thecybernewsfeed.com Open in urlscan Pro
104.21.43.67 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-in...
Submission: On September 20 via api (September 20th 2021, 5:10:54 am UTC) from GB — Scanned from DE

Summary HTTP 73 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 18 IPs in 5 countries across 18 domains to perform 73 HTTP transactions. The main IP is 104.21.43.67, located in and belongs to CLOUDFLARENET, US. The main domain is thecybernewsfeed.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 8th 2020. Valid for: a year.

This is the only time thecybernewsfeed.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	104.21.43.67 104.21.43.67	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	142.250.184.202 142.250.184.202	15169 (GOOGLE) (GOOGLE)
1	142.250.181.232 142.250.181.232	15169 (GOOGLE) (GOOGLE)
9	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
4	142.250.185.99 142.250.185.99	15169 (GOOGLE) (GOOGLE)
1	192.0.73.2 192.0.73.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	172.217.16.142 172.217.16.142	15169 (GOOGLE) (GOOGLE)
8	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
3	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
4	142.250.74.195 142.250.74.195	15169 (GOOGLE) (GOOGLE)
12	142.250.186.97 142.250.186.97	15169 (GOOGLE) (GOOGLE)
1 3	142.250.181.228 142.250.181.228	15169 (GOOGLE) (GOOGLE)
1 1	52.18.11.109 52.18.11.109	16509 (AMAZON-02) (AMAZON-02)
6	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 2	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2 2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
1 1	217.182.200.29 217.182.200.29	16276 (OVH) (OVH)
73	18

11 104.21.43.67 (None, )

ASN13335 (CLOUDFLARENET, US)

thecybernewsfeed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.73.2 (United States)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.142 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f142.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f98.1e100.net

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.74.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.186.97 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.181.228 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.11.109 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-11-109.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.191 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.182.200.29 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: gcm7.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	307 KB
13	doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	79 KB
11	thecybernewsfeed.com thecybernewsfeed.com	151 KB
8	gstatic.com fonts.gstatic.com www.gstatic.com	96 KB
5	google.com 1 redirects adservice.google.com www.google.com	2 KB
4	googleapis.com fonts.googleapis.com	3 KB
3	googletagservices.com www.googletagservices.com	105 KB
2	openx.net 2 redirects rtb.openx.net	759 B
2	addthis.com 2 redirects e.dlx.addthis.com	1 KB
2	rlcdn.com 2 redirects id.rlcdn.com	889 B
2	google.de adservice.google.de	975 B
2	google-analytics.com www.google-analytics.com	20 KB
1	gemius.pl 1 redirects googlecm.hit.gemius.pl	336 B
1	mookie1.com odr.mookie1.com	607 B
1	everesttech.net 1 redirects pixel.everesttech.net	374 B
1	googleadservices.com partner.googleadservices.com	665 B
1	gravatar.com secure.gravatar.com	2 KB
1	googletagmanager.com www.googletagmanager.com	40 KB
73	18

	Domain	Requested by
12	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
11	thecybernewsfeed.com	thecybernewsfeed.com
9	pagead2.googlesyndication.com	thecybernewsfeed.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
6	cm.g.doubleclick.net	googleads.g.doubleclick.net
4	www.gstatic.com	googleads.g.doubleclick.net
4	fonts.gstatic.com	fonts.googleapis.com
4	fonts.googleapis.com	thecybernewsfeed.com googleads.g.doubleclick.net
3	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
3	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	rtb.openx.net	2 redirects
2	e.dlx.addthis.com	2 redirects
2	id.rlcdn.com	2 redirects
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	googlecm.hit.gemius.pl	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	pixel.everesttech.net	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	secure.gravatar.com	thecybernewsfeed.com
1	www.googletagmanager.com	thecybernewsfeed.com
73	22

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
pinterest.com
www.linkedin.com
centralrecorder.com
wowlayers.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-12-08` - `2021-12-07`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh

This page contains 12 frames:

Primary Page: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
Frame ID: 8971663DA60175CD796DE561EFCD96AA
Requests: 29 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20190131/zrt_lookup.html
Frame ID: D599252B9F268E607BB5AE90B4EA4119
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&adk=1812271804&adf=3025194257&lmt=1632114650&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632114649934&bpp=4&bdt=336&idt=135&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8309587375269&frm=20&pv=2&ga_vid=1198412155.1632114650&ga_sid=1632114650&ga_hid=1520769373&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C31062519%2C31062311&oid=3&pvsid=61721101659044&pem=627&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=149
Frame ID: 2F6DA1603AA94FBCBA1851BAE66BB8D1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&h=280&adk=1393234796&adf=4092543358&pi=t.aa~a.1625790081~rp.1&w=1060&fwrn=4&fwrnh=100&lmt=1632114650&rafmt=1&to=qs&pwprc=6831576490&tp=site_kit&psa=0&format=1060x280&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632114650794&bpp=2&bdt=1196&idt=2&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbc17e27e5989c55c-22a5e9023bc900bf%3AT%3D1632114650%3ART%3D1632114650%3AS%3DALNI_MYNjzvcAbmTE740mwSZvXuu-9BrTw&prev_fmts=0x0&nras=2&correlator=8309587375269&frm=20&pv=1&ga_vid=1198412155.1632114650&ga_sid=1632114650&ga_hid=1520769373&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=270&ady=1684&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C31062519%2C31062311&oid=3&pvsid=61721101659044&pem=627&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=p0Ix9y7CU7&p=https%3A//thecybernewsfeed.com&dtd=11
Frame ID: 7D3304FC7973034511E93F7E670332AE
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
Frame ID: 1F0E5E61E18A44DC4F17F9AB58CC104F
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: CDBD4CCD6766479A7041F52CFF56A4DD
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 4CB787910F73473A49F45934DE4A832D
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EC20BE249C6BE4855621AA362903FE22
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js
Frame ID: AA212DFCE890E61C39CB6B5CE5C37903
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js
Frame ID: D3174C9FAA76EFEA60181C018A851D7D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 7EA51C22A3EB38113AAF5D4F4F5E7AF6
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F23C455DE124B49E4CAA0AF3BFC6AA02
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Microsoft warns attackers are sending people malicious Office files and tricking them into opening it - The Cyber News Feed

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Gravatar (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<[^>]+gravatar\.com/avatar/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

73
Requests

99 %
HTTPS

0 %
IPv6

18
Domains

22
Subdomains

18
IPs

5
Countries

805 kB
Transfer

2025 kB
Size

26
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Microsoft+warns+attackers+are+sending+people+malicious+Office+files+and+tricking+them+into+opening+it&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F&description=Microsoft+warns+attackers+are+sending+people+malicious+Office+files+and+tricking+them+into+opening+it

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F&title=Microsoft+warns+attackers+are+sending+people+malicious+Office+files+and+tricking+them+into+opening+it&summary=This+malware+affects+Windows+7-10+users+and+Windows+version+2008.+Microsoft+bosses+warn+that+scammers+are+sending+them+malicious+Office+files.+3.+Microsoft%26nbsp%3B%26%238230%3BThis+article+was+originally+published+here

Search URL Search Domain Scan URL

URL: https://centralrecorder.com/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it/
Title: here

Search URL Search Domain Scan URL

URL: https://wowlayers.com/
Title: WOWLayers.com

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 55

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJ6_Rh5IrI_AVCH-CRdfnx45ltwbov-QntFy9D9Qd8kps4eL_4XWLS3s7RgUOJj54q9DvkKr4pGqPygTY0S0AQRtE8IOA&google_gid=CAESEEqIlzjdiR8Ewl887bSKllY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVVnWDJ3QUFBS1pqWFZKTg&google_push=AYg5qPJ6_Rh5IrI_AVCH-CRdfnx45ltwbov-QntFy9D9Qd8kps4eL_4XWLS3s7RgUOJj54q9DvkKr4pGqPygTY0S0AQRtE8IOA

Request Chain 56

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPKBqrD2agWaU6ocSAPrNbIp7radKJLzwTAHZ07uFOfFjmNA1tXSu-lFoWOBX1aCWkG4TaxusBX0hUT_J8GGJnQz_PKMFJw&google_gid=CAESEPmE3EfBZXsdequAHbDRoyo&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCNuvoIoGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBLQnFyRDJhZ1dhVTZvY1NBUHJOYklwN3JhZEtKTHp3VEFIWjA3dUZPZkZqbU5BMXRYU3UtbEZvV09CWDFhQ1drRzRUYXh1c0JYMGhVVF9KOEdHSm5Rel9QS01GSnc HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwcWF4eGU1bmlqcFBPcTl5YUVrWW4wX1hyZm1QZ1RTcFNTQVNndktEbVVNRQ==&google_push

Request Chain 57

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIILEP651z30O7NCVqSyVy0WSMrS4Ew69CATof7BrXFaGEVPIDn8JmuAMWrgaRDtOQnYJjRyM1O1NCfCI1mbqJLO2qrSyM&google_gid=CAESEKILbueISpncRLzqKi5HUds&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIILEP651z30O7NCVqSyVy0WSMrS4Ew69CATof7BrXFaGEVPIDn8JmuAMWrgaRDtOQnYJjRyM1O1NCfCI1mbqJLO2qrSyM&google_gid=CAESEKILbueISpncRLzqKi5HUds&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA5MjAwNTEwNTIwMDAxMzE1NTYyNDA2Mg%3D%3D&google_push=AYg5qPIILEP651z30O7NCVqSyVy0WSMrS4Ew69CATof7BrXFaGEVPIDn8JmuAMWrgaRDtOQnYJjRyM1O1NCfCI1mbqJLO2qrSyM

Request Chain 59

https://rtb.openx.net/sync/dds?google_gid=CAESEHO3sPGDtbcSKwIXc4LYrHY&google_cver=1&google_push=AYg5qPIU_vx7rQuaxKtl3kaouTw5pBcxlLWadRE5V2vG6X01GiQs564__jLxwI5ughUgdTrJ4GbbPalyClDJDYfzV6CtAlOYXw HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEHO3sPGDtbcSKwIXc4LYrHY&google_cver=1&google_push=AYg5qPIU_vx7rQuaxKtl3kaouTw5pBcxlLWadRE5V2vG6X01GiQs564__jLxwI5ughUgdTrJ4GbbPalyClDJDYfzV6CtAlOYXw&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIU_vx7rQuaxKtl3kaouTw5pBcxlLWadRE5V2vG6X01GiQs564__jLxwI5ughUgdTrJ4GbbPalyClDJDYfzV6CtAlOYXw&google_hm=XlHYxpwVy90buQ9N5zNtYg==

Request Chain 60

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHqFHlo-75oocfecvyEO72A&google_cver=1&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A

Request Chain 61

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEEz2TCwFN3wHUge3JU1G5pU&google_cver=1&google_push=AYg5qPKhVeMbsMove3nsUxZMA_5oHrZ9DQDSGMCDiJOGJQhKDh1ScpQqJycyoq8VSyVlg62FbYeBS5B5aZOi_1nmakrVlDu7z11Z HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKhVeMbsMove3nsUxZMA_5oHrZ9DQDSGMCDiJOGJQhKDh1ScpQqJycyoq8VSyVlg62FbYeBS5B5aZOi_1nmakrVlDu7z11Z&google_hm=

73 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/ 40 KB
12 KB 1677ms
1616ms Document
text/html 104.21.43.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.43.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f993ade0589076877c91db54fb0b6b9a198f5369084ec57aad2b0c006b7488f

Request headers

:method: GET
:authority: thecybernewsfeed.com
:scheme: https
:path: /malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 20 Sep 2021 05:10:49 GMT
content-type: text/html; charset=UTF-8
link: <https://thecybernewsfeed.com/wp-json/>; rel="https://api.w.org/", <https://thecybernewsfeed.com/wp-json/wp/v2/posts/130964>; rel="alternate"; type="application/json", <https://thecybernewsfeed.com/?p=130964>; rel=shortlink
x-cache: MISS from lin-10-170-0-30.gridhost.co.uk
x-cache-lookup: MISS from lin-10-170-0-30.gridhost.co.uk:3128
set-cookie: DYNSRV=lin-10-170-0-30; path=/
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bgL6Bm6IiCbhHTNr2RABOS1EGbM7T%2BnJPOwhq%2F2Df2LSfhKbumLrETpaGrsfNXshIIXRIHQAz7Gn3NHbnKvxGP%2BBBxkpjOlLg1fK6y1W8SbIRpgbjatOaSJY9hAi0ckG3txrdLF9iA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 69188ca5eb3a4099-CDG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 style.css
thecybernewsfeed.com/wp-content/themes/fasto/ 51 KB
13 KB 23ms
22ms Stylesheet
text/css 104.21.43.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-content/themes/fasto/style.css?ver=1.0
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.43.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f072795ef49893425d1998bfe539b5d1ccfbe7cccb46adeba443a9c1ca94361

Request headers

:path: /wp-content/themes/fasto/style.css?ver=1.0
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-30
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 963
x-cache: MISS from lin-10-170-0-22.gridhost.co.uk
x-cache-lookup: HIT from lin-10-170-0-22.gridhost.co.uk:3128
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 18 May 2020 21:09:24 GMT
server: cloudflare
etag: W/"6c42aafd-cdc1-5a5f293d27457"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nnXvAtsYRFToLSoKVpAFwspuNbBFKsOlswH2s7woZvFgSGaZGAwnIF89GyeAdXmciGftzN3FXs8E%2FbQITSvDLUOIlAbctVfcQ2bTo9qha4kab%2Fbpx7sYcrCrJp7eLd7Jt5YHbug4pw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 69188cb08df74099-CDG

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 78ms
29ms Stylesheet
text/css 142.250.184.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A700%7CRoboto%3A400&display=swap&ver=5.8

Requested by

Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f10.1e100.net

Software

ESF /

Resource Hash

e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 05:10:49 GMT
server: ESF
date: Mon, 20 Sep 2021 05:10:49 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Sep 2021 05:10:49 GMT

GET
H2 200 style.min.css
thecybernewsfeed.com/wp-includes/css/dist/block-library/ 79 KB
11 KB 24ms
24ms Stylesheet
text/css 104.21.43.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.43.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.8
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-30
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 963
x-cache: MISS from lin-10-170-0-22.gridhost.co.uk
x-cache-lookup: MISS from lin-10-170-0-22.gridhost.co.uk:3128
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 09:13:16 GMT
server: cloudflare
etag: W/"6c2d33f2-13abe-5c8a41899efe5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jbCWnvH9gU3q%2BKOHs0hKPtSzvNWyCSr82D9CvvtrU%2Bo6jG%2BO0t%2FlaDcP%2FCwz2DjqP3LarkE3dg9katlEa0kpNNn4%2BVWQQsxdbcVjDi4Uu5xF0trA%2BDBEDYKx6duDU66mhDXZunUA5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 69188cb08df94099-CDG

GET
H2 200 jquery.min.js Show response
thecybernewsfeed.com/wp-includes/js/jquery/ 87 KB
32 KB 73ms
72ms Script
application/javascript 104.21.43.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.43.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

:path: /wp-includes/js/jquery/jquery.min.js?ver=3.6.0
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-30
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:49 GMT
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache: MISS from lin-10-170-0-64.gridhost.co.uk
x-cache-lookup: HIT from lin-10-170-0-64.gridhost.co.uk:3128
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 09:13:15 GMT
server: cloudflare
etag: W/"e382ebe-15db1-5c8a4188cdeab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5VNCXwamzKDrmNFw6OoetH8VfiURNsqDjYyNA1bF67%2BSsvcXCcCsBmPVw9TKvxzzGsrilMTRaizUCtocSuloQqvfToOSgVSmlnRJqv1tjtjEEY4dlnZ7YNNX4VcgLYBzUOAliKTmeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69188cb08dfb4099-CDG

GET
H2 200 jquery-migrate.min.js Show response
thecybernewsfeed.com/wp-includes/js/jquery/ 11 KB
5 KB 69ms
69ms Script
application/javascript 104.21.43.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.43.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

:path: /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-30
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:49 GMT
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache: MISS from lin-10-170-0-64.gridhost.co.uk
x-cache-lookup: HIT from lin-10-170-0-64.gridhost.co.uk:3128
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sun, 21 Feb 2021 08:12:32 GMT
server: cloudflare
etag: W/"52d9904-2bd8-5bbd43f452cb9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wz7jKJu5ouXqfyAujkRQaUnftet1jr79Bit3YMHWRwMRClcB%2BiQaYT4dRrOmRV%2F7YJ5kpraHMVEydU%2BmGoIuRySbo1a58BBNCANKvafo%2BLIIW8xOSXQXMElZF3cSptzs4uhqhwJ0VQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69188cb08dfc4099-CDG

GET
H3 200 wp-emoji-release.min.js Show response
thecybernewsfeed.com/wp-includes/js/ 18 KB
5 KB 74ms
74ms Script
application/javascript 104.21.43.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.43.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=5.8
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-30
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:49 GMT
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache: HIT from lin-10-170-0-23.gridhost.co.uk
x-cache-lookup: HIT from lin-10-170-0-23.gridhost.co.uk:3128
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 09:13:15 GMT
server: cloudflare
etag: W/"52d99dd-4705-5c8a418884211"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6JkHs%2BPRPDMsSs08aSzPhvcGrpRMVowoYED%2BZ3L5jysuNzEMPW%2ByJTIsZCzxH7bG5LaFUim%2FhAIzKYsdPjndc19SEpKSRYgg%2FKBK%2BzUAMEZrKa3Q9JHT%2BrJI0Rwq3W7wQ619vrNCJw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69188cb10f20409f-CDG

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 99 KB
40 KB 89ms
35ms Script
application/javascript 142.250.181.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-71847049-2

Requested by

Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

8b908a8d188087665ea59b9f0aa18354976788056ca9019e9a8f54edbadceea2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:49 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40339
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 20 Sep 2021 05:10:49 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
48 KB 104ms
44ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

3776550e74035eea9fec10c8c341bc379405b82a2ddd208227f8398dc58efbd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49024
x-xss-protection: 0
server: cafe
etag: 14698332913372343023
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 20 Sep 2021 05:10:49 GMT

GET
H3 200 cropped-93472-scaled-2.jpg
thecybernewsfeed.com/wp-content/uploads/2020/05/ 65 KB
65 KB 22ms
22ms Image
image/jpeg 104.21.43.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thecybernewsfeed.com/wp-content/uploads/2020/05/cropped-93472-scaled-2.jpg
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.43.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 001bfcd7d6260cf429f2ad3dc28067ab53e6e5200155ecd6c0a7acd575a53d7f

Request headers

:path: /wp-content/uploads/2020/05/cropped-93472-scaled-2.jpg
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-30
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:49 GMT
x-cache-lookup: HIT from lin-10-170-0-23.gridhost.co.uk:3128
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 970
x-cache: HIT from lin-10-170-0-23.gridhost.co.uk
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 66260
last-modified: Sun, 31 May 2020 10:32:45 GMT
server: cloudflare
etag: "1b21d356-102d4-5a6ef32f107c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6E2SDaXxJD5OlYJFVcD4z%2Fyu4KgoX%2BFquiCyp1e0trsypxMvgPsuqF3L9kAFwLZrGAvt28168CXnzYWlhmGI0eWUIpZKBM3Cm8iy7OYZ2LyRva1wxcKT6w9bzYHzaJFL0zqKikoyQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
warning: 113 squid/4.11 "This cache hit is still fresh and more than 1 day old"
accept-ranges: bytes
cf-ray: 69188cb11f4b409f-CDG

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
16 KB 69ms
20ms Font
font/woff2 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A700%7CRoboto%3A400&display=swap&ver=5.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://thecybernewsfeed.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 14 Sep 2021 04:03:18 GMT
x-content-type-options: nosniff
age: 522451
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Sep 2022 04:03:18 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
16 KB 87ms
39ms Font
font/woff2 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A700%7CRoboto%3A400&display=swap&ver=5.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://thecybernewsfeed.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 17:49:36 GMT
x-content-type-options: nosniff
age: 386473
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 15 Sep 2022 17:49:36 GMT

GET
H2 200 652e6a622ca3aa8a2002e0c42f979c4e
secure.gravatar.com/avatar/ 1 KB
2 KB 38ms
6ms Image
image/jpeg 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/652e6a622ca3aa8a2002e0c42f979c4e?s=80&d=mm&r=g
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.73.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 4faa1d5635283a0d49e1933de318b24491751c9a3ccf2fe404b9137929e3eb86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 20 Sep 2021 05:10:49 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="652e6a622ca3aa8a2002e0c42f979c4e.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/652e6a622ca3aa8a2002e0c42f979c4e?s=80&d=mm&r=g>; rel="canonical"
content-length: 1323
expires: Mon, 20 Sep 2021 05:15:49 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 58ms
17ms Script
text/javascript 172.217.16.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-71847049-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f142.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 1129
date: Mon, 20 Sep 2021 04:52:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Mon, 20 Sep 2021 06:52:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/ 253 KB
94 KB 86ms
56ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1463153293518774&plah=thecybernewsfeed.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

0e932077700b08707120f8b3243472af89cb67c44f3cd2e9b073be8f3939dd69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95713
x-xss-protection: 0
server: cafe
etag: 14022606753207139456
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 20 Sep 2021 05:10:49 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210915/r20190131/ Frame D599 10 KB
5 KB 96ms
23ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210915/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210915/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thecybernewsfeed.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 19 Sep 2021 12:31:14 GMT
expires: Sun, 03 Oct 2021 12:31:14 GMT
content-type: text/html; charset=UTF-8
etag: 13836150016441684253
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4591
x-xss-protection: 0
age: 59976
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 48ms
22ms XHR
text/plain 172.217.16.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&aip=1&a=1520769373&t=pageview&_s=1&dl=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F&ul=en-us&de=UTF-8&dt=Microsoft%20warns%20attackers%20are%20sending%20people%20malicious%20Office%20files%20and%20tricking%20them%20into%20opening%20it%20-%20The%20Cyber%20News%20Feed&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACUABBAAAAC~&jid=2146802487&gjid=2117872566&cid=1198412155.1632114650&tid=UA-71847049-2&_gid=863331806.1632114650&_r=1&gtm=2ou9f0&did=dZTNiMT&z=1396051642

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f142.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://thecybernewsfeed.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 20 Sep 2021 05:10:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://thecybernewsfeed.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 placeholder-4.png
thecybernewsfeed.com/wp-content/themes/fasto/images/ 2 KB
2 KB 21ms
21ms Image
image/png 104.21.43.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thecybernewsfeed.com/wp-content/themes/fasto/images/placeholder-4.png
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.43.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6513585441b8e6f73cb020fec38b98e64b4ab966282d376469a495fa288a1228

Request headers

:path: /wp-content/themes/fasto/images/placeholder-4.png
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-30; _ga=GA1.2.1198412155.1632114650; _gid=GA1.2.863331806.1632114650; _gat_gtag_UA_71847049_2=1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:50 GMT
x-cache-lookup: HIT from lin-10-170-0-23.gridhost.co.uk:3128
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 971
x-cache: MISS from lin-10-170-0-23.gridhost.co.uk
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1554
last-modified: Mon, 18 May 2020 21:09:24 GMT
server: cloudflare
etag: "6c42ab08-612-5a5f293d2e7f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CBXYnj6TN%2BccSjlDjtIgCJAPfuNrGpyKATKksWUQ4o8HSqcWga6gq9d8pxkW5kIgkr2%2BSQ4eQJmVHvXGF3%2BoNMwnAlTKFvXLeOTisYbJgRjGGGx7l1dsrAC9%2BpiiTEEse9yJoKdbsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69188cb288d7409f-CDG

GET
H3 200 email-decode.min.js Show response
thecybernewsfeed.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 19ms
18ms Script
application/javascript 104.21.43.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thecybernewsfeed.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.43.67 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-30; _ga=GA1.2.1198412155.1632114650; _gid=GA1.2.863331806.1632114650; _gat_gtag_UA_71847049_2=1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 17 Sep 2021 09:29:40 GMT
server: cloudflare
etag: W/"61446004-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MuINs2xUCAvTs5f0riANSUMLi1ysHs%2F36KE0bKB2yLAcBc14jznPs0DPZOD6C005%2BJJ4NXz4UsOE%2FIyBQccPIL%2BMvfeIjFE%2Fri6b99GALwikNlSuPjZ0zfKWpwLx8VsrX4gg50%2B01g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69188cb2c92b409f-CDG
vary: Accept-Encoding
expires: Wed, 22 Sep 2021 05:10:50 GMT

GET
H3 200 scripts.js Show response
thecybernewsfeed.com/wp-content/themes/fasto/js/ 8 KB
3 KB 75ms
74ms Script
application/javascript 104.21.43.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-content/themes/fasto/js/scripts.js?ver=5.8
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.43.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a7c97a046515bc0d58203d54c8100496f7a334306af34fa1b29ce68b3488a86

Request headers

:path: /wp-content/themes/fasto/js/scripts.js?ver=5.8
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-30; _ga=GA1.2.1198412155.1632114650; _gid=GA1.2.863331806.1632114650; _gat_gtag_UA_71847049_2=1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:50 GMT
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache: HIT from lin-10-170-0-64.gridhost.co.uk
x-cache-lookup: HIT from lin-10-170-0-64.gridhost.co.uk:3128
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 18 May 2020 21:09:24 GMT
server: cloudflare
etag: W/"6c42ab12-21db-5a5f293d3470e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KGjM2EHGHS8RXKii5qlorG41NR9JEuGhTSGjYoJpz0Zo7mZqHnK9vSqaRuwQx1cat4eJ9rh4q4YWqvpoiXKpZoM0j42PpJQZG7viyjmcgb0pIPyoEaNh08fGEbsTq78fLlfm659G0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69188cb2c92c409f-CDG

GET
H3 200 wp-embed.min.js Show response
thecybernewsfeed.com/wp-includes/js/ 1 KB
1 KB 72ms
72ms Script
application/javascript 104.21.43.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-includes/js/wp-embed.min.js?ver=5.8
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.43.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=5.8
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-30; _ga=GA1.2.1198412155.1632114650; _gid=GA1.2.863331806.1632114650; _gat_gtag_UA_71847049_2=1
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:50 GMT
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache: HIT from lin-10-170-0-64.gridhost.co.uk
x-cache-lookup: HIT from lin-10-170-0-64.gridhost.co.uk:3128
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Sun, 21 Feb 2021 08:12:33 GMT
server: cloudflare
etag: W/"52d98d9-592-5bbd43f505af8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=59SeRWtjP8EYLSggUVXyGTysZoR0BiL%2FJWIx4xB1aMl5iOW0FGtV8ZKXCVyS9ixB1bAn7r0b2yrLI22o2uRGGQ6YZOrrmawIeyKvJBA0%2B%2BuJXT50eVmnx5wcCF2Rs3TC7sZuek%2B5%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69188cb2c92e409f-CDG

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 210 B
665 B 92ms
32ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=thecybernewsfeed.com&callback=_gfp_s_&client=ca-pub-1463153293518774

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1463153293518774&plah=thecybernewsfeed.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

3db66a44a2ded5f02af9b5231bbfc5e114c590c46f1867ff7545bdc564bdd6a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 199
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 58ms
22ms Script
application/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=thecybernewsfeed.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 20 Sep 2021 05:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 78ms
29ms Script
application/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=thecybernewsfeed.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 20 Sep 2021 05:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2F6D 150 KB
40 KB 676ms
648ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&adk=1812271804&adf=3025194257&lmt=1632114650&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632114649934&bpp=4&bdt=336&idt=135&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8309587375269&frm=20&pv=2&ga_vid=1198412155.1632114650&ga_sid=1632114650&ga_hid=1520769373&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C31062519%2C31062311&oid=3&pvsid=61721101659044&pem=627&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=149

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

b6de6a3cf2ec36ced156ec9088f5d0fd9a04f4df9c63fcaed70bd8597531d95c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1463153293518774&output=html&adk=1812271804&adf=3025194257&lmt=1632114650&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632114649934&bpp=4&bdt=336&idt=135&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8309587375269&frm=20&pv=2&ga_vid=1198412155.1632114650&ga_sid=1632114650&ga_hid=1520769373&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C31062519%2C31062311&oid=3&pvsid=61721101659044&pem=627&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=149
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thecybernewsfeed.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 20 Sep 2021 05:10:50 GMT
server: cafe
content-length: 40528
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 20-Sep-2021 05:25:50 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 20 Sep 2021 05:10:50 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
28 KB 87ms
32ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

24d026371427b41d6d168c5d4c18de465b026afc3907c86c8f3b3bc31bd87467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27652
x-xss-protection: 0
server: sffe
etag: "1631879122047051"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Mon, 20 Sep 2021 05:10:50 GMT

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/ 145 KB
52 KB 39ms
38ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109170101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

c852c446579924c09adc25d7687ae6c1d33af3e1578553dd920bdd0a37a9c681

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53050
x-xss-protection: 0
server: cafe
etag: 8181253980351192485
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Sep 2021 05:10:50 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 62ms
31ms Script
application/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=thecybernewsfeed.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 20 Sep 2021 05:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 81ms
32ms Script
application/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=thecybernewsfeed.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 20 Sep 2021 05:10:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7D33 85 KB
29 KB 885ms
885ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&h=280&adk=1393234796&adf=4092543358&pi=t.aa~a.1625790081~rp.1&w=1060&fwrn=4&fwrnh=100&lmt=1632114650&rafmt=1&to=qs&pwprc=6831576490&tp=site_kit&psa=0&format=1060x280&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632114650794&bpp=2&bdt=1196&idt=2&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbc17e27e5989c55c-22a5e9023bc900bf%3AT%3D1632114650%3ART%3D1632114650%3AS%3DALNI_MYNjzvcAbmTE740mwSZvXuu-9BrTw&prev_fmts=0x0&nras=2&correlator=8309587375269&frm=20&pv=1&ga_vid=1198412155.1632114650&ga_sid=1632114650&ga_hid=1520769373&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=270&ady=1684&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C31062519%2C31062311&oid=3&pvsid=61721101659044&pem=627&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=p0Ix9y7CU7&p=https%3A//thecybernewsfeed.com&dtd=11

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

2756b71c6a9f1a287eb6617d9c9cc5c5ed2aea8ef6d1e1deb43a0563e3805c86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1463153293518774&output=html&h=280&adk=1393234796&adf=4092543358&pi=t.aa~a.1625790081~rp.1&w=1060&fwrn=4&fwrnh=100&lmt=1632114650&rafmt=1&to=qs&pwprc=6831576490&tp=site_kit&psa=0&format=1060x280&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632114650794&bpp=2&bdt=1196&idt=2&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbc17e27e5989c55c-22a5e9023bc900bf%3AT%3D1632114650%3ART%3D1632114650%3AS%3DALNI_MYNjzvcAbmTE740mwSZvXuu-9BrTw&prev_fmts=0x0&nras=2&correlator=8309587375269&frm=20&pv=1&ga_vid=1198412155.1632114650&ga_sid=1632114650&ga_hid=1520769373&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=270&ady=1684&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C31062519%2C31062311&oid=3&pvsid=61721101659044&pem=627&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=p0Ix9y7CU7&p=https%3A//thecybernewsfeed.com&dtd=11
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thecybernewsfeed.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 20 Sep 2021 05:10:51 GMT
server: cafe
content-length: 29263
x-xss-protection: 0
set-cookie: IDE=AHWqTUkIqRMN_gcqF3V2ZcUDMruAcD5mV6fB75MuETVESr_7XypRkYmuX6E9-VcszAk; expires=Sat, 15-Oct-2022 05:10:50 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 20 Sep 2021 05:10:51 GMT
cache-control: private

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/ Frame 1F0E 10 KB
5 KB 20ms
20ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thecybernewsfeed.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 20 Sep 2021 01:20:06 GMT
expires: Mon, 04 Oct 2021 01:20:06 GMT
content-type: text/html; charset=UTF-8
etag: 13836150016441684253
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4591
x-xss-protection: 0
age: 13844
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css2
fonts.googleapis.com/ Frame 1F0E 4 KB
633 B 60ms
32ms Stylesheet
text/css 142.250.184.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f10.1e100.net

Software

ESF /

Resource Hash

e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 04:54:32 GMT
server: ESF
date: Mon, 20 Sep 2021 05:10:50 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Sep 2021 05:10:50 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 1F0E 205 B
764 B 78ms
23ms Image
image/png 142.250.74.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f3.1e100.net

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 16:27:22 GMT
x-content-type-options: nosniff
age: 45808
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 19 Sep 2022 16:27:22 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 1F0E 604 B
695 B 78ms
24ms Image
image/png 142.250.74.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f3.1e100.net

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 19:55:10 GMT
x-content-type-options: nosniff
age: 33340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 19 Sep 2022 19:55:10 GMT

GET
H2 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210915/r20110914/elements/html/ Frame 1F0E 17 KB
8 KB 72ms
23ms Script
text/javascript 142.250.186.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210915/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f1.1e100.net

Software

cafe /

Resource Hash

89e590d44510a10b9602ebffa228e2d8a2f2aeb1acc462b51cd19df5f5434308

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7656
x-xss-protection: 0
server: cafe
etag: 8352096984186353373
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 05:10:28 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame CDBD 3 KB
578 B 34ms
34ms Stylesheet
text/css 142.250.184.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f10.1e100.net

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 04:59:22 GMT
server: ESF
date: Mon, 20 Sep 2021 05:10:50 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Sep 2021 05:10:50 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210915/r20110914/client/ Frame CDBD 1 KB
857 B 57ms
24ms Script
text/javascript 142.250.186.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210915/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f1.1e100.net

Software

cafe /

Resource Hash

5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 04:54:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 961
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
server: cafe
etag: 3558876194914413708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 04:54:50 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210915/r20110914/ Frame CDBD 18 KB
7 KB 58ms
26ms Script
text/javascript 142.250.186.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210915/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f1.1e100.net

Software

cafe /

Resource Hash

7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 04:34:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2207
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7612
x-xss-protection: 0
server: cafe
etag: 7316329070599479730
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 04:34:04 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210915/r20110914/client/ Frame CDBD 2 KB
1 KB 55ms
23ms Script
text/javascript 142.250.186.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210915/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f1.1e100.net

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 04:44:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1592
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 04:44:19 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CDBD 128 KB
39 KB 2909ms
2878ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

daaaa4101e8414d3c9c0baab3c015599b7e1fa70035268b8ba23ea6790f00bf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39526
x-xss-protection: 0
server: sffe
etag: "1631879102694099"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Mon, 20 Sep 2021 05:10:53 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210915/r20110914/client/ Frame CDBD 14 KB
6 KB 56ms
25ms Script
text/javascript 142.250.186.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210915/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f1.1e100.net

Software

cafe /

Resource Hash

127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 04:16:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3290
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6211
x-xss-protection: 0
server: cafe
etag: 18326705275735229343
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 04:16:01 GMT

GET
H3 200 8b8c639f95e935c054a6465040a495ee.js Show response
www.gstatic.com/mysidia/ Frame CDBD 26 KB
11 KB 48ms
20ms Script
text/javascript 142.250.74.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8b8c639f95e935c054a6465040a495ee.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f3.1e100.net

Software

sffe /

Resource Hash

42dc9aece188c290c3303813e9f91c1d596f1267899f3b3357280be43c16ab53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 09:35:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70497
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10883
x-xss-protection: 0
last-modified: Tue, 14 Sep 2021 04:03:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Sat, 18 Dec 2021 09:35:53 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4CB7 143 B
163 B 20ms
20ms Document
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 20 Sep 2021 05:00:06 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 645
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4CB7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

29ms
29ms

Document
text/html

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210915/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si?st=NO_DATA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 20 Sep 2021 05:10:51 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Mon, 20-Sep-2021 06:10:51 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 20 Sep 2021 05:10:51 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 20 Sep 2021 05:10:51 GMT
server: safe
content-length: 257
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 css
fonts.googleapis.com/ Frame 7D33 3 KB
578 B 32ms
32ms Stylesheet
text/css 142.250.184.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&h=280&adk=1393234796&adf=4092543358&pi=t.aa~a.1625790081~rp.1&w=1060&fwrn=4&fwrnh=100&lmt=1632114650&rafmt=1&to=qs&pwprc=6831576490&tp=site_kit&psa=0&format=1060x280&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632114650794&bpp=2&bdt=1196&idt=2&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbc17e27e5989c55c-22a5e9023bc900bf%3AT%3D1632114650%3ART%3D1632114650%3AS%3DALNI_MYNjzvcAbmTE740mwSZvXuu-9BrTw&prev_fmts=0x0&nras=2&correlator=8309587375269&frm=20&pv=1&ga_vid=1198412155.1632114650&ga_sid=1632114650&ga_hid=1520769373&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=270&ady=1684&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C31062519%2C31062311&oid=3&pvsid=61721101659044&pem=627&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=p0Ix9y7CU7&p=https%3A//thecybernewsfeed.com&dtd=11

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f10.1e100.net

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 20 Sep 2021 04:55:20 GMT
server: ESF
date: Mon, 20 Sep 2021 05:10:51 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Sep 2021 05:10:51 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210915/r20110914/client/ Frame 7D33 1 KB
857 B 23ms
23ms Script
text/javascript 142.250.186.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210915/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f1.1e100.net

Software

cafe /

Resource Hash

5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 04:54:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 961
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
server: cafe
etag: 3558876194914413708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 04:54:50 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210915/r20110914/ Frame 7D33 18 KB
7 KB 23ms
23ms Script
text/javascript 142.250.186.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210915/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f1.1e100.net

Software

cafe /

Resource Hash

7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 04:34:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2207
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7612
x-xss-protection: 0
server: cafe
etag: 7316329070599479730
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 04:34:04 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210915/r20110914/client/ Frame 7D33 2 KB
1 KB 24ms
23ms Script
text/javascript 142.250.186.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210915/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f1.1e100.net

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 04:44:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1592
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 04:44:19 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7D33 128 KB
39 KB 2176ms
2175ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

sffe /

Resource Hash

daaaa4101e8414d3c9c0baab3c015599b7e1fa70035268b8ba23ea6790f00bf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39526
x-xss-protection: 0
server: sffe
etag: "1631879102694099"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="active-view-scs-read-write-acl"
expires: Mon, 20 Sep 2021 05:10:53 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210915/r20110914/client/ Frame 7D33 14 KB
6 KB 24ms
23ms Script
text/javascript 142.250.186.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210915/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f1.1e100.net

Software

cafe /

Resource Hash

127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 04:16:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3290
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6211
x-xss-protection: 0
server: cafe
etag: 18326705275735229343
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Oct 2021 04:16:01 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7D33 0
0 77ms
28ms Image
text/html 142.250.181.228
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTW5ckl-1uGwrlVwCZHEKULkudkQLV3HVTbN3MnhuqT8g-GtGXuknKUpct2AxUA-wuB4nk065b8cxAYruYtRXZxTnXqCQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&h=280&adk=1393234796&adf=4092543358&pi=t.aa~a.1625790081~rp.1&w=1060&fwrn=4&fwrnh=100&lmt=1632114650&rafmt=1&to=qs&pwprc=6831576490&tp=site_kit&psa=0&format=1060x280&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632114650794&bpp=2&bdt=1196&idt=2&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbc17e27e5989c55c-22a5e9023bc900bf%3AT%3D1632114650%3ART%3D1632114650%3AS%3DALNI_MYNjzvcAbmTE740mwSZvXuu-9BrTw&prev_fmts=0x0&nras=2&correlator=8309587375269&frm=20&pv=1&ga_vid=1198412155.1632114650&ga_sid=1632114650&ga_hid=1520769373&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=270&ady=1684&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C31062519%2C31062311&oid=3&pvsid=61721101659044&pem=627&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=p0Ix9y7CU7&p=https%3A//thecybernewsfeed.com&dtd=11
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.181.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3 200 8b8c639f95e935c054a6465040a495ee.js Show response
www.gstatic.com/mysidia/ Frame 7D33 26 KB
11 KB 21ms
20ms Script
text/javascript 142.250.74.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8b8c639f95e935c054a6465040a495ee.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f3.1e100.net

Software

sffe /

Resource Hash

42dc9aece188c290c3303813e9f91c1d596f1267899f3b3357280be43c16ab53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 09:35:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70498
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10883
x-xss-protection: 0
last-modified: Tue, 14 Sep 2021 04:03:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Sat, 18 Dec 2021 09:35:53 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7D33 0
0 33ms
32ms Fetch
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CHHM12hdIYZLnMq_H7_UPkuy1qArDhsPfY-av18m_DfrjkqWSDhABIIWSuSxgleKQgqAHoAG_p8fyAsgBCakCR_Fk6BUMtz6oAwHIA8sEqgS1Ak_Qb1FWbnsTJ4dM-lMuh2fpU1HUpXXcAY6GVa8dnDxhwmhKf4qxZQ9JuaZSWwXIoPDsNohVAZMKtWrqxjUYL-IpTaqnc9pBypA0ICogx5Wev_AsFWUPGr9scu7eaGxfDC-ZSYy2F9LPhYTlhzGBTCLJInsCsOhV2FxhfyWUT9QQtBAIDFNY3G3MmgJNeSP-g8g9GnnkCSH_WoCXpnlW2Z1qfyEeIHzETTVTdZKzjOWS6eINpFmne2hOo9bPQJWPEsFQZyg4OwJ46usmv32Z6cXyytoPpOqVRDNr85rPK1QMxQsW7Vi52B4OoKU2VtXsEK0c3jKgGYGp1E6L5bpnEhQhp56LxVGWAXf4m2JKG2Ly3Vj7CJzF238vAkNUIsS3FxtlJDNVQHInCnxZ7xzrWRZywAcX28AE66GAsMUDkgUECAQYAZIFBAgFGASgBi6AB6nYuI0BqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G9gHAPIHBBCR9QXSCAkIgOGAEBABGB-ACgHICwG4E4gn2BMN0BUBmBYBgBcBshccChoIABIUcHViLTE0NjMxNTMyOTM1MTg3NzQYAA&sigh=n47mpe4M0dA&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&h=280&adk=1393234796&adf=4092543358&pi=t.aa~a.1625790081~rp.1&w=1060&fwrn=4&fwrnh=100&lmt=1632114650&rafmt=1&to=qs&pwprc=6831576490&tp=site_kit&psa=0&format=1060x280&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632114650794&bpp=2&bdt=1196&idt=2&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbc17e27e5989c55c-22a5e9023bc900bf%3AT%3D1632114650%3ART%3D1632114650%3AS%3DALNI_MYNjzvcAbmTE740mwSZvXuu-9BrTw&prev_fmts=0x0&nras=2&correlator=8309587375269&frm=20&pv=1&ga_vid=1198412155.1632114650&ga_sid=1632114650&ga_hid=1520769373&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=270&ady=1684&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C31062519%2C31062311&oid=3&pvsid=61721101659044&pem=627&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=p0Ix9y7CU7&p=https%3A//thecybernewsfeed.com&dtd=11
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 20 Sep 2021 05:10:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/8521625563688486903/ Frame 7D33 14 KB
14 KB 23ms
23ms Image
image/jpeg 142.250.186.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8521625563688486903/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f1.1e100.net

Software

sffe /

Resource Hash

2750ad4838b2aa2762aea16b8f523832c837079001ef3f0f14ac65d093600f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 13 Sep 2021 08:12:07 GMT
x-content-type-options: nosniff
age: 593924
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14702
x-xss-protection: 0
last-modified: Wed, 14 Apr 2021 11:59:09 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Sep 2022 08:12:07 GMT

GET
DATA 200
OK truncated
/ Frame 7D33 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EC20 1 KB
749 B 20ms
20ms Document
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 19 Sep 2021 21:06:15 GMT
expires: Mon, 20 Sep 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 29076
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EC20
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJ6_Rh5IrI_AVCH-CRdfnx45ltwbov-QntFy9D...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVVnWDJ3QUFBS1pqWFZKTg&google_push=AYg5qPJ6_Rh5IrI_AVCH-CRdfnx45ltwbov-QntFy9D9Qd8kps4eL_4XWLS3s7RgUOJj54q9DvkKr4pGqPygTY0S0AQRtE8IOA

170 B
243 B

36ms
35ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVVnWDJ3QUFBS1pqWFZKTg&google_push=AYg5qPJ6_Rh5IrI_AVCH-CRdfnx45ltwbov-QntFy9D9Qd8kps4eL_4XWLS3s7RgUOJj54q9DvkKr4pGqPygTY0S0AQRtE8IOA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Sep 2021 05:10:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVVnWDJ3QUFBS1pqWFZKTg&google_push=AYg5qPJ6_Rh5IrI_AVCH-CRdfnx45ltwbov-QntFy9D9Qd8kps4eL_4XWLS3s7RgUOJj54q9DvkKr4pGqPygTY0S0AQRtE8IOA
Date: Mon, 20 Sep 2021 05:10:51 GMT
Server: Apache
Connection: keep-alive
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EC20
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPKBqrD2agWaU6ocSAPrNbIp7radKJLzwTAHZ07uFOfFjmNA1tXSu-lFoWOBX1aCWkG4TaxusBX0hUT_J8GGJnQz_PKMFJw&google_gid=CAESEPmE3EfBZXsdequAHbDRoyo&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCNuvoIoGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBLQnFyRDJhZ1dhVTZvY1NBUHJOYklwN3JhZEtKTHp3VEFIWjA3dUZPZkZqbU5BMXRYU3UtbEZvV09CWDFhQ1drRzRUYXh1c0JYMGhVVF9KOE...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwcWF4eGU1bmlqcFBPcTl5YUVrWW4wX1hyZm1QZ1RTcFNTQVNndktEbVVNRQ==&google_push

170 B
188 B

56ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwcWF4eGU1bmlqcFBPcTl5YUVrWW4wX1hyZm1QZ1RTcFNTQVNndktEbVVNRQ==&google_push

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Sep 2021 05:10:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 20 Sep 2021 05:10:51 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwcWF4eGU1bmlqcFBPcTl5YUVrWW4wX1hyZm1QZ1RTcFNTQVNndktEbVVNRQ==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EC20
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIILEP6...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIILEP6...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA5MjAwNTEwNTIwMDAxMzE1NTYyNDA2Mg%3D%3D&google_push=AYg5qPIILEP651z30O7NCVqSyVy0WSMrS4Ew69CATof7BrXFaGEVPIDn8JmuAMWrgaRDtO...

170 B
188 B

32ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA5MjAwNTEwNTIwMDAxMzE1NTYyNDA2Mg%3D%3D&google_push=AYg5qPIILEP651z30O7NCVqSyVy0WSMrS4Ew69CATof7BrXFaGEVPIDn8JmuAMWrgaRDtOQnYJjRyM1O1NCfCI1mbqJLO2qrSyM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Sep 2021 05:10:52 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA5MjAwNTEwNTIwMDAxMzE1NTYyNDA2Mg%3D%3D&google_push=AYg5qPIILEP651z30O7NCVqSyVy0WSMrS4Ew69CATof7BrXFaGEVPIDn8JmuAMWrgaRDtOQnYJjRyM1O1NCfCI1mbqJLO2qrSyM
pragma: no-cache
date: Mon, 20 Sep 2021 05:10:52 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Mon, 20 Sep 2021 05:10:52 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame EC20 43 B
607 B 52ms
23ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEMYjN7UBD1M7NNpbeuDd7Vc&google_push=AYg5qPKc2MZbvZvPbkQwFGB9wB430ywbBCO9HVsXrSZJA8TANYnn56XECuzeUZvFG6bFZW7OEIwXb5OBmLAbXHedDlkKQkcD2-E&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&h=280&adk=1393234796&adf=4092543358&pi=t.aa~a.1625790081~rp.1&w=1060&fwrn=4&fwrnh=100&lmt=1632114650&rafmt=1&to=qs&pwprc=6831576490&tp=site_kit&psa=0&format=1060x280&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fmicrosoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1632114650794&bpp=2&bdt=1196&idt=2&shv=r20210915&mjsv=m202109170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dbc17e27e5989c55c-22a5e9023bc900bf%3AT%3D1632114650%3ART%3D1632114650%3AS%3DALNI_MYNjzvcAbmTE740mwSZvXuu-9BrTw&prev_fmts=0x0&nras=2&correlator=8309587375269&frm=20&pv=1&ga_vid=1198412155.1632114650&ga_sid=1632114650&ga_hid=1520769373&ga_fc=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=3&u_nmime=4&adx=270&ady=1684&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C31062519%2C31062311&oid=3&pvsid=61721101659044&pem=627&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=p0Ix9y7CU7&p=https%3A//thecybernewsfeed.com&dtd=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Sep 2021 05:10:51 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EC20
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEHO3sPGDtbcSKwIXc4LYrHY&google_cver=1&google_push=AYg5qPIU_vx7rQuaxKtl3kaouTw5pBcxlLWadRE5V2vG6X01GiQs564__jLxwI5ughUgdTrJ4GbbPalyClDJDYfzV6CtAlOYXw
https://rtb.openx.net/sync/dds?google_gid=CAESEHO3sPGDtbcSKwIXc4LYrHY&google_cver=1&google_push=AYg5qPIU_vx7rQuaxKtl3kaouTw5pBcxlLWadRE5V2vG6X01GiQs564__jLxwI5ughUgdTrJ4GbbPalyClDJDYfzV6CtAlOYXw&ox...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIU_vx7rQuaxKtl3kaouTw5pBcxlLWadRE5V2vG6X01GiQs564__jLxwI5ughUgdTrJ4GbbPalyClDJDYfzV6CtAlOYXw&google_hm=XlHYxpwVy90buQ9N5zNtYg==

170 B
188 B

58ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIU_vx7rQuaxKtl3kaouTw5pBcxlLWadRE5V2vG6X01GiQs564__jLxwI5ughUgdTrJ4GbbPalyClDJDYfzV6CtAlOYXw&google_hm=XlHYxpwVy90buQ9N5zNtYg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Sep 2021 05:10:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 20 Sep 2021 05:10:50 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIU_vx7rQuaxKtl3kaouTw5pBcxlLWadRE5V2vG6X01GiQs564__jLxwI5ughUgdTrJ4GbbPalyClDJDYfzV6CtAlOYXw&google_hm=XlHYxpwVy90buQ9N5zNtYg==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: veja4gso49omdoga6phg87vlipt3mtlb

GET

pixel
cm.g.doubleclick.net/ Frame EC20
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHqFHlo-75oocfecvyEO72A&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EC20
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEEz2TCwFN3wHUge3JU1G5pU&google_cver=1&google_push=AYg5qPKhVeMbsMove3nsUxZM...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKhVeMbsMove3nsUxZMA_5oHrZ9DQDSGMCDiJOGJQhKDh1ScpQqJycyoq8VSyVlg62FbYeBS5B5aZOi_1nmakrVlDu7z11Z&google_hm=

170 B
188 B

52ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKhVeMbsMove3nsUxZMA_5oHrZ9DQDSGMCDiJOGJQhKDh1ScpQqJycyoq8VSyVlg62FbYeBS5B5aZOi_1nmakrVlDu7z11Z&google_hm=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Sep 2021 05:10:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 20 Sep 2021 05:10:51 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKhVeMbsMove3nsUxZMA_5oHrZ9DQDSGMCDiJOGJQhKDh1ScpQqJycyoq8VSyVlg62FbYeBS5B5aZOi_1nmakrVlDu7z11Z&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Sun, 19 Sep 2021 05:10:51 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame EC20 0
244 B 114ms
34ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ibjsh2FbTbtG5Rs2JRGA4K4eLl3pIgjug6A_w3uSKyYurvsc4RBItzC5Q5bpGFC9RcHc9BBg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 7D33 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9807e76a27caa6674e22602acd6b5e7e71315824f1c041036cb1b42ab73d4af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js Show response
pagead2.googlesyndication.com/bg/ Frame AA21 35 KB
13 KB 21ms
21ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js

Requested by

Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/microsoft-warns-attackers-are-sending-people-malicious-office-files-and-tricking-them-into-opening-it-2/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

d2568c052b452231835fe2dba24a62b753e2c153735dcced63aab0005ec06a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 11:36:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63276
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13319
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 14:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Mon, 19 Sep 2022 11:36:17 GMT

GET
H3 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 7D33 21 KB
21 KB 60ms
26ms Font
font/woff2 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 14 Sep 2021 08:44:05 GMT
x-content-type-options: nosniff
age: 505609
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Sep 2022 08:44:05 GMT

GET
H3 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 7D33 21 KB
21 KB 61ms
28ms Font
font/woff2 142.250.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f3.1e100.net

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 14 Sep 2021 04:08:17 GMT
x-content-type-options: nosniff
age: 522157
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Sep 2022 04:08:17 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 73ms
42ms XHR
application/json 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210915&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

64e144dc6b10171d140f9595f95b71e0e172ec27f091cc47476bdfa2151a6d72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 20 Sep 2021 05:10:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8613
x-xss-protection: 0

GET
H3 200 0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js Show response
pagead2.googlesyndication.com/bg/ Frame D317 35 KB
13 KB 20ms
20ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

d2568c052b452231835fe2dba24a62b753e2c153735dcced63aab0005ec06a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 11:36:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63277
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13319
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 14:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Mon, 19 Sep 2022 11:36:17 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 42ms
41ms Script
text/javascript 142.250.186.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 20 Sep 2021 05:10:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 20 Sep 2021 05:10:54 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 7EA5 12 KB
5 KB 24ms
23ms Document
text/html 142.250.186.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thecybernewsfeed.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sun, 19 Sep 2021 22:09:44 GMT
expires: Mon, 19 Sep 2022 22:09:44 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 25270
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F23C 783 B
535 B 31ms
31ms Document
text/html 142.250.181.228
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.228 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f4.1e100.net

Software

GSE /

Resource Hash

fe4df63426f8b455acf3a59df9bd748fdbe62669411ef99f81137b9833e585f2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AbaH4Rq5DFiy6o6TIquv5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thecybernewsfeed.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://thecybernewsfeed.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 20 Sep 2021 05:10:54 GMT
date: Mon, 20 Sep 2021 05:10:54 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-AbaH4Rq5DFiy6o6TIquv5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F23C 0
0 44ms
44ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20210915&jk=61721101659044&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3 200 0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js Show response
pagead2.googlesyndication.com/bg/ Frame 7EA5 35 KB
13 KB 20ms
20ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0laMBStFIjGDX-Lbokpit1PiwVNzXcztY6qwAF7AamA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

d2568c052b452231835fe2dba24a62b753e2c153735dcced63aab0005ec06a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 11:36:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63277
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13319
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 14:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Mon, 19 Sep 2022 11:36:17 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
thecybernewsfeed.com/	1969-12-31 23:59:59	Name: DYNSRV Value: lin-10-170-0-30
.thecybernewsfeed.com/	1970-01-20 14:53:06	Name: _ga Value: GA1.2.1198412155.1632114650
.thecybernewsfeed.com/	1970-01-19 21:23:21	Name: _gid Value: GA1.2.863331806.1632114650
.thecybernewsfeed.com/	1970-01-19 21:21:54	Name: _gat_gtag_UA_71847049_2 Value: 1
.thecybernewsfeed.com/	1970-01-20 06:43:30	Name: __gads Value: ID=bc17e27e5989c55c-22a5e9023bc900bf:T=1632114650:RT=1632114650:S=ALNI_MYNjzvcAbmTE740mwSZvXuu-9BrTw
.doubleclick.net/	1970-01-19 21:21:58	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 06:43:30	Name: IDE Value: AHWqTUkIqRMN_gcqF3V2ZcUDMruAcD5mV6fB75MuETVESr_7XypRkYmuX6E9-VcszAk
.casalemedia.com/	1970-01-20 06:07:30	Name: CMID Value: YUgX22YrChw3HA-rtZJv2gAA
.casalemedia.com/	1970-01-19 23:31:30	Name: CMPS Value: 3237
.mookie1.com/	1970-01-20 06:50:42	Name: id Value: 10811735331655887844
.mookie1.com/	1970-01-20 06:50:42	Name: mdata Value: 1\|10811735331655887844\|1632114651841
.mookie1.com/	1970-01-20 06:50:42	Name: ov Value: e5679f2d535c7bad50879ee19502c47c
.casalemedia.com/	1970-01-19 23:31:30	Name: CMPRO Value: 1208
.casalemedia.com/	1970-01-19 21:23:21	Name: CMST Value: YUgX22FIF9sA
.openx.net/	1970-01-20 06:07:30	Name: i Value: 52ab6da3-9c14-4d04-a71b-8b12500d6425\|1632114651
.rlcdn.com/	1970-01-20 06:07:30	Name: rlas3 Value: HNt0ODV7lDK1bgYwBTeAHtVA+WSAPAcDrUAZuXIvvfk=
.rlcdn.com/	1970-01-19 22:48:18	Name: pxrc Value: CNuvoIoGEgUI6AcQABIGCOndKhAA
.e.dlx.addthis.com/	1970-01-20 06:52:09	Name: na_tc Value: Y
.addthis.com/	1970-01-20 06:52:09	Name: na_id Value: 2021092005105200013155624062
.addthis.com/	1970-01-20 06:52:09	Name: na_tc Value: Y
.addthis.com/	1970-01-20 06:52:09	Name: uid Value: 614817dc56b70b59
.addthis.com/	1970-01-20 06:52:09	Name: ouid Value: 614817dc00016b1fec16de151cd1961101660a6ebe631c565492
.dlx.addthis.com/	1970-01-19 22:05:06	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-19 22:05:06	Name: na_sr Value: 20210920
.dlx.addthis.com/	1970-01-19 21:21:54	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-19 22:05:06	Name: na_sc_e Value: 0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YUgX22YrChw3HA_rtZJv2gAABLgAAAIB&google_push=AYg5qPLWTSPAXdL73FOP9SPXe219mRAJAMd7YZZ5VQOkid8FXcnMmm3JlXklN8yn-6hvJ-Jptq7twVFTNj6qMkJD-W0Pe9Ik4vs&google_cver=1&google_gid=CAESEHqFHlo-75oocfecvyEO72A Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cm.g.doubleclick.net
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
id.rlcdn.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
rtb.openx.net
secure.gravatar.com
thecybernewsfeed.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
cm.g.doubleclick.net
104.111.215.191
104.21.43.67
142.250.181.226
142.250.181.228
142.250.181.232
142.250.184.202
142.250.185.130
142.250.185.162
142.250.185.66
142.250.185.99
142.250.186.34
142.250.186.97
142.250.186.98
142.250.74.195
172.217.16.142
172.217.23.98
192.0.73.2
217.182.200.29
34.98.67.61
35.227.252.103
35.244.174.68
52.18.11.109
001bfcd7d6260cf429f2ad3dc28067ab53e6e5200155ecd6c0a7acd575a53d7f
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e932077700b08707120f8b3243472af89cb67c44f3cd2e9b073be8f3939dd69
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
127fef9bff9c4a7bd820146a3785bf8c7d3c5dbf48dd087f2e0f1d91a25e32c3
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
24d026371427b41d6d168c5d4c18de465b026afc3907c86c8f3b3bc31bd87467
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2750ad4838b2aa2762aea16b8f523832c837079001ef3f0f14ac65d093600f4f
2756b71c6a9f1a287eb6617d9c9cc5c5ed2aea8ef6d1e1deb43a0563e3805c86
2a7c97a046515bc0d58203d54c8100496f7a334306af34fa1b29ce68b3488a86
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
3776550e74035eea9fec10c8c341bc379405b82a2ddd208227f8398dc58efbd3
3db66a44a2ded5f02af9b5231bbfc5e114c590c46f1867ff7545bdc564bdd6a1
3f072795ef49893425d1998bfe539b5d1ccfbe7cccb46adeba443a9c1ca94361
42dc9aece188c290c3303813e9f91c1d596f1267899f3b3357280be43c16ab53
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
4faa1d5635283a0d49e1933de318b24491751c9a3ccf2fe404b9137929e3eb86
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
5f993ade0589076877c91db54fb0b6b9a198f5369084ec57aad2b0c006b7488f
64e144dc6b10171d140f9595f95b71e0e172ec27f091cc47476bdfa2151a6d72
6513585441b8e6f73cb020fec38b98e64b4ab966282d376469a495fa288a1228
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7195c4763ed26ac25f6be1726145b11ee61f5d27468605eb56a6c0823d101673
89e590d44510a10b9602ebffa228e2d8a2f2aeb1acc462b51cd19df5f5434308
8b908a8d188087665ea59b9f0aa18354976788056ca9019e9a8f54edbadceea2
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
b6de6a3cf2ec36ced156ec9088f5d0fd9a04f4df9c63fcaed70bd8597531d95c
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c852c446579924c09adc25d7687ae6c1d33af3e1578553dd920bdd0a37a9c681
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d2568c052b452231835fe2dba24a62b753e2c153735dcced63aab0005ec06a60
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
daaaa4101e8414d3c9c0baab3c015599b7e1fa70035268b8ba23ea6790f00bf3
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f9807e76a27caa6674e22602acd6b5e7e71315824f1c041036cb1b42ab73d4af
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fe4df63426f8b455acf3a59df9bd748fdbe62669411ef99f81137b9833e585f2

thecybernewsfeed.com Open in urlscan Pro 104.21.43.67 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

73 Requests

99 %HTTPS

0 %IPv6

18 Domains

22 Subdomains

18 IPs

5 Countries

805 kBTransfer

2025 kBSize

26 Cookies

6 Outgoing links

Redirected requests

73 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

thecybernewsfeed.com Open in urlscan Pro
104.21.43.67 Public Scan

Screenshot
Live screenshot

Full Image

73
Requests

99 %
HTTPS

0 %
IPv6

18
Domains

22
Subdomains

18
IPs

5
Countries

805 kB
Transfer

2025 kB
Size

26
Cookies

73 HTTP transactions
2 data transactions