push=ASkJ3Fb7Bj3Dy3NHSBzJJPdvTFCwtB0EZv3QMFLwDlOK1PmEG9mXCNjrTbl9fOYNoBFkrf0-G9xg2Xmvl0DrAzWQPDtxthV90Ld6
pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Fri, 25 Nov 2022 10:33:04 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame D7EF 43 B
351 B 85ms
32ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESED93WqtwMfx39txvteUeUUM&google_cver=1&google_push=ASkJ3FaDWe4gyDbQIJ0YsX6sNT2K1m4xflgWMbcYVZMa12uPEFZBLnOKs29ic1G1uJOj-75BcCz8Pkfzl6wQURDpaJk64czq_83J
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=8387108948&adk=2217422274&adf=2933161405&pi=t.ma~as.8387108948&w=350&fwrn=4&fwrnh=100&lmt=1669299560&rafmt=1&format=350x280&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383009&bpp=1&bdt=188&idt=245&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1023&ady=1336&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=T0AvjyHGp5&p=https%3A//cybernews.com&dtd=250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 85eb8lm1nkmdjgdge1r3itjprg4ge1ff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D7EF
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEERaNq4kQerTv2yqx1Axffc&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEERaNq4kQerTv2yqx1Axffc&google_push=AS...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEERaNq4kQerTv2yqx1Axffc&google_hm=Y4CZ4CrLLq8ZOheI0ps0FgAABLMAAAIB&google_nid=index&google_push=ASkJ3FZcf8dLntWRKj-Yv5UPiyhIEK0MQDj8j...

170 B
188 B

31ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEERaNq4kQerTv2yqx1Axffc&google_hm=Y4CZ4CrLLq8ZOheI0ps0FgAABLMAAAIB&google_nid=index&google_push=ASkJ3FZcf8dLntWRKj-Yv5UPiyhIEK0MQDj8joswODsTUlWUSXv7gbWxQsChmmOnxiMBTIGHEwm_7lHcekNYmfoINxfClZ9koxE

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l6XBvj6pFi5FEJQgp0pkEe49IFKcvz11aDaMxcfG3meQIcmiSq2zXGuK8OJ12JotOJXppoSYZRP%2FADXj416nGyVP6K39tqdlfR1H%2BGIrha9zDKt5M5FNJbIhiRhkY07iFr9y1prdq7q5qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEERaNq4kQerTv2yqx1Axffc&google_hm=Y4CZ4CrLLq8ZOheI0ps0FgAABLMAAAIB&google_nid=index&google_push=ASkJ3FZcf8dLntWRKj-Yv5UPiyhIEK0MQDj8joswODsTUlWUSXv7gbWxQsChmmOnxiMBTIGHEwm_7lHcekNYmfoINxfClZ9koxE
cache-control: no-cache
cf-ray: 76f9b95918e89b77-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET googleredir
googlecm.hit.gemius.pl/ Frame D7EF 0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame D7EF 0
223 B 90ms
28ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LwJYt0ghsrs7rxuZdw5QIrvnns0iux1tzY63AJ-IDWT5elcx45CMAV30zjAMcA1rFhOUyHyw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 4B22 35 B
462 B 65ms
21ms Image
image/gif 2620:116:800d:21:93ca:31d8:d86e:38f6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEXEr0RYBpiK65A0wbY-7yw&google_cver=1&google_push=ASkJ3FbB2aiuQfTiv8hrCWkD2xfZOfFchCJtQlhTv6YMOX3G0WD6hz9n4k0cLNJ1SuW-ViTC6KQ3g-PNS09nnC8DbpGsMisIuy80

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:93ca:31d8:d86e:38f6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4B22
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3FaJdAs5...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3FaJdAs5...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjExMjUxMDMzMDQwMDAxNTc3ODkxMjgxNw%3D%3D&google_push=ASkJ3FaJdAs5okREDnq8wiiuM1R4tU5jxQKXVO3_lWsTDReIoRAB3fzOQbLtPc_k3UDMgV...

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjExMjUxMDMzMDQwMDAxNTc3ODkxMjgxNw%3D%3D&google_push=ASkJ3FaJdAs5okREDnq8wiiuM1R4tU5jxQKXVO3_lWsTDReIoRAB3fzOQbLtPc_k3UDMgVwlX9lPwBAfqBSNxzq1J6b7MaQ9fbdVXQ

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjExMjUxMDMzMDQwMDAxNTc3ODkxMjgxNw%3D%3D&google_push=ASkJ3FaJdAs5okREDnq8wiiuM1R4tU5jxQKXVO3_lWsTDReIoRAB3fzOQbLtPc_k3UDMgVwlX9lPwBAfqBSNxzq1J6b7MaQ9fbdVXQ
pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Fri, 25 Nov 2022 10:33:04 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 4B22 43 B
135 B 66ms
32ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEOi8ymdU0ZfmCxJpIj6e9TI&google_cver=1&google_push=ASkJ3FaZ03w7Rn4NSgP62_d-2dilKBdIJs6eDLj70jl58cZwN-M-g-PhSmngq4zgsp6ZBGRaWl1Z0LttA2hFnn-_fLzyjK8tkeIjJw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:03 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 8mkikt64mid4nq5c5b0ktrk1tn1n15jq

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4B22
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=76tsxQ90Rxewd-ykCb99RA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

32ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=76tsxQ90Rxewd-ykCb99RA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FbUDtPwwZd6eQ9Rx01bnx15rwnH5G9ZZh6dAgtqudFXOthfBtYtal5IGWVvgTJI87eFe6EjPU1ckjBWoQ1EWKg_V-9N3_hq

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=76tsxQ90Rxewd-ykCb99RA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ASkJ3FbUDtPwwZd6eQ9Rx01bnx15rwnH5G9ZZh6dAgtqudFXOthfBtYtal5IGWVvgTJI87eFe6EjPU1ckjBWoQ1EWKg_V-9N3_hq
date: Fri, 25 Nov 2022 10:33:03 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4B22
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEP6S-YXfl5FaAiUgKR89dZU&google_cver=1&google_push=ASkJ3FbVLn89E7mebn5y1qtey1spONauT09DsFw-UBhqhBCAv1Ns4ewsczw5Y8s_T336gxcWV_W...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEFXRDdSRDEtSy1NMEk0&google_push=ASkJ3FbVLn89E7mebn5y1qtey1spONauT09DsFw-UBhqhBCAv1Ns4ewsczw5Y8s_T336gxcWV_W1MAH0qUoJZhphg6A6u9Liob7iVw

170 B
188 B

49ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEFXRDdSRDEtSy1NMEk0&google_push=ASkJ3FbVLn89E7mebn5y1qtey1spONauT09DsFw-UBhqhBCAv1Ns4ewsczw5Y8s_T336gxcWV_W1MAH0qUoJZhphg6A6u9Liob7iVw

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEFXRDdSRDEtSy1NMEk0&google_push=ASkJ3FbVLn89E7mebn5y1qtey1spONauT09DsFw-UBhqhBCAv1Ns4ewsczw5Y8s_T336gxcWV_W1MAH0qUoJZhphg6A6u9Liob7iVw
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4B22
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKYrvpJEJhhCSCc9uE-Frlc&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEKYrvpJEJhhCSCc9uE-Frlc&google_push=AS...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEKYrvpJEJhhCSCc9uE-Frlc&google_hm=Y4CZ4CrLLq8ZOheI0ps0FgAABLMAAAIB&google_nid=index&google_push=ASkJ3FZ0TbUlefE0ncK7NvkE11m8048rTRqTC...

170 B
188 B

32ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEKYrvpJEJhhCSCc9uE-Frlc&google_hm=Y4CZ4CrLLq8ZOheI0ps0FgAABLMAAAIB&google_nid=index&google_push=ASkJ3FZ0TbUlefE0ncK7NvkE11m8048rTRqTCkH2dXwatG9fUR9M3ZE1mI1U1kkeJ683Y1YxTjncVoobTZwwuJFJFPUDJ3iKxHdS2Q

Requested by

Host: cybernews.com
URL: https://cybernews.com/news/att-hit-everest-ransomware/

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FhLkuAARunpJEvZc%2FyAT0k5S%2FXRrxAHNMNLJ2%2FZvR8nH1H6euWCczFHhLVP1x4P3%2F3Cp7D3z4q%2FbcZWg84Dm9XdRUz1kySu3uHMHIVioYMXLwIAupcorxvk%2BMkh5eNPxLGpF63xesdUHog%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEKYrvpJEJhhCSCc9uE-Frlc&google_hm=Y4CZ4CrLLq8ZOheI0ps0FgAABLMAAAIB&google_nid=index&google_push=ASkJ3FZ0TbUlefE0ncK7NvkE11m8048rTRqTCkH2dXwatG9fUR9M3ZE1mI1U1kkeJ683Y1YxTjncVoobTZwwuJFJFPUDJ3iKxHdS2Q
cache-control: no-cache
cf-ray: 76f9b95908dc9b77-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 200 trk
ag.innovid.com/ Frame 4B22 43 B
297 B 239ms
35ms Image
image/gif 2a05:d01c:1d8:8100:3d7c:b3e5:1d0f:44c5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEClFHbH8uFf3ntkWj8-xzbA&google_cver=1&google_push=ASkJ3FbLvqWgzUWBDhVr-9khGQkZS1pujFi4Yg-zrXoZY0Vk6l0vHB33BIteCZeeGZH6MC_lxp_YSUymk37AjImWt5SFMlY4WdF-QQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=449&slotname=9389059806&adk=2231312788&adf=1287507746&pi=t.ma~as.9389059806&w=749&cr_col=4&cr_row=2&fwrn=2&lmt=1669299560&rafmt=9&format=749x449&url=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669372383010&bpp=1&bdt=189&idt=255&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C350x280&nras=1&correlator=3691892219548&frm=20&pv=1&ga_vid=153206492.1669372382&ga_sid=1669372383&ga_hid=407573065&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2343&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531706&oid=2&pvsid=3147138421421657&tmod=311006598&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=aJgqROWFDR&p=https%3A//cybernews.com&dtd=260
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8100:3d7c:b3e5:1d0f:44c5 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 25 Nov 2022 10:33:04 GMT
cache-control: no-cache
content-length: 43
request-time: 1
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 4B22 0
40 B 72ms
28ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IFW-oktTio34o09WIHAx9KEsp8LPEB91SeHTpf1K7mQoyHEG2enEjmH4mkpqMAgdnJfDth

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 307F 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5fd33c1bc5ac9e517cae525b10307381ab1b5a70793a72b599a7e32a6853837b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.25/one-ad/ Frame 83EC 89 KB
12 KB 83ms
55ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.25/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jnf4rbmbt4ex0h36a02c2am1aja16bs0thgdyd2b2a44yw3aa9qc8ztapd80a7xnvghpy7da5bzrryqjrf887sa6vy2smp54bytrmcbbswf0whp6wtg37d9k5xxry1tdqh18avh7f9gm8v72c6e5a3q83vyxna7k4n0s94yv3vy90tj99sv09v4pvfz28xfry5svwwafyg9468cqrw6b3f93cmkwa170sc5eqwjwe4n58ev5n9a67daxn42yx2234pnpganw6zsw6pv6s42xd5952d4jjbvcn2ywsnz2cxgm5fj8yftc9vj11npdrknt9c9gyq9re7h8v2dczyr7hd4484f58k4qkrcpgcbn68xm6rv599ns3e66cebkfwn1fpv6rsb7w4a5a7qhb6qdn7bkx7xkm55r3b88qjsbs93tk4z9m3k2&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%26client%3Dca-pub-5928161074779380%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ab995345cf38f3951bc840ab2c0d043269e700e59f1c6d6cb7fb8946268b358

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1jnf4rbmbt4ex0h36a02c2am1aja16bs0thgdyd2b2a44yw3aa9qc8ztapd80a7xnvghpy7da5bzrryqjrf887sa6vy2smp54bytrmcbbswf0whp6wtg37d9k5xxry1tdqh18avh7f9gm8v72c6e5a3q83vyxna7k4n0s94yv3vy90tj99sv09v4pvfz28xfry5svwwafyg9468cqrw6b3f93cmkwa170sc5eqwjwe4n58ev5n9a67daxn42yx2234pnpganw6zsw6pv6s42xd5952d4jjbvcn2ywsnz2cxgm5fj8yftc9vj11npdrknt9c9gyq9re7h8v2dczyr7hd4484f58k4qkrcpgcbn68xm6rv599ns3e66cebkfwn1fpv6rsb7w4a5a7qhb6qdn7bkx7xkm55r3b88qjsbs93tk4z9m3k2&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%26client%3Dca-pub-5928161074779380%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1669235721
age: 135285
cf-polished: origSize=91628
x-guploader-uploadid: ADPycdtnqpkBC2eNpIttCC4X9D-yrOoXK0HfmyiASnHmc5dpKNlZrWHuml5v2FihfATK0UIibbwmZ2MH5YrFqJYKDzRy-A
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 23 Nov 2022 20:35:56 GMT
server: cloudflare
etag: W/"575def06e70febb0cbd25403e37880bf"
vary: Accept-Encoding
x-goog-generation: 1669235756372606
content-type: text/css
x-goog-hash: crc32c=ttlcew==, md5=V13vBucP67DL0lQD43iAvw==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1W7%2F0pTJV1Sk9K2iGZU5AX6cqS3PmUFUntYMrMqc0uD%2Bjf6Bbc%2BMW8e502SZaECP0fXY2Dcn%2FRcY0NFJCqjlTG8gMKDrivUvMVnQUCUWtMudde3j9DiAB%2BKmyvKIlrkETX6ZHUmIm5U%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 91628
cf-ray: 76f9b9583fb69158-FRA
expires: Fri, 25 Nov 2022 11:33:04 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 83EC 35 KB
12 KB 59ms
45ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jnf4rbmbt4ex0h36a02c2am1aja16bs0thgdyd2b2a44yw3aa9qc8ztapd80a7xnvghpy7da5bzrryqjrf887sa6vy2smp54bytrmcbbswf0whp6wtg37d9k5xxry1tdqh18avh7f9gm8v72c6e5a3q83vyxna7k4n0s94yv3vy90tj99sv09v4pvfz28xfry5svwwafyg9468cqrw6b3f93cmkwa170sc5eqwjwe4n58ev5n9a67daxn42yx2234pnpganw6zsw6pv6s42xd5952d4jjbvcn2ywsnz2cxgm5fj8yftc9vj11npdrknt9c9gyq9re7h8v2dczyr7hd4484f58k4qkrcpgcbn68xm6rv599ns3e66cebkfwn1fpv6rsb7w4a5a7qhb6qdn7bkx7xkm55r3b88qjsbs93tk4z9m3k2&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%26client%3Dca-pub-5928161074779380%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9624c9f30634be84a224d007e5df178a51107bff3e456e2a90b504cbf350d190

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 22 Nov 2022 06:17:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 274488
etag: W/"49e3b0ffd5e74f27b691e89cf271d672"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7sA3quBRCfIxsNi3%2FiLb6LCMEmcInRNwx%2Fd2PRP%2BrA2W84vQm8U495I9tviNX1Oe0AFCA90QyJX5SrgjAfStFRvgeepHsbEHP3Y4p6Eh73PoUItT%2BKEYlR7STcfg2rCnhAGkuHs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 76f9b9582887bbd1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Tue, 22 Nov 2022 06:18:06 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 83EC 3 KB
4 KB 114ms
51ms Image
image/png 2606:4700:20::ac43:444e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.25/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:444e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 26276666
x-guploader-uploadid: ADPycdvwP-NwgXqNEbyI2qkcz3h5-Ehsvrbo1BzPr2w5R7YEx4A4494G82MbZGb67-CgTESrTtVZjLf5PX4N9CeItuw
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1623242114099744
content-type: image/png
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zQ6T1JI3cCo6%2BLJFQojkKgGXrhsO9I70Y7%2B1j80z2%2FwgQuUmOcqIUEpbC511SjsGWXBl4Wome694xuXql3zn%2F9LcZOGVb%2FkifzdefIYW8aXca5tnh3GHJm5CwVjBBsDCtnQDuSro8W62YR6PROh8ImAp"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 76f9b959bd04901c-FRA
expires: Wed, 25 Jan 2023 07:28:38 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame 7B52 2 KB
1 KB 32ms
32ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2557671
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 76f9b9595a139158-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Fri, 25 Nov 2022 10:33:04 GMT
expires: Wed, 26 Oct 2022 21:05:13 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4tENYU19u%2FXoWCcQKl2gE2a82dcQWyzSjvoAXSjJTUYpQbKTA%2BnB6hr0E4CdcLbGgCStLlLWbGmjYidCqQ7hXlzuRNqDA7PbJKTbE7WzD1VxzvrqprfmNfdMNC0BY2A4cSG%2BBus%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

POST
H3 200 rs Show response
ad4m.at/ Frame 83EC 2 KB
2 KB 53ms
53ms XHR
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 252583d275950566d9b7eb80b64fde90f81cc4741b5d0eef1b85213fade5c729

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GNgSW95NBX1ChbLPV9fDEg475VBkIFWGTp9JlVXAurXYnwCPwkeYJ7ucXIPxadn8EcwUKdikrlYBii%2FkVxsmKVKqxUQAPSchLk0j%2Fnd5%2FkvQi3w%2FPblmldCFXAj0hgk7r7qHfwI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 76f9b95a3cbabb43-FRA
x-backend-server: aa-reachservice-group-europe-west1-ktgt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 93ms
61ms Preflight
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 76f9b959cc0dbb43-FRA
content-length: 24
content-type: text/plain
date: Fri, 25 Nov 2022 10:33:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BTnMCJJY9axrbEKj%2FLtD%2FjxM%2BXThVZq%2BcsFLoWSSDk9Z5t%2FXfiJvCb0ndJ1p1lf0cd%2F%2Ffxa9%2B9M0JJXRjAN8NF1wIDdM4PRN1fMAP0GEymjgQxj9bLUO7Sf5LmrONzTLpgL3b3k%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-v578

GET
H2 200 web Show response
onesignal.com/api/v1/sync/7bd8b78e-a560-4299-8e32-a71a9be1ded8/ 3 KB
2 KB 53ms
41ms Script
text/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/7bd8b78e-a560-4299-8e32-a71a9be1ded8/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27260cf83d808862877891d23257234645a5372551839b2004aa21d9d0473cf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
age: 2468
cf-polished: origSize=3367
status: 200 OK
x-envoy-upstream-service-time: 29
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 6b48d4e8-cdd9-403a-bd82-4cb27b85a296
x-runtime: 0.027255
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"453e07ede4974ca6be814580a63a8e4f"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 76f9b95a1a229066-FRA
access-control-allow-headers: SDK-Version
expires: Fri, 25 Nov 2022 11:33:04 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 110ms
69ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221110&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb2b425ad0ecbed7e2bd79ae31ce09edbf9cfd4cdfc65b79eb0f68b1607a10df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11316
x-xss-protection: 0

GET
H3 200 search-16d3f70ea0.js Show response
cybernews.com/js/ 7 KB
3 KB 67ms
66ms Script
application/javascript 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybernews.com/js/search-16d3f70ea0.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/js/base-9058b41af4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

258df724525d8ce0647be578471e40bb35b59ccc04e95c5bba0e71669327bc5c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
content-security-policy: default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
age: 73732
cf-polished: origSize=6857
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 24 Nov 2022 09:32:09 GMT
cf-bgj: minify
server: cloudflare
etag: W/"637f3a19-1ac9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 76f9b95a0d3290b8-FRA
expires: Fri, 25 Nov 2022 14:33:04 GMT

GET
H3 200 links-bar-2f0410a89a.js Show response
cybernews.com/js/ 1 KB
1 KB 132ms
132ms Script
application/javascript 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybernews.com/js/links-bar-2f0410a89a.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/js/base-9058b41af4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

685587735a092c1429b2851bd2d5e546706af083d78ab19d7b50da23f1dfba8e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
content-security-policy: default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
age: 73732
cf-polished: origSize=1415
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 24 Nov 2022 09:32:09 GMT
cf-bgj: minify
server: cloudflare
etag: W/"637f3a19-587"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 76f9b95a0d3490b8-FRA
expires: Fri, 25 Nov 2022 14:33:04 GMT

GET
H3 200 scroll-up-703df50bb8.js Show response
cybernews.com/js/ 510 B
830 B 77ms
77ms Script
application/javascript 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybernews.com/js/scroll-up-703df50bb8.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/js/base-9058b41af4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4007eabc93dc10a06020c1e2835213fa0dfc50de0bbdd4cb94b3f3a7aadf82e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
content-security-policy: default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
age: 73738
cf-polished: origSize=511
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 24 Nov 2022 09:32:09 GMT
cf-bgj: minify
server: cloudflare
etag: W/"637f3a19-1ff"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 76f9b95a0d3790b8-FRA
expires: Fri, 25 Nov 2022 14:33:04 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 19ms
19ms Image
image/gif 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=407573065&t=event&ni=1&_s=1&dl=https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F&ul=en-us&de=UTF-8&dt=Everest%20ransom%20group%20adds%20AT%26T%20to%20its%20victim%20list%20%7C%20Cybernews&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2Fnews%2Fatt-hit-everest-ransomware%2F&el=25%25&_u=aDDAAEABAAAAACAAI~&jid=&gjid=&cid=153206492.1669372382&tid=UA-149779697-1&_gid=669699561.1669372383&cd1=Jurgita%20Lapienyt%C4%97&cd2=News&cd3=Editorial&gtm=2wgb90KMWQ6GT&cg1=News&cg2=Editorial&cd6=2022-11-25T10%3A33%3A04.324Z&z=1890699279

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Nov 2022 09:43:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 3002
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 37ms
37ms Stylesheet
text/css 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1308
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 76f9b95a7c84bbd3-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 25 Dec 2022 10:33:04 GMT

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 5D72 10 KB
4 KB 39ms
39ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=300&d=250&e=&g=d47fa36164ca89098b802a91568f96b8%2F8479885452760686459&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1669372384375&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jhwp3tp7pp2aec6q3d2z2zj8pv49mwjvcm1haz9ratj4djyc2m8gxkzqnswgps2fxreks2aktcx4nzjf80e188rcr1z7whrbz0b5b0rxpgwgkh1gbj0t8c0xzrf1s89prjwwr4518z9ne4s2r95mg2qq2ne8wwj97wyfa1ncw0aqbn5ppasd5jd2ahac1bwsdd5va93j34dkxxjp2120nd14rp66a1vx0pp3h404ykk3mxdmb09dch03zwvex9753z3nyzqkmd5tsbetdpg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%2526client%253Dca-pub-5928161074779380%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33564d35b434dc62f7d02bcb752cf1cadf7dba32887c0e50d3bba02a3996b1eb

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1jnf4rbmbt4ex0h36a02c2am1aja16bs0thgdyd2b2a44yw3aa9qc8ztapd80a7xnvghpy7da5bzrryqjrf887sa6vy2smp54bytrmcbbswf0whp6wtg37d9k5xxry1tdqh18avh7f9gm8v72c6e5a3q83vyxna7k4n0s94yv3vy90tj99sv09v4pvfz28xfry5svwwafyg9468cqrw6b3f93cmkwa170sc5eqwjwe4n58ev5n9a67daxn42yx2234pnpganw6zsw6pv6s42xd5952d4jjbvcn2ywsnz2cxgm5fj8yftc9vj11npdrknt9c9gyq9re7h8v2dczyr7hd4484f58k4qkrcpgcbn68xm6rv599ns3e66cebkfwn1fpv6rsb7w4a5a7qhb6qdn7bkx7xkm55r3b88qjsbs93tk4z9m3k2&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%26client%3Dca-pub-5928161074779380%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 76f9b95a8c9b9158-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 10:33:04 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 289ms
289ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 25 Nov 2022 10:33:04 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.25/one-ad/ Frame 5D72 89 KB
11 KB 44ms
44ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.25/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=300&d=250&e=&g=d47fa36164ca89098b802a91568f96b8%2F8479885452760686459&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1669372384375&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jhwp3tp7pp2aec6q3d2z2zj8pv49mwjvcm1haz9ratj4djyc2m8gxkzqnswgps2fxreks2aktcx4nzjf80e188rcr1z7whrbz0b5b0rxpgwgkh1gbj0t8c0xzrf1s89prjwwr4518z9ne4s2r95mg2qq2ne8wwj97wyfa1ncw0aqbn5ppasd5jd2ahac1bwsdd5va93j34dkxxjp2120nd14rp66a1vx0pp3h404ykk3mxdmb09dch03zwvex9753z3nyzqkmd5tsbetdpg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%2526client%253Dca-pub-5928161074779380%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ab995345cf38f3951bc840ab2c0d043269e700e59f1c6d6cb7fb8946268b358

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=300&d=250&e=&g=d47fa36164ca89098b802a91568f96b8%2F8479885452760686459&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1669372384375&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jhwp3tp7pp2aec6q3d2z2zj8pv49mwjvcm1haz9ratj4djyc2m8gxkzqnswgps2fxreks2aktcx4nzjf80e188rcr1z7whrbz0b5b0rxpgwgkh1gbj0t8c0xzrf1s89prjwwr4518z9ne4s2r95mg2qq2ne8wwj97wyfa1ncw0aqbn5ppasd5jd2ahac1bwsdd5va93j34dkxxjp2120nd14rp66a1vx0pp3h404ykk3mxdmb09dch03zwvex9753z3nyzqkmd5tsbetdpg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%2526client%253Dca-pub-5928161074779380%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1669235721
age: 135285
cf-polished: origSize=91628
x-guploader-uploadid: ADPycdtnqpkBC2eNpIttCC4X9D-yrOoXK0HfmyiASnHmc5dpKNlZrWHuml5v2FihfATK0UIibbwmZ2MH5YrFqJYKDzRy-A
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 23 Nov 2022 20:35:56 GMT
server: cloudflare
etag: W/"575def06e70febb0cbd25403e37880bf"
vary: Accept-Encoding
x-goog-generation: 1669235756372606
content-type: text/css
x-goog-hash: crc32c=ttlcew==, md5=V13vBucP67DL0lQD43iAvw==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2BOh5UeQeZ21SU66EEqsvCsPfAF7C7HPx3maVefsFaC6vpv8epsBW7QSDMPmrS%2BDolcsXrrpPsSkvFHfymzitQN1m0PfG9PR4HBUg7bWU4Vucem7bHbE0PqYgFPjleOGuII4jrsUKoo%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 91628
cf-ray: 76f9b95add329158-FRA
expires: Fri, 25 Nov 2022 11:33:04 GMT

GET
H2 200 D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame 5D72 53 KB
54 KB 70ms
57ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=300&d=250&e=&g=d47fa36164ca89098b802a91568f96b8%2F8479885452760686459&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1669372384375&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jhwp3tp7pp2aec6q3d2z2zj8pv49mwjvcm1haz9ratj4djyc2m8gxkzqnswgps2fxreks2aktcx4nzjf80e188rcr1z7whrbz0b5b0rxpgwgkh1gbj0t8c0xzrf1s89prjwwr4518z9ne4s2r95mg2qq2ne8wwj97wyfa1ncw0aqbn5ppasd5jd2ahac1bwsdd5va93j34dkxxjp2120nd14rp66a1vx0pp3h404ykk3mxdmb09dch03zwvex9753z3nyzqkmd5tsbetdpg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%2526client%253Dca-pub-5928161074779380%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 55084
cf-polished: origFmt=png, origSize=115129
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 54564
cf-bgj: imgq:85,h2pri
last-modified: Tue, 09 Feb 2021 15:11:24 GMT
server: cloudflare
etag: "0a277d59efca0369a6983645e273659e"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t34hZQuiFa5qghqJnWQbV%2BQVsHISabnOkvwrfO6VEhTyYFfsU0fX%2BiwBQ%2BFgzYwoHrcojY6sOpjdA4jCf4wdSSuWDevUxGzjJNKAx3bOnlYG35%2FlURhEjJdlj6J%2FWDjkZSt9prCN8QoBRo9h"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 76f9b95afeaabbd1-FRA
expires: Sat, 26 Nov 2022 10:33:04 GMT

GET
H2 200 3778CF797E3A529087D97C23A5BCA9FADE012AB01E21FB1929557E8BD70A789A1F44E5D867099979B17313F69D44515CF12B8C937634907539AB1C54C4F5334B
assets.ad4m.at/product_image/ Frame 5D72 11 KB
11 KB 86ms
75ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/3778CF797E3A529087D97C23A5BCA9FADE012AB01E21FB1929557E8BD70A789A1F44E5D867099979B17313F69D44515CF12B8C937634907539AB1C54C4F5334B
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=300&d=250&e=&g=d47fa36164ca89098b802a91568f96b8%2F8479885452760686459&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1669372384375&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jhwp3tp7pp2aec6q3d2z2zj8pv49mwjvcm1haz9ratj4djyc2m8gxkzqnswgps2fxreks2aktcx4nzjf80e188rcr1z7whrbz0b5b0rxpgwgkh1gbj0t8c0xzrf1s89prjwwr4518z9ne4s2r95mg2qq2ne8wwj97wyfa1ncw0aqbn5ppasd5jd2ahac1bwsdd5va93j34dkxxjp2120nd14rp66a1vx0pp3h404ykk3mxdmb09dch03zwvex9753z3nyzqkmd5tsbetdpg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%2526client%253Dca-pub-5928161074779380%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fc6327e965679b41a818cf88fdaf0b16e586c0ac03bc72d49c4f47e2ed02336

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 749181
cf-polished: qual=85, origFmt=jpeg, origSize=46259
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10888
cf-bgj: imgq:85,h2pri
last-modified: Wed, 16 Nov 2022 16:09:44 GMT
server: cloudflare
etag: "b2cf554576629d98986c459034c76d1a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wtRFSGcJZZNxESzopfV5yMWMi7uCz7H07W%2B8WFIeXR3BYIGIsyj8KrH5FttfY3ns4ff0T%2B77grJtp5cpsm7GUiDBMvowilV4542FOkumZdNkCZt%2FUm3nTkdOZOTJDK6DaMT5Yj0azki3Sf8v"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 76f9b95afea7bbd1-FRA
expires: Sat, 26 Nov 2022 10:33:04 GMT

GET
H/1.1

200
OK

/
partner.o2online.de/a/ Frame 5D72
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_t...
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=CIaN6d-QyfsCFcN_4Aod3oAKsA;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=...
https://www.telefonica-partner.de/tpv.php?t=117703V1226132702M&subid=viewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.lead-alliance.net/tpv.php?t=117703V1226132702M&subid=viewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117703&s_id=2022112511330478865730175X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_N...

49 B
1 KB

89ms
26ms

Image
image/gif

46.4.41.145
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117703&s_id=2022112511330478865730175X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&cons=0&spid=2022112511330478865730175X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&wfid=117703&partnerid=12218
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=300&d=250&e=&g=d47fa36164ca89098b802a91568f96b8%2F8479885452760686459&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1669372384375&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jhwp3tp7pp2aec6q3d2z2zj8pv49mwjvcm1haz9ratj4djyc2m8gxkzqnswgps2fxreks2aktcx4nzjf80e188rcr1z7whrbz0b5b0rxpgwgkh1gbj0t8c0xzrf1s89prjwwr4518z9ne4s2r95mg2qq2ne8wwj97wyfa1ncw0aqbn5ppasd5jd2ahac1bwsdd5va93j34dkxxjp2120nd14rp66a1vx0pp3h404ykk3mxdmb09dch03zwvex9753z3nyzqkmd5tsbetdpg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%2526client%253Dca-pub-5928161074779380%2526adurl%253D&y=1&s=&z=0
Protocol: HTTP/1.1
Server: 46.4.41.145 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nonstopads2.sunbonet.de
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Fri, 25 Nov 2022 10:33:04 GMT
X-NODEIP: 46.4.41.145
Server: nginx/1.10.3 (Ubuntu)
RM-PrivacyPolicy: https://www.nonstoppartner.net/
Content-Type: image/gif
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 49

Redirect headers

location: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=117703&s_id=2022112511330478865730175X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&cons=0&spid=2022112511330478865730175X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&wfid=117703&partnerid=12218
date: Fri, 25 Nov 2022 10:33:04 GMT
x-content-type-options: nosniff
server: nginx
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H2 200 DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
assets.ad4m.at/logo/ Frame 5D72 9 KB
9 KB 65ms
55ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/DF9A32151D42BCC835EC0C9BE62CF0094313EE46FD4E5D3DC0F1217B7F8F1AD49F0F4DDF5D50AE1511A12D11F97A6BCA3DF8CE9D056CE7A3DC11AF6ED1255D71
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=300&d=250&e=&g=d47fa36164ca89098b802a91568f96b8%2F8479885452760686459&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1669372384375&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jhwp3tp7pp2aec6q3d2z2zj8pv49mwjvcm1haz9ratj4djyc2m8gxkzqnswgps2fxreks2aktcx4nzjf80e188rcr1z7whrbz0b5b0rxpgwgkh1gbj0t8c0xzrf1s89prjwwr4518z9ne4s2r95mg2qq2ne8wwj97wyfa1ncw0aqbn5ppasd5jd2ahac1bwsdd5va93j34dkxxjp2120nd14rp66a1vx0pp3h404ykk3mxdmb09dch03zwvex9753z3nyzqkmd5tsbetdpg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%2526client%253Dca-pub-5928161074779380%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 51280
cf-polished: origFmt=png, origSize=24833
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9258
cf-bgj: imgq:85,h2pri
last-modified: Tue, 09 Feb 2021 15:11:57 GMT
server: cloudflare
etag: "174bb0dc35647e204b09aa120965604a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JIaSjGfF%2BHwLDZMD2YSvULqY1IJtYZr4ES4WVaCwpkN26PzcxAugYhnFqO7iE76704sXcHtMcegKX3MnBncmtUNvcaL3oQdooEZxB1sBrB5SaUpTh1S0LgrYoYhyTAh72QWk2it%2BVrryrp6Q"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 76f9b95afeacbbd1-FRA
expires: Sat, 26 Nov 2022 10:33:04 GMT

GET
H2 200 FDA524315CF1A84E9D46619FD10F0264DD2260394DD71198EE8FEC75572B31C1B960B5E4A647F88B6C04B0DBC247510EFFF5F03328E33405460FFEDC3D0CE020
assets.ad4m.at/product_image/ Frame 5D72 20 KB
20 KB 67ms
57ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/FDA524315CF1A84E9D46619FD10F0264DD2260394DD71198EE8FEC75572B31C1B960B5E4A647F88B6C04B0DBC247510EFFF5F03328E33405460FFEDC3D0CE020
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=300&d=250&e=&g=d47fa36164ca89098b802a91568f96b8%2F8479885452760686459&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1669372384375&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jhwp3tp7pp2aec6q3d2z2zj8pv49mwjvcm1haz9ratj4djyc2m8gxkzqnswgps2fxreks2aktcx4nzjf80e188rcr1z7whrbz0b5b0rxpgwgkh1gbj0t8c0xzrf1s89prjwwr4518z9ne4s2r95mg2qq2ne8wwj97wyfa1ncw0aqbn5ppasd5jd2ahac1bwsdd5va93j34dkxxjp2120nd14rp66a1vx0pp3h404ykk3mxdmb09dch03zwvex9753z3nyzqkmd5tsbetdpg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%2526client%253Dca-pub-5928161074779380%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b094a140ea1c9e6edece62a54ab0d4fb5a600ba71495dc8835a12621e49204e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 755770
cf-polished: qual=85, origFmt=jpeg, origSize=85977
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 20094
cf-bgj: imgq:85,h2pri
last-modified: Wed, 16 Nov 2022 16:32:10 GMT
server: cloudflare
etag: "115bea0885590f780802fd14548a1cde"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7xReKxkp7rNivlLtHnQ86M5W%2BHumbdNemeOKOg6ADEOhr9gYhmOgXAJddOtfcN3WmXImb5JNmDHqZ3trLhoxV1gXzEtbPz7rJKueloeviaEff3eDarSzEVTRgYwFJLPecbz0TZAPzdDu8MoA"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 76f9b95afe9ebbd1-FRA
expires: Sat, 26 Nov 2022 10:33:04 GMT

GET
H/1.1

200
OK

/
partner.blau.de/a/ Frame 5D72
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N773418.3163536BLAU_AFFILIATE/B25532621.345088000;dc_trk_aid=536454876;dc_trk_cid=177082088;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed...
https://ad.doubleclick.net/ddm/trackimp/N773418.3163536BLAU_AFFILIATE/B25532621.345088000;dc_pre=CP2O6d-QyfsCFY8y4AodLEwGcA;dc_trk_aid=536454876;dc_trk_cid=177082088;ord=%7B%7Btimestamp%7D%7D;dc_la...
https://www.telefonica-partner.de/tpv.php?t=113752V1225131106M&subid=viewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.lead-alliance.net/tpv.php?t=113752V1225131106M&subid=viewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0
https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2022112511330478865730173X113752V1225131106MSviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netm...

49 B
1 KB

94ms
27ms

Image
image/gif

78.46.85.162
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2022112511330478865730173X113752V1225131106MSviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&cons=0
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=300&d=250&e=&g=d47fa36164ca89098b802a91568f96b8%2F8479885452760686459&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1669372384375&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jhwp3tp7pp2aec6q3d2z2zj8pv49mwjvcm1haz9ratj4djyc2m8gxkzqnswgps2fxreks2aktcx4nzjf80e188rcr1z7whrbz0b5b0rxpgwgkh1gbj0t8c0xzrf1s89prjwwr4518z9ne4s2r95mg2qq2ne8wwj97wyfa1ncw0aqbn5ppasd5jd2ahac1bwsdd5va93j34dkxxjp2120nd14rp66a1vx0pp3h404ykk3mxdmb09dch03zwvex9753z3nyzqkmd5tsbetdpg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%2526client%253Dca-pub-5928161074779380%2526adurl%253D&y=1&s=&z=0
Protocol: HTTP/1.1
Server: 78.46.85.162 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: nonstopads1.sunbonet.de
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Fri, 25 Nov 2022 10:33:04 GMT
X-NODEIP: 78.46.85.162
Server: nginx/1.10.3 (Ubuntu)
RM-PrivacyPolicy: https://www.nonstoppartner.net/
Content-Type: image/gif
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 49

Redirect headers

location: https://partner.blau.de/a/?i=pview&client=blau&camp=pview&l=de&nw=lea1&affiliate=113752&s_id=2022112511330478865730173X113752V1225131106MSviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&cons=0
date: Fri, 25 Nov 2022 10:33:04 GMT
x-content-type-options: nosniff
server: nginx
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H2 200 CE11F4A269236C0AF074ADB7F1ADA1F8C472CD7AC3290EFBF4A7DADA0100B8792254D4F2CF871D3311E6317269487774B650CDD0B207BED389DBEA35CD2DBC8F
assets.ad4m.at/logo/ Frame 5D72 16 KB
16 KB 61ms
51ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/CE11F4A269236C0AF074ADB7F1ADA1F8C472CD7AC3290EFBF4A7DADA0100B8792254D4F2CF871D3311E6317269487774B650CDD0B207BED389DBEA35CD2DBC8F
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=300&d=250&e=&g=d47fa36164ca89098b802a91568f96b8%2F8479885452760686459&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1669372384375&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jhwp3tp7pp2aec6q3d2z2zj8pv49mwjvcm1haz9ratj4djyc2m8gxkzqnswgps2fxreks2aktcx4nzjf80e188rcr1z7whrbz0b5b0rxpgwgkh1gbj0t8c0xzrf1s89prjwwr4518z9ne4s2r95mg2qq2ne8wwj97wyfa1ncw0aqbn5ppasd5jd2ahac1bwsdd5va93j34dkxxjp2120nd14rp66a1vx0pp3h404ykk3mxdmb09dch03zwvex9753z3nyzqkmd5tsbetdpg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%2526client%253Dca-pub-5928161074779380%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7024493525030ecd098ce0dcb2f0aea839373775120b40580028137b1d125ac9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 52803
cf-polished: origFmt=png, origSize=39979
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15996
cf-bgj: imgq:85,h2pri
last-modified: Wed, 22 Jan 2020 13:07:55 GMT
server: cloudflare
etag: "ad9334664514d900a0c3b76d17ca960f"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZWXJ760FFs%2BsACH3O7dSJwbdMsVu0CBrR%2Bn6AB47v3RzqwALhr%2Bh9fjv6yzCpqEJIWYbhqoyC3Ciq1mBg7FmHEFBezcQV1pxhyKrPqHo%2FuAyS7fHCD5jGCr0nzWiBP6OvJK4%2FHNcLoycJAJa"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 76f9b95afea1bbd1-FRA
expires: Sat, 26 Nov 2022 10:33:04 GMT

GET
H2 200 EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
assets.ad4m.at/product_image/ Frame 5D72 222 KB
222 KB 43ms
33ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=300&d=250&e=&g=d47fa36164ca89098b802a91568f96b8%2F8479885452760686459&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1669372384375&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jhwp3tp7pp2aec6q3d2z2zj8pv49mwjvcm1haz9ratj4djyc2m8gxkzqnswgps2fxreks2aktcx4nzjf80e188rcr1z7whrbz0b5b0rxpgwgkh1gbj0t8c0xzrf1s89prjwwr4518z9ne4s2r95mg2qq2ne8wwj97wyfa1ncw0aqbn5ppasd5jd2ahac1bwsdd5va93j34dkxxjp2120nd14rp66a1vx0pp3h404ykk3mxdmb09dch03zwvex9753z3nyzqkmd5tsbetdpg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%2526client%253Dca-pub-5928161074779380%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9bfc7d34cd8bc7df36a984d6f3da50799752e33c48bbf07a4a1ee959b51476d0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 51757
cf-polished: origFmt=png, origSize=342797
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 226950
cf-bgj: imgq:85,h2pri
last-modified: Wed, 15 Jun 2022 14:01:11 GMT
server: cloudflare
etag: "82c7de0f42ff55fdd0acc07731664031"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkTOawV%2F0aMxV7K2GHnaU%2B33v5fc0Hmjc%2B%2BYCppjeO614SuECgUz4HRyPjXQm5b8cfd%2B79XcfdqSqnI%2Fv5ceRoVkEifWTLL3dVLZ1bthUnYFUP9GTOfBS5JhUZG8hLq0qIztLNCD6yI%2BeZVZ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 76f9b95afea3bbd1-FRA
expires: Sat, 26 Nov 2022 10:33:04 GMT

GET
H2

200

ztpv.php
www.conrad.de/ Frame 5D72
Redirect Chain

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneidbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJoneid__suite_Netmix_Reach43_TopRotaMonth&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.conrad.de/ztpv.php?awc=11354_412871_1669372384_8b4df470-6cac-11ed-9d10-2262c713b6c4&insert=AW&&gdpr=0&gdpr_consent=

0
639 B

144ms
86ms

Image
text/html

2606:4700::6812:7f05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.conrad.de/ztpv.php?awc=11354_412871_1669372384_8b4df470-6cac-11ed-9d10-2262c713b6c4&insert=AW&&gdpr=0&gdpr_consent=

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=192347%2C19491%2C322829&b=72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCM%2CR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7%2CbwqTQfYZsqZ3EHYHbHztKtw7duxTJTJPSJ&f=EzqfDf4EsEBxZczHAHjt6C441HqTVTzbF7%2CQpKH4fdjUWX7axH5HYt9CZZrTDT4TzPFV%2C3bgFpf14UV1xMf7HrHAtXC9REt8TWTRead&c=300&d=250&e=&g=d47fa36164ca89098b802a91568f96b8%2F8479885452760686459&i=20774%2C20773%2C21596&j=14%2C14%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach43_TopRotaMonth&r=1669372384375&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1jhwp3tp7pp2aec6q3d2z2zj8pv49mwjvcm1haz9ratj4djyc2m8gxkzqnswgps2fxreks2aktcx4nzjf80e188rcr1z7whrbz0b5b0rxpgwgkh1gbj0t8c0xzrf1s89prjwwr4518z9ne4s2r95mg2qq2ne8wwj97wyfa1ncw0aqbn5ppasd5jd2ahac1bwsdd5va93j34dkxxjp2120nd14rp66a1vx0pp3h404ykk3mxdmb09dch03zwvex9753z3nyzqkmd5tsbetdpg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC86lL35mAY_KHFJLExgOSqoKwC5DhgYRctqjCivACwI23ARABIABglYKAgLAHggEXY2EtcHViLTU5MjgxNjEwNzQ3NzkzODDIAQmpAvRYLv7Td7E-qAMBqgSLAk_Q0DNaqj4cr49yGqxnjV_fjGlc82mBbocclq661HDhYuo4a6qRfe69P11jE7zp2WZui1QW_AoT192GB4zFFoERfMsN4c_3yAefKCaxxlIVfTOU66y8taOJ7sUfJkON6rVPx3GQIYqmuN2DUkPCeFhS1vCBgMqh-HqnO9zrK0pUBQeCQWLD-BxP86tiCodugjq3qjCQUtVxmIJKUTXEhLdKY3Lu_602PZZC_CohCF9UpIijOSgQVWeiMPsS64AJRgn20qd0Rpd6uqHcHAlVYHhhCdbcoSmAxNxMiII5BDmH38RfFlfJ0Ba82aNQiPzXcRu8x2URAbm33tybEswTTmyCYijGe1Dk_9YJP4AGvLaZ853-j8sxoAYhqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_3VWGvCWNoC4b94Z8nNJFxEdkaWqw%2526client%253Dca-pub-5928161074779380%2526adurl%253D&y=1&s=&z=0

Protocol

Server

2606:4700::6812:7f05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
via: 1.1 additional-webserver-blue-115j (Varnish/7.2)
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=15552000
age: 0
content-type: text/html; charset=UTF-8
p3p: policyref="http://www.conrad.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
x-varnish: 397533990
cache-control: no-cache
cf-ray: 76f9b95c1b419ba6-FRA
expires: -1

Redirect headers

Date: Fri, 25 Nov 2022 10:33:04 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://www.conrad.de/ztpv.php?awc=11354_412871_1669372384_8b4df470-6cac-11ed-9d10-2262c713b6c4&insert=AW&&gdpr=0&gdpr_consent=
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 0

GET
H3 200 streaming_logos.jpg
media.cybernews.com/images/thumbnail_small/2022/11/ 2 KB
3 KB 53ms
52ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail_small/2022/11/streaming_logos.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95ae45779eb52062acf521fc9718eea3a5703df0641983a053787cc2f30874fc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 0bb58964819755c192fe9c24c342bd1a.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2376
cf-resized: internal=ok/h q=0 n=42 c=4+72 v=2022.11.7 l=2376
last-modified: Tue, 15 Nov 2022 12:18:40 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cfJCJqO2aAdHKs_jmHLYlZJr098iFZYhIqdjUqgfspBQ:77da86623155b9a1f5472b5bedbb53df"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 76f9b95afe6a90b8-FRA

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9759 13 KB
5 KB 22ms
20ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3478
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 09:35:06 GMT
expires: Sat, 25 Nov 2023 09:35:06 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2C8C 783 B
535 B 30ms
29ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f7071fd1373728a69e38206338604326e8f947e44010d2efa0c265c1c2884e03

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-GcoAW75txfjuwZi1cXcJMg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-GcoAW75txfjuwZi1cXcJMg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 10:33:04 GMT
expires: Fri, 25 Nov 2022 10:33:04 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js Show response
pagead2.googlesyndication.com/bg/ Frame 9759 36 KB
16 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/M3JMhzk_3vTF8k0i77EsfxGITEmQ_9Y04x5PTEuqQvc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33724c87393fdef4c5f24d22efb12c7f11884c4990ffd634e31e4f4c4baa42f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 09:35:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3477
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15861
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 25 Nov 2023 09:35:07 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2C8C 0
0 54ms
54ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221110&jk=3147138421421657&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9759 0
11 B 20ms
19ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?XiepbQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 10:33:04 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 58ms
57ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221110&jk=3147138421421657&bg=!wMOlw4fNAAbvMpMzzzI7ACkAdvg8WnauQxCqaCK3SuF67cUCE37WiVkzgVXv8Np21aL3L34kgJueNQIAAABPUgAAAARoAQcKAOi0PiVovZrXZ9VTgebPoTFiHpmU1Qwurvo-2eCnt2y7fsKNdMuoR1mS_K3CVAhO28nGLf5bKmZ4tg1NHH4Kusmh0KVnBSAjRj9tcIlM3dhmYmH6C1UPuI9S41p43jFSQr0lIqYMp5JnY0x2YogUj57MboCqdP4iQuSSkory7h0CqMplVCnmoE-2ZZbfU3sZC6pkjzaU79wWzGHHMpUaR9zixWW20Fe_SanjV2YzHwIOu9oP5DlNzl1wxtSZI9hTVl5txsmfWM47ONjEisx66U-45uNRjJ4u4Hs77fuIl7ofj17P88t06YPemQKhzsKIkpHhqgvuA5pYn4Y92Jr_KvJfO2JwyCl8wnEshuy0bfI9a6ts3ce3Ar2z1tS3E6D222rDRnwF2G9b51mBrdReHP8QvCn68M359FRAgu2t0vC9uh3SrFxByaVDhyn-Gym7cMLzTOlonFYgePx_3PIkcDLrP8404N0o7jnonudNraNFjPGYfJQy0NvSMkhDVdcXMirxSv-PXc4oyx7pY3pPCJK9GBvOGP_wv5xvcA1r2T3vQb3piUxJCdHoeJYc8RkgYviu3enklnYjrPpyMt0QZEDq5U4oH3XSXuRFijR39RdZ96v3ADPzaBbOjnW9c_QItZNlRRKnAK059dT2cH0ds62HoPI-Q5PjiGmoZQy5WmENhFaTUGJqUzxeANU2sDuoFskZBJROq1gnjhEVMqFAvM91TFhvbAA4hkUMr5ldRATY_7I7i3U0_bV1hDNGMMofoFvwt8n0hSw2BKo2HoHiPNz5bCIiITOVMgEk81eIBIKlOB5KZRZQc6yvL34pWgaiIe5_1V3xuGYhLWNyMjzQGkh0hRAi1F46Nd_KPcCmg-d6cPueDWiWM8KiEnU8pRbdJr7tKvLwCfIkPdoZp5d3rVcVHavBM_SEEXtPSMTeRKIXMa0BF5jt666HmwD-AxRqCSfBeJIu3tzdz14OJeBchB7ROOAacQk2VOHMBrAhyDUgJ3lncVAlCymaegSFpJDZe010eF4s-3ExCkjdGlf3_UlSNmmaYIFv1gaYa_QYT8FGwyLk39nxN8oaFvvuxD-xq09KKZUyYR_2_vh5qfKzJQ7uuHrS2n7t1NsANaWVpriak5b39qpk-Zx-pd7NXxWWdCrXvMT_-9KdzCOepb1o7YFWCW6xdbSXwWFoiEfvWAAQ_MrIvvtBaon4N7aApw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEJW03IQ2Z4Y-wsyH7HKiAhc&google_cver=1&google_push=ASkJ3FZ2JMNuaTHNO381gqh52VteVchmLJiOuln96mt0sAEWrwaI8OGir_7p1OvvklziF5GssW4ORpL8cNtZPYV9u_EHBAEZNFN85w

Verdicts & Comments Add Verdict or Comment

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cybernews.com/	1970-01-20 07:43:06	Name: cn_t_bs Value: 81
.cybernews.com/	1970-01-20 07:43:06	Name: cn_t_sess Value: %7B%22cid%22%3A%22153206492.1669372382%22%2C%22clickId%22%3Anull%2C%22clickType%22%3Anull%2C%22landingPageUri%22%3A%22https%3A%2F%2Fcybernews.com%2Fnews%2Fatt-hit-everest-ransomware%2F%22%2C%22sessionId%22%3A%222ac25d62-41f7-414a-9536-79ffcee876b9%22%2C%22timeStamp%22%3A1669372382%7D
.cybernews.com/	1970-01-20 08:26:04	Name: cn_t_gtc Value: %7B%22clickId%22%3Anull%2C%22count%22%3A0%7D
.cybernews.com/	1970-01-20 17:18:52	Name: cn_t_uid Value: a8864027-a377-49f7-a13e-46d2817e872b
.cybernews.com/	1970-01-20 09:52:28	Name: _gcl_au Value: 1.1.564574597.1669372383
.cybernews.com/	1970-01-20 07:44:18	Name: _gid Value: GA1.2.669699561.1669372383
.cybernews.com/	1970-01-20 07:42:52	Name: _gat Value: 1
.cybernews.com/	1970-01-20 07:42:52	Name: _gat_UA-149779697-1 Value: 1
.cybernews.com/	1970-01-20 07:42:54	Name: __cf_bm Value: diIPXKKhx40s23X9zyC1_RH5n37JiaXpN87sYxQg3ew-1669372383-0-AdRf3P+zl0HNOW6MGQxat9VvjQbPLcoYoWQlQNQ9qcOBVrtypie4R4rpRagDeaSnqnRIVJ3f5FnxnEeVqNY3a3T1yPgjmSMId9ryls2+oSs4
.cybernews.com/	1970-01-20 17:18:52	Name: _ga_KT8DKCHF41 Value: GS1.1.1669372383.1.0.1669372383.60.0.0
.cybernews.com/	1970-01-20 07:42:54	Name: ga_fired Value: true
.cybernews.com/	1970-01-20 17:04:28	Name: __gads Value: ID=a62c0de8ab70634e-22d31dd792d7004f:T=1669372383:RT=1669372383:S=ALNI_MYIhabVodWS1OV2PGJ-jHXAhWsYLw
.cybernews.com/	1970-01-20 17:04:28	Name: __gpi Value: UID=00000b86cd1aad73:T=1669372383:RT=1669372383:S=ALNI_MZSrcnSug9pLtHO09j16zOgmI93jA
.doubleclick.net/	1970-01-20 17:04:28	Name: IDE Value: AHWqTUmEmGM9DK9IRx9jNzptPF9Ag5SHUsXELjGYu9ioJ3VzcZ0MLdYte6TCuR9pZEM
.quantserve.com/	1970-01-20 09:52:28	Name: d Value: EGsBCQHUJ4EA
.quantserve.com/	1970-01-20 17:13:06	Name: mc Value: 638099e0-012b7-3040b-dbc39
.agkn.com/	1970-01-20 16:28:28	Name: ab Value: 0001%3AgWcMp54HV1kvmL60fPO1HneR6MjpK%2B9z
.agkn.com/	1970-01-20 16:28:28	Name: u Value: C\|0CEArE1ZgKxNWYAAAAAAAAQ13AQCAAQpAAAAAAA
.casalemedia.com/	1970-01-20 16:28:28	Name: CMID Value: Y4CZ4CrLLq8ZOheI0ps0FgAA
.casalemedia.com/	1970-01-20 09:52:28	Name: CMPS Value: 1203
.casalemedia.com/	1970-01-20 09:52:28	Name: CMPRO Value: 1203
.pubmatic.com/	1970-01-20 07:44:18	Name: KTPCACOOKIE Value: YES
.e.dlx.addthis.com/	1970-01-20 17:13:06	Name: na_tc Value: Y
.innovid.com/	1970-01-20 09:52:28	Name: uuid Value: 200fee3b-afc5-4231-84e0-f97e6b78136b-20221125 05:33:04
.pubmatic.com/	1970-01-20 09:52:28	Name: KADUSERCOOKIE Value: EFAB6CC5-0F74-4717-B077-ECA409BF7D44
.casalemedia.com/	1970-01-20 09:52:28	Name: CMTS Value: 3209
.cybernews.com/	1970-01-20 17:18:52	Name: _ga Value: GA1.2.153206492.1669372382
.addthis.com/	1970-01-20 17:13:06	Name: na_tc Value: Y
.dlx.addthis.com/	1970-01-20 08:26:04	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 08:26:04	Name: na_sr Value: 20221125
.dlx.addthis.com/	1970-01-20 07:42:52	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 08:26:04	Name: na_sc_e Value: 0
.addthis.com/	1970-01-20 17:13:06	Name: na_id Value: 2022112510330400013901795216
.addthis.com/	1970-01-20 17:13:06	Name: uid Value: 638099e00c4ab488
.addthis.com/	1970-01-20 17:13:06	Name: ouid Value: 638099e00001d9122bc7249e443f0c9f1bb350ae4330c8f693de
.awin1.com/	1970-01-20 07:47:11	Name: awpv11354 Value: 412871\|1669372384\|8b4df470-6cac-11ed-9d10-2262c713b6c4
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 377129:2470185
www.conrad.de/	1970-01-20 07:50:04	Name: HTLP_timestamp Value: 1669372384
www.conrad.de/	1970-01-20 07:50:04	Name: CEAffHA Value: YD
.www.conrad.de/	1970-01-20 07:42:54	Name: __cf_bm Value: BHi.MPqSMw5rpTUeYtXgpBSK9ND_urL4vDt9PVf7yGA-1669372384-0-Ab0WJyJ0Urq5MqoDEkcPnuaCWNnFXfq9+TnNrDDzI/yWL4HsZmWp7Ec8pruFveMoaHaC4aBnetDOpV10llT4f+0=
.o2online.de/	1970-01-20 07:52:57	Name: nscT485 Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTI4MDAwMDAwMDA2MTY2OTM3MjM4NHZsZWExZGUyMDIyMTEyNTExMzMwNDc4ODY1NzMwMTc1WDExNzcwM1YxMjI2MTMyNzAyTVN2aWV3b25laWQ3MnhjcWZnekhqWG1ydXJIWEhndEF0VlZlZkdUMVRNSkNNb25laWRfX3N1aXRlX05ldG1peF9SZWFjaDQzX1RvcFJvdGFNb250aDExNzcwMw
.o2online.de/	1970-01-20 07:52:57	Name: nscQ485 Value: V
.o2online.de/	1970-01-20 07:52:57	Name: webShopPV Value: ?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_117703_-HTLP&utm_term=AFF_la_117703_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2022112511330478865730175X117703V1226132702MSviewoneid72xcqfgzHjXmrurHXHgtAtVVefGT1TMJCMoneid__suite_Netmix_Reach43_TopRotaMonth&wfid=117703&affiliateId=v01MTQyMTExMzExMTExMTExMTEwMTQyMTI4MDAwMDAwMDA2MTY2OTM3MjM4NHZsZWExZGUyMDIyMTEyNTExMzMwNDc4ODY1NzMwMTc1WDExNzcwM1YxMjI2MTMyNzAyT
.blau.de/	1970-01-20 07:52:57	Name: nscT486 Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTI3MDAwMDAwMDA2MTY2OTM3MjM4NHZsZWExZGUyMDIyMTEyNTExMzMwNDc4ODY1NzMwMTczWDExMzc1MlYxMjI1MTMxMTA2TVN2aWV3b25laWRSNVhmZ2Y2UUZYMjdUa0h3SDN0UXRkZEFGd1R6VDdnczdvbmVpZF9fc3VpdGVfTmV0bWl4X1JlYWNoNDNfVG9wUm90YU1vbnRoMTEzNzUy
.blau.de/	1970-01-20 07:52:57	Name: nscQ486 Value: V
.blau.de/	1970-01-20 07:52:57	Name: webShopPV Value: ?partnerId=BLU_AFF_POV_EXA_35008&mediacode=AFF_la_113752_-HTLP&utm_term=AFF_la_113752_-HTLP&utm_content=BLU_AFF_POV_EXA_35008&spid=2022112511330478865730173X113752V1225131106MSviewoneidR5Xfgf6QFX27TkHwH3tQtddAFwTzT7gs7oneid__suite_Netmix_Reach43_TopRotaMonth&wfid=113752

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	Message: A bad HTTP response code (403) was received when fetching the script.
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEJW03IQ2Z4Y-wsyH7HKiAhc&google_cver=1&google_push=ASkJ3FZ2JMNuaTHNO381gqh52VteVchmLJiOuln96mt0sAEWrwaI8OGir_7p1OvvklziF5GssW4ORpL8cNtZPYV9u_EHBAEZNFN85w Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
network	error	URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DASkJ3FbFzTZUFCZNTIB0UvLp0-BQdt7MZXxgYigUh1781JzSYUn7Vcyw7y2lWUb-SfM527mli827uekLXqpZsTa-4w6h9DGatR5T&google_gid=CAESEEU1HudHLAg1fAK_YTmCpA8&google_cver=1 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ad4m.at
adservice.google.com
adservice.google.de
ag.innovid.com
as.ad4m.at
assets.ad4m.at
cdn.onesignal.com
cm.g.doubleclick.net
cms.quantserve.com
cybernews.com
d.agkn.com
e.dlx.addthis.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
id.rlcdn.com
image6.pubmatic.com
media.cybernews.com
onesignal.com
pagead2.googlesyndication.com
partner.blau.de
partner.googleadservices.com
partner.o2online.de
pixel.rubiconproject.com
prod-rtb.ad4mat.net
region1.analytics.google.com
rtb.openx.net
ssum-sec.casalemedia.com
static-de.ad4mat.net
stats.g.doubleclick.net
tpc.googlesyndication.com
www.awin1.com
www.conrad.de
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.lead-alliance.net
www.telefonica-partner.de
googlecm.hit.gemius.pl
104.111.239.217
104.18.33.19
142.250.185.134
142.250.185.162
198.47.127.19
2001:4860:4802:32::36
2001:4860:4802:36::178
2600:1901:0:76b9::
2606:4700:20::681a:bd1
2606:4700:20::ac43:444e
2606:4700:3108::ac42:2bc5
2606:4700::6812:7f05
2606:4700::6812:e234
2620:116:800d:21:93ca:31d8:d86e:38f6
2a00:1450:4001:803::2008
2a00:1450:4001:808::2002
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2003
2a00:1450:4001:812::2003
2a00:1450:4001:827::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2001
2a00:1450:400c:c0c::9c
2a05:d01c:1d8:8100:3d7c:b3e5:1d0f:44c5
35.157.182.139
35.227.252.103
35.244.174.68
46.4.41.145
69.173.144.139
69.192.160.219
78.46.85.162
84.200.5.215
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c8472253c350281f2c142cf3d4789586f539c3af3fd9baf68ba1048a21bec3d
0fc6327e965679b41a818cf88fdaf0b16e586c0ac03bc72d49c4f47e2ed02336
1154fe55b34e603bb549d3ff3abc7da93fd4221dda16c47f44e5bcd2d5215a7d
1235d81875a51f31a89667b233bc97d0e0a1f30b9162c7fa64a3ac1159aa2e56
1a0a1f7a0aee9d6f23f2d09f2b5fe7a083cb71b45897d9057bdcc28f379a03f2
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1dfbdf2c18892f5b78223dad4346727eb1fbe9da0a476ca2f26a326e19678eaa
252583d275950566d9b7eb80b64fde90f81cc4741b5d0eef1b85213fade5c729
258df724525d8ce0647be578471e40bb35b59ccc04e95c5bba0e71669327bc5c
27260cf83d808862877891d23257234645a5372551839b2004aa21d9d0473cf2
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3220d2121ccecefccf4dad1efdfea13f352756d461d27bd1c7569009749ffffb
33564d35b434dc62f7d02bcb752cf1cadf7dba32887c0e50d3bba02a3996b1eb
33724c87393fdef4c5f24d22efb12c7f11884c4990ffd634e31e4f4c4baa42f7
34a9b8c3e6088d42a01e3cf800492030fe7432bc24fa9f6ce83e8471f4ab58b2
4007eabc93dc10a06020c1e2835213fa0dfc50de0bbdd4cb94b3f3a7aadf82e4
41e1fe7a9aa10bd0de43e02cde11da632db807e0ef54c3ede0bba12ef9c95d71
459700c779b6fca49ae4f1802dd616bf4133c8373b461b66f282a2125b01e8fb
4ab995345cf38f3951bc840ab2c0d043269e700e59f1c6d6cb7fb8946268b358
4b779487cf2d04eb8d1c47011b581d3112cf0dfb85274bbfab8a4f46a383e603
4e017bf092aed0ef4d904cce0115aaed7ae9dfe17c57305e753667cb82d4a1e8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab
5eeedf9055f9efab9127642b4c44135be9f404caa7ce08e51a5ea734dfd28828
5fd33c1bc5ac9e517cae525b10307381ab1b5a70793a72b599a7e32a6853837b
61651edfb03aae1c1007d6741f98171447ae7b1a67aaa520d8b0a959e0400885
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62158794ebacc276bdb4b64499da06cefc3f6ba2ceccc16ce10e856ee4684385
685587735a092c1429b2851bd2d5e546706af083d78ab19d7b50da23f1dfba8e
6976b1e225d48e5e0097d79498a99fc73f8b43cd4b693080aa5f6960e1ce50e4
6b094a140ea1c9e6edece62a54ab0d4fb5a600ba71495dc8835a12621e49204e
6ebd9fd37aacb1837e946ec2ab14653774b36b8d05e90da3e56358166cb67ca0
6f22e9f962892c56a7ea38b57a8d062520b6877d5387336aabefde558e9e0c12
7024493525030ecd098ce0dcb2f0aea839373775120b40580028137b1d125ac9
71a8be1afe6e03fc91ef705cffaf7f3058159e8d86b7adb9d78a56cd7f18f577
76cbc6fde17fa6880a685b13bccd16ecd11a52103be91dfbd9e1e5229afc8e39
78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53
80dc17ad7b2896c6aef51b6dd8bca9799c18d1f8b8124131406dc0f3076c582f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
843114448aaeeda7e8caa0cf76d61e0c63b8bffccd34517483363fdb15cdc80c
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d
8801400aab5c9d32dd9f98ecc4f3bd151783dc72d66bd33c53c1c161d10eadb3
8c2563302031840b7c7c661bc9f9a44ddb9a93cdbbc951dd8142560f52c6be80
8f71eb5d7c97ceb9812ad67434ffe5facdd931ef823d0e3f2b09fe5ebbfd1a7b
95ae45779eb52062acf521fc9718eea3a5703df0641983a053787cc2f30874fc
9624c9f30634be84a224d007e5df178a51107bff3e456e2a90b504cbf350d190
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b6d42772cb994d3a02eb092408136bf7d30a301feddff6495fdab708242de62
9bfc7d34cd8bc7df36a984d6f3da50799752e33c48bbf07a4a1ee959b51476d0
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9e21f9e0b83aad6bdef46a24b5ad30b49c7f05cc0ef74d7afb1a2e5c73950eeb
9fca9ae04b4bca7ef7d4f2c43505769b1f03fd173ecf3871dd7b7ee0f115dd48
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
ab8f0b6cec3eb6cd02efd0a9324053b868cac7dcda99fc89871b4e87141bdf14
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af5d717c4f973cf4908235043c879c4deb8cfdc2c6cde5a167a5be080874141d
b200b6bb7bb5beedcf448fcaac7a5d34eb79d251cbe58b53b1f562d0ab3a992f
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b59c8bd0c6c6298fd94f1ad0f8161d8a90d6d58e506f0ed10a731d008b0407e4
b5d3260c728a6ca7f7a6dcac312981111c0c174e30590d6c2fa4e283b8f062cc
bb830317bac065a5fc2c58ae1d9645abf4633632382af96f86a0be5b06de15eb
bd4b21bf16796f8b1cdf801e048df3d36f3f05893b9e249ae871c1d6096c2ffd
cb2b425ad0ecbed7e2bd79ae31ce09edbf9cfd4cdfc65b79eb0f68b1607a10df
ccc5a1f8ce53359c95a0e7baa4176a052d3caa1ee0f9e85bff16f77167c79158
d12c6745eca14e06d4dea70f4c2bd875769b349770d04300477ab18d0db005d4
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e138d129f38769d7080ed6ac6519dce8a4d546b7da5709b12aedff39673fa021
e375c9bea0b8741023ba0fa27a551012e340a6480c7bc7f269c5f1f7d11f141d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7e1ebac33ecb2f6316df7acce08a9c1ad1df48ed968916bed0345363ff4aa27
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f290a3a287182664a81ea150c04e7d1a451f1bf74f6738b43d382e3d40d98002
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f7071fd1373728a69e38206338604326e8f947e44010d2efa0c265c1c2884e03
f7cdf71044448cb736733f5163fff96081d51ba4101567d61d22ee5998a7a399

cybernews.com Open in urlscan Pro 2606:4700:3108::ac42:2bc5 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

118 Requests

91 %HTTPS

61 %IPv6

29 Domains

41 Subdomains

26 IPs

5 Countries

2217 kBTransfer

3890 kBSize

46 Cookies

6 Outgoing links

Redirected requests

118 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cybernews.com Open in urlscan Pro
2606:4700:3108::ac42:2bc5 Public Scan

Screenshot
Live screenshot

Full Image

118
Requests

91 %
HTTPS

61 %
IPv6

29
Domains

41
Subdomains

26
IPs

5
Countries

2217 kB
Transfer

3890 kB
Size

46
Cookies

118 HTTP transactions
9 data transactions