Submitted URL: https://t.co/9A0hb9Hbz8
Effective URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Submission: On April 16 via api from GB — Scanned from GB

Summary

This website contacted 43 IPs in 4 countries across 27 domains to perform 268 HTTP transactions. The main IP is 208.73.202.146, located in United States and belongs to IS-AS-1, US. The main domain is www.massblog.xyz.
TLS certificate: Issued by R3 on February 20th 2022. Valid for: 3 months.
This is the only time www.massblog.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.69 13414 (TWITTER)
34 208.73.202.146 19318 (IS-AS-1)
3 192.0.77.2 2635 (AUTOMATTIC)
1 2a00:1450:400... 15169 (GOOGLE)
7 192.0.77.37 2635 (AUTOMATTIC)
18 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 192.0.76.3 2635 (AUTOMATTIC)
5 172.67.68.172 13335 (CLOUDFLAR...)
6 2606:4700:440... 13335 (CLOUDFLAR...)
2 192.243.59.13 39572 (ADVANCEDH...)
2 2606:4700:440... 13335 (CLOUDFLAR...)
25 2a00:1450:400... 15169 (GOOGLE)
7 2606:4700::68... 13335 (CLOUDFLAR...)
1 216.58.212.130 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
9 2a00:1450:400... 15169 (GOOGLE)
34 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
2 2a02:2638:1::2 44788 (ASN-CRITE...)
2 2a02:2638:1::4 44788 (ASN-CRITE...)
5 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
13 2a00:1450:400... 15169 (GOOGLE)
16 2a02:2638:1::3 44788 (ASN-CRITE...)
2 178.250.2.148 44788 (ASN-CRITE...)
6 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
22 178.250.2.135 44788 (ASN-CRITE...)
4 178.250.2.150 44788 (ASN-CRITE...)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 4 2a00:1450:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
268 43
Apex Domain
Subdomains
Transfer
51 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 98
tpc.googlesyndication.com — Cisco Umbrella Rank: 128
586 KB
42 criteo.net
static.criteo.net — Cisco Umbrella Rank: 632
pix.eu.criteo.net — Cisco Umbrella Rank: 7400
csm.eu.criteo.net — Cisco Umbrella Rank: 7420
638 KB
37 gstatic.com
fonts.gstatic.com
www.gstatic.com
encrypted-tbn0.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
encrypted-tbn1.gstatic.com
csi.gstatic.com
663 KB
34 massblog.xyz
www.massblog.xyz
489 KB
24 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
232 KB
12 wp.com
i0.wp.com — Cisco Umbrella Rank: 2767
c0.wp.com — Cisco Umbrella Rank: 6955
stats.wp.com — Cisco Umbrella Rank: 2657
pixel.wp.com — Cisco Umbrella Rank: 2521
123 KB
11 sendinblue.com
in-automate.sendinblue.com — Cisco Umbrella Rank: 28003
chat.sendinblue.com — Cisco Umbrella Rank: 169039
chat-backend.sendinblue.com — Cisco Umbrella Rank: 353040
380 KB
10 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 282
fonts.googleapis.com — Cisco Umbrella Rank: 46
12 KB
8 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 176
289 KB
6 criteo.com
rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 11325
ads.eu.criteo.com — Cisco Umbrella Rank: 7422
cat.nl.eu.criteo.com — Cisco Umbrella Rank: 9555
107 KB
6 google.com
adservice.google.com — Cisco Umbrella Rank: 77
www.google.com — Cisco Umbrella Rank: 4
2 KB
6 sibautomation.com
sibautomation.com — Cisco Umbrella Rank: 26477
7 KB
5 sender.net
cdn.sender.net — Cisco Umbrella Rank: 280790
86 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 238
10 KB
2 hubspot.com
forms.hubspot.com — Cisco Umbrella Rank: 3360
track.hubspot.com — Cisco Umbrella Rank: 2374
2 KB
2 google.co.uk
adservice.google.co.uk — Cisco Umbrella Rank: 4830
914 B
2 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1199
10 KB
2 effectivedisplayformats.com
www.effectivedisplayformats.com — Cisco Umbrella Rank: 139730
1 googlevideo.com
rr1---sn-aigzrn7e.googlevideo.com — Cisco Umbrella Rank: 42856
3 MB
1 ytimg.com
i1.ytimg.com — Cisco Umbrella Rank: 1246
15 KB
1 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 4897
516 B
1 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 5210
25 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2287
20 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2289
16 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 794
646 B
1 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2436
956 B
1 t.co
t.co — Cisco Umbrella Rank: 476
554 B
268 27
Domain Requested by
34 tpc.googlesyndication.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
tpc.googlesyndication.com
34 www.massblog.xyz t.co
www.massblog.xyz
c0.wp.com
24 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
22 pix.eu.criteo.net ads.eu.criteo.com
17 pagead2.googlesyndication.com www.massblog.xyz
pagead2.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
tpc.googlesyndication.com
16 static.criteo.net ads.eu.criteo.com
13 www.gstatic.com googleads.g.doubleclick.net
9 fonts.googleapis.com ajax.googleapis.com
cdn.sender.net
googleads.g.doubleclick.net
cdnjs.cloudflare.com
8 www.googletagservices.com googleads.g.doubleclick.net
7 c0.wp.com www.massblog.xyz
6 encrypted-tbn0.gstatic.com googleads.g.doubleclick.net
6 sibautomation.com www.massblog.xyz
sibautomation.com
static.cloudflareinsights.com
5 encrypted-tbn2.gstatic.com googleads.g.doubleclick.net
5 fonts.gstatic.com fonts.googleapis.com
5 cdn.sender.net www.massblog.xyz
cdn.sender.net
4 www.google.com 3 redirects tpc.googlesyndication.com
4 encrypted-tbn3.gstatic.com googleads.g.doubleclick.net
4 csm.eu.criteo.net ads.eu.criteo.com
4 chat-backend.sendinblue.com chat.sendinblue.com
4 chat.sendinblue.com sibautomation.com
chat.sendinblue.com
3 in-automate.sendinblue.com sibautomation.com
3 i0.wp.com www.massblog.xyz
2 csi.gstatic.com www.gstatic.com
2 encrypted-tbn1.gstatic.com googleads.g.doubleclick.net
2 cdnjs.cloudflare.com ads.eu.criteo.com
2 cat.nl.eu.criteo.com ads.eu.criteo.com
2 ads.eu.criteo.com googleads.g.doubleclick.net
2 rtb.nl.eu.criteo.com googleads.g.doubleclick.net
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.co.uk pagead2.googlesyndication.com
2 static.cloudflareinsights.com sibautomation.com
2 www.effectivedisplayformats.com www.massblog.xyz
1 track.hubspot.com
1 rr1---sn-aigzrn7e.googlevideo.com googleads.g.doubleclick.net
1 i1.ytimg.com googleads.g.doubleclick.net
1 forms.hsforms.com www.massblog.xyz
1 forms.hubspot.com js.hscollectedforms.net
1 pixel.wp.com www.massblog.xyz
1 js.hscollectedforms.net js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 js.hs-banner.com js.hs-scripts.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 stats.wp.com www.massblog.xyz
1 js.hs-scripts.com www.massblog.xyz
1 ajax.googleapis.com www.massblog.xyz
1 t.co
268 46
Subject Issuer Validity Valid
t.co
DigiCert TLS RSA SHA256 2020 CA1
2021-12-13 -
2022-12-12
a year crt.sh
massblog.xyz
R3
2022-02-20 -
2022-05-21
3 months crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA
2020-04-02 -
2022-07-05
2 years crt.sh
upload.video.google.com
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-07-04 -
2022-07-03
a year crt.sh
effectivedisplayformats.com
R3
2022-03-21 -
2022-06-19
3 months crt.sh
sendinblue.com
Cloudflare Inc ECC CA-3
2021-09-29 -
2022-09-28
a year crt.sh
*.googleadservices.com
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh
*.google.co.uk
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh
*.google.com
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh
*.nl.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-15 -
2022-06-13
3 months crt.sh
*.eu.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-19 -
2022-06-18
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3
2022-03-08 -
2023-03-07
a year crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-04-11 -
2022-07-13
3 months crt.sh
*.eu.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-04-10 -
2022-07-04
3 months crt.sh
*.c.docs.google.com
GTS CA 1C3
2022-04-05 -
2022-06-14
2 months crt.sh

This page contains 29 frames:

Primary Page: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Frame ID: 9D26F6051C7BF46891B985A934557390
Requests: 84 HTTP requests in this frame

Frame: https://sibautomation.com/cm.html?key=4f3drcnyprnt015984rjflw0
Frame ID: F3CC349614483CDD3F41FD3D16A0F0A7
Requests: 4 HTTP requests in this frame

Frame: https://sibautomation.com/cm.html?key=4f3drcnyprnt015984rjflw0
Frame ID: 44CA2F901EA8B04E1C028479C90F169D
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20190131/zrt_lookup.html
Frame ID: 9426AB236D33BD3E00D11BD3A8EA56C1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&adk=2969136045&adf=3689892565&lmt=1650085960&plat=9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960501&bpp=2&bdt=739&idt=219&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4700897849079&frm=20&pv=2&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=232
Frame ID: 9506C3B8CE37061240AE759363F7B5F8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=1318467558&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960503&bpp=2&bdt=741&idt=236&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=174&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=oGxbEQjqNn&p=https%3A//www.massblog.xyz&dtd=242
Frame ID: F6EA888D4B355C757DB6964EF4BF5984
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Frame ID: 693BE6F6B5F7DEDC3E7F7AA1F22F71E6
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Frame ID: D5C1A73E16DA987643CBA2F72A6E26CC
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Frame ID: 0DC614E94525DAE3E398F28B5F8A9B85
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=600&slotname=8662774254&adk=2108418797&adf=2733401458&pi=t.ma~as.8662774254&w=300&lmt=1650085960&psa=0&format=300x600&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960651&bpp=1&bdt=889&idt=116&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=515&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=f7nWwbj92e&p=https%3A//www.massblog.xyz&dtd=118
Frame ID: 5FB1113D2C7D1348A5C15BD12969313C
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=3789721525&adk=2085446625&adf=4221696457&pi=t.ma~as.3789721525&w=336&lmt=1650085960&psa=0&format=336x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960774&bpp=3&bdt=1011&idt=3&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1046&ady=2631&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=UaAEOnLNwb&p=https%3A//www.massblog.xyz&dtd=5
Frame ID: 8176AC1A26D2ECE01E6084F1C1816910
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Frame ID: 37FFCA6C7C414353423448A5D5337169
Requests: 10 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css2?&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Frame ID: EB51452FCF2519DADA230C3BB94FFAFC
Requests: 3 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Frame ID: 202F99B4F619540CE89C6DA1ED8CC947
Requests: 21 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Frame ID: EF9074E7393F761A33BEA0A1C1E4EF9F
Requests: 31 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 0D446297A693A7600DBE76F08A8F3373
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E47AF69BF28EF6E01209E4B318211645
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Frame ID: 731748EBE0162336481C70BDFAF270FD
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Frame ID: 5A83CBA56B10EF4518DC2C30DCC2305F
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Frame ID: D2C31FD44DB697DFE47C2760E2E5BF69
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Frame ID: 6E0C45FC38595D544F5A67CCDC364703
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: C798C82DCF87581142CB4974E7EB78F9
Requests: 2 HTTP requests in this frame

Frame: https://www.gstatic.com/mysidia/583c04eba622323b1bc7d6fda2f57e1e.js?tag=client_fast_engine_2019
Frame ID: CD955B53455A795F0650E10E37C1F0CC
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Frame ID: 0FC6727EDAF15DC2F2850C8F5FF50C2D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Frame ID: 29974F846E66738A7295C43364166B02
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Frame ID: E009231BDB3ED3DEEFE82437F6AFE344
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Frame ID: 3FC51315ABC3E7E09C3BDE9176756634
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CB7B58372853FAFB9A51FA8F5EB86353
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3DEA05BB917217AE8611ADD564245569
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web – Mass Blog

Page URL History Show full URLs

  1. https://t.co/9A0hb9Hbz8 Page URL
  2. https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
  • googleapis\.com/.+webfont

Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics

Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

268
Requests

100 %
HTTPS

74 %
IPv6

27
Domains

46
Subdomains

43
IPs

4
Countries

6642 kB
Transfer

11673 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/9A0hb9Hbz8 Page URL
  2. https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 218
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 223
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 255
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

268 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
9A0hb9Hbz8
t.co/
411 B
554 B
Document
General
Full URL
https://t.co/9A0hb9Hbz8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

cache-control
private,max-age=300
content-encoding
gzip
content-length
223
content-type
text/html; charset=utf-8
date
Sat, 16 Apr 2022 05:12:38 GMT
expires
Sat, 16 Apr 2022 05:17:39 GMT
server
tsa_f
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
e9e539996527caa2eb203921b2b5a179d698780e01c6ffc439ecba015d77b3e3
x-response-time
112
x-xss-protection
0
Primary Request /
www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
115 KB
20 KB
Document
General
Full URL
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Requested by
Host: t.co
URL: https://t.co/9A0hb9Hbz8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
930552fc38751e8eed028880df6682b197df07cb1716a6b65e7dcb6a895f3dca

Request headers

Referer
https://t.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 05:12:39 GMT
etag
"2521121-1650085955;br"
link
<https://www.massblog.xyz/wp-json/>; rel="https://api.w.org/" <https://www.massblog.xyz/wp-json/wp/v2/posts/245874>; rel="alternate"; type="application/json" <https://www.massblog.xyz/?p=245874>; rel=shortlink
server
LiteSpeed
vary
Accept-Encoding,User-Agent
x-litespeed-cache
hit
x-pingback
https://www.massblog.xyz/xmlrpc.php
MASS-BLOG.xyz_.png
www.massblog.xyz/wp-content/uploads/2021/11/
63 KB
63 KB
Image
General
Full URL
https://www.massblog.xyz/wp-content/uploads/2021/11/MASS-BLOG.xyz_.png
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
20ad570647067e9b483a46204d2ddb1854ee1bd3a380e96ffc1437b7380acf74

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
last-modified
Fri, 12 Nov 2021 18:05:52 GMT
server
LiteSpeed
etag
"fc5d-618ead00-79c58906adc226a2;;;"
vary
User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
64605
expires
Sat, 23 Apr 2022 05:12:39 GMT
MASS-BLOG.xyz_-1.png
www.massblog.xyz/wp-content/uploads/2021/11/
63 KB
63 KB
Image
General
Full URL
https://www.massblog.xyz/wp-content/uploads/2021/11/MASS-BLOG.xyz_-1.png
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
20ad570647067e9b483a46204d2ddb1854ee1bd3a380e96ffc1437b7380acf74

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
last-modified
Fri, 12 Nov 2021 18:06:19 GMT
server
LiteSpeed
etag
"fc5d-618ead1b-c19c80dd3cd29d37;;;"
vary
User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
64605
expires
Sat, 23 Apr 2022 05:12:39 GMT
foggyweb-e1632839155760.jpg
i0.wp.com/www.massblog.xyz/wp-content/uploads/2022/04/
57 KB
57 KB
Image
General
Full URL
https://i0.wp.com/www.massblog.xyz/wp-content/uploads/2022/04/foggyweb-e1632839155760.jpg?resize=780%2C468&ssl=1
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
c345acba0a210f6f8a646a51cb24fcb63ef3998a6913f6463d97a3b0c7634480
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT lhr 1
date
Sat, 16 Apr 2022 05:12:40 GMT
x-content-type-options
nosniff
last-modified
Sat, 16 Apr 2022 05:11:08 GMT
server
nginx
etag
"ca7d0a5be72cdefd"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://www.massblog.xyz/wp-content/uploads/2022/04/foggyweb-e1632839155760.jpg>; rel="canonical"
content-length
58222
expires
Mon, 15 Apr 2024 17:11:08 GMT
tielabs-fonticon.woff
www.massblog.xyz/wp-content/themes/jannah/assets/fonts/tielabs-fonticon/
40 KB
40 KB
Font
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/fonts/tielabs-fonticon/tielabs-fonticon.woff
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
82649ad7d4ec9c61f1e525b2dade75153ffb03610b88d22e1ba3ba98fd55de81

Request headers

Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Origin
https://www.massblog.xyz
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"9e58-6159393a-eb7c315910c1734e;;;"
vary
User-Agent
content-type
application/x-font-woff
accept-ranges
bytes
content-length
40536
fa-solid-900.woff2
www.massblog.xyz/wp-content/themes/jannah/assets/fonts/fontawesome/
78 KB
78 KB
Font
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/fonts/fontawesome/fa-solid-900.woff2
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

Request headers

Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Origin
https://www.massblog.xyz
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"13654-6159393a-bfe2f346869bf1de;;;"
vary
User-Agent
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
79444
expires
Sat, 23 Apr 2022 05:12:40 GMT
fa-brands-400.woff2
www.massblog.xyz/wp-content/themes/jannah/assets/fonts/fontawesome/
75 KB
75 KB
Font
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/fonts/fontawesome/fa-brands-400.woff2
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
5d9190292acdd48ba0fc35080f7e7448f3cdf0d79199a4d23f0f49b5341fdf29

Request headers

Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Origin
https://www.massblog.xyz
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"12b44-6159393a-6e8cf0e12bc064c;;;"
vary
User-Agent
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
76612
expires
Sat, 23 Apr 2022 05:12:40 GMT
fa-regular-400.woff2
www.massblog.xyz/wp-content/themes/jannah/assets/fonts/fontawesome/
13 KB
13 KB
Font
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/fonts/fontawesome/fa-regular-400.woff2
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
6a8c8e9e1e7f692c21af1956de163f3d026778e6449fe93a09a671847ca1ae65

Request headers

Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Origin
https://www.massblog.xyz
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"3510-6159393a-f50d72048f61066a;;;"
vary
User-Agent
content-type
font/woff2
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
13584
expires
Sat, 23 Apr 2022 05:12:40 GMT
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1/
13 KB
6 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 19:55:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
33426
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5437
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 15 Apr 2023 19:55:33 GMT
wp-emoji-release.min.js
www.massblog.xyz/wp-includes/js/
18 KB
5 KB
Script
General
Full URL
https://www.massblog.xyz/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Wed, 09 Jun 2021 07:45:12 GMT
server
LiteSpeed
etag
"4705-60c07188-be6d0e4b0aa51d0;br"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
4539
expires
Sat, 23 Apr 2022 05:12:40 GMT
mediaelementplayer-legacy.min.css
c0.wp.com/c/5.9.3/wp-includes/js/mediaelement/
11 KB
3 KB
Stylesheet
General
Full URL
https://c0.wp.com/c/5.9.3/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT lhr 1
date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Tue, 29 Sep 2020 15:53:06 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Sun, 16 Apr 2023 05:12:39 GMT
wp-mediaelement.min.css
c0.wp.com/c/5.9.3/wp-includes/js/mediaelement/
4 KB
1 KB
Stylesheet
General
Full URL
https://c0.wp.com/c/5.9.3/wp-includes/js/mediaelement/wp-mediaelement.min.css
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT lhr 1
date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Fri, 07 Jun 2019 20:45:02 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Sun, 16 Apr 2023 05:12:39 GMT
style.css
www.massblog.xyz/wp-content/plugins/taqyeem-buttons/assets/
4 KB
1 KB
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/plugins/taqyeem-buttons/assets/style.css?ver=5.9.3
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
ea2ababc30e456846310dfe02ae49db7fe6866c0cb5ad6b432c53bacda37b3c1

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Fri, 12 Nov 2021 17:20:08 GMT
server
LiteSpeed
etag
"102e-618ea248-b0ac0a767c213612;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
971
expires
Sat, 23 Apr 2022 05:12:39 GMT
wp-automatic.css
www.massblog.xyz/wp-content/plugins/wp-automatic/css/
3 KB
621 B
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
9d105532b10ffe64f4dd076d7dbb8784e3abfe6d1ec8fc26cfe13ec5684a408d

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Fri, 12 Nov 2021 18:11:32 GMT
server
LiteSpeed
etag
"a99-618eae54-61bc94740cfc1c34;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
537
expires
Sat, 23 Apr 2022 05:12:39 GMT
base.min.css
www.massblog.xyz/wp-content/themes/jannah/assets/css/
41 KB
8 KB
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/css/base.min.css?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
aae68d7418f7820c7267d6dc0ec4f3f0935d15e965d5dfd0730ee15265cb932e

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"a3b0-6159393a-8388a167f03610da;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
8111
expires
Sat, 23 Apr 2022 05:12:39 GMT
style.min.css
www.massblog.xyz/wp-content/themes/jannah/assets/css/
171 KB
28 KB
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/css/style.min.css?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
b4e54900492e7fa37b1da9dfb701b52ce20eb8709219e48f9db66b9fd547c429

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"2aca3-6159393a-9de3421384da4c9e;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
28359
expires
Sat, 23 Apr 2022 05:12:39 GMT
widgets.min.css
www.massblog.xyz/wp-content/themes/jannah/assets/css/
53 KB
9 KB
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/css/widgets.min.css?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
300c2a57d0ed169063b3daaff0550227cf8be6e702a58ab79f40a351df655243

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"d37e-6159393a-ff24c2324ec3f378;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
8950
expires
Sat, 23 Apr 2022 05:12:39 GMT
helpers.min.css
www.massblog.xyz/wp-content/themes/jannah/assets/css/
15 KB
3 KB
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/css/helpers.min.css?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
efd5ad608d8f3603b3eb9ca9f2c65ed45d7ca18acd0296fe5fc24b150eb4c4e9

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"3b78-6159393a-6ca275745fbd1960;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
3381
expires
Sat, 23 Apr 2022 05:12:39 GMT
fontawesome.css
www.massblog.xyz/wp-content/themes/jannah/assets/css/
57 KB
12 KB
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/css/fontawesome.css?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
0f79c64f686102f8cc72db584b52c51dbd0720d7ade9a3284a3520bd91dc5328

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"e526-6159393a-ffe253d9d3614469;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
12050
expires
Sat, 23 Apr 2022 05:12:39 GMT
skin.css
www.massblog.xyz/wp-content/themes/jannah/assets/ilightbox/dark-skin/
12 KB
2 KB
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/ilightbox/dark-skin/skin.css?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
4879dcab21b2218432075c33aff13cea89de4f392f749eaef3df339f3f694c72

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"2ef2-6159393a-126c79a396bf5b13;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
2048
expires
Sat, 23 Apr 2022 05:12:39 GMT
shortcodes.min.css
www.massblog.xyz/wp-content/themes/jannah/assets/css/plugins/
11 KB
3 KB
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/css/plugins/shortcodes.min.css?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
bf3b52f874aebd7cfc4c49cc840977ec1fa179df6026c7cbb23794a3ccbde172

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"2d99-6159393a-c69aeae9135b0902;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
2588
expires
Sat, 23 Apr 2022 05:12:39 GMT
single.min.css
www.massblog.xyz/wp-content/themes/jannah/assets/css/
40 KB
7 KB
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/css/single.min.css?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
f5010764339d94d1fa6a5cc219dd0ab07cfca326a11e866768b80d6081773950

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"9e25-6159393a-4a95e53d99e81a41;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
7490
expires
Sat, 23 Apr 2022 05:12:39 GMT
print.css
www.massblog.xyz/wp-content/themes/jannah/assets/css/
2 KB
681 B
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/css/print.css?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
03dd15a551c408fc3ee4496227c5b0798ead05885e535e47f3fa13b6d0fad687

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"87f-6159393a-a62ccfba3a31e253;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
631
expires
Sat, 23 Apr 2022 05:12:40 GMT
taqyeem.min.css
www.massblog.xyz/wp-content/themes/jannah/assets/css/plugins/
7 KB
2 KB
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/css/plugins/taqyeem.min.css?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
8133f6e5c98f920ffbe15f23fc2bf00db1f8cdd8594f79a7a8571dc9695b9ed9

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"1d82-6159393a-92f38ff5befb594c;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
1629
expires
Sat, 23 Apr 2022 05:12:39 GMT
style.css
www.massblog.xyz/wp-content/themes/jannah-child/
602 B
381 B
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah-child/style.css?ver=5.9.3
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
d020600f12c7f01e28904df701750c46c4f005f10ed07f0852a4bc33d7854165

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Thu, 28 Nov 2019 18:40:19 GMT
server
LiteSpeed
etag
"25a-5de01493-1b27f8b3257c77f4;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
297
expires
Sat, 23 Apr 2022 05:12:39 GMT
mailin-front.css
www.massblog.xyz/wp-content/plugins/mailin/css/
3 KB
725 B
Stylesheet
General
Full URL
https://www.massblog.xyz/wp-content/plugins/mailin/css/mailin-front.css?ver=5.9.3
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
3c288f0c3cb0999bbd6a9f6486f6b13064ead24052234ac35f8b053b9db9ae96

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Tue, 01 Mar 2022 10:44:37 GMT
server
LiteSpeed
etag
"a79-621df915-e5ac3a270a85c40;br"
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
642
expires
Sat, 23 Apr 2022 05:12:39 GMT
jetpack.css
c0.wp.com/p/jetpack/10.7/css/
86 KB
16 KB
Stylesheet
General
Full URL
https://c0.wp.com/p/jetpack/10.7/css/jetpack.css
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
1021efafbf9b43acf446f436556222d910e0d86d09d796b6fb16101efedffa22
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT lhr 1
date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Tue, 04 Jan 2022 22:15:08 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Sun, 16 Apr 2023 05:12:39 GMT
front.js
www.massblog.xyz/wp-content/plugins/visitors-traffic-real-time-statistics-pro/js/
2 KB
651 B
Script
General
Full URL
https://www.massblog.xyz/wp-content/plugins/visitors-traffic-real-time-statistics-pro/js/front.js?ver=5.9.3
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
5362a303c93171df9fa4f60b8fc041dfdf018e08dd2362b8e8347fb7a549640e

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Tue, 01 Mar 2022 10:46:13 GMT
server
LiteSpeed
etag
"74f-621df975-9ddb928121b4a7ea;br"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
550
expires
Sat, 23 Apr 2022 05:12:40 GMT
jquery.min.js
c0.wp.com/c/5.9.3/wp-includes/js/jquery/
87 KB
30 KB
Script
General
Full URL
https://c0.wp.com/c/5.9.3/wp-includes/js/jquery/jquery.min.js
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT lhr 1
date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Wed, 10 Mar 2021 15:07:24 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Sun, 16 Apr 2023 05:12:39 GMT
jquery-migrate.min.js
c0.wp.com/c/5.9.3/wp-includes/js/jquery/
11 KB
4 KB
Script
General
Full URL
https://c0.wp.com/c/5.9.3/wp-includes/js/jquery/jquery-migrate.min.js
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT lhr 1
date
Sat, 16 Apr 2022 05:12:39 GMT
content-encoding
br
last-modified
Wed, 18 Nov 2020 09:06:06 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Sun, 16 Apr 2023 05:12:39 GMT
main-front.js
www.massblog.xyz/wp-content/plugins/wp-automatic/js/
1017 B
408 B
Script
General
Full URL
https://www.massblog.xyz/wp-content/plugins/wp-automatic/js/main-front.js?ver=5.9.3
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
d503937452e40c21fce10346b29287ad23b221a372547f248da87ca5efb55767

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Fri, 12 Nov 2021 18:11:32 GMT
server
LiteSpeed
etag
"3f9-618eae54-1a52fece38f9c8a3;br"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
316
expires
Sat, 23 Apr 2022 05:12:40 GMT
mailin-front.js
www.massblog.xyz/wp-content/plugins/mailin/js/
12 KB
3 KB
Script
General
Full URL
https://www.massblog.xyz/wp-content/plugins/mailin/js/mailin-front.js?ver=1646131477
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
d8469ad6e03ba1a6c2c9fee151001c818233baff45efada0b93f6d864c21dbb3

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Tue, 01 Mar 2022 10:44:37 GMT
server
LiteSpeed
etag
"2fe7-621df915-fc8203833d19fbd7;br"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
2672
expires
Sat, 23 Apr 2022 05:12:40 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
155 KB
54 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8854358402279613
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
487c90b14ef1b44e6b572cfd3082a2df28190d5d4894fcfc115fccb61d63d10e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.massblog.xyz/
Origin
https://www.massblog.xyz
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54355
x-xss-protection
0
server
cafe
etag
7016584738606908500
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 16 Apr 2022 05:12:40 GMT
photon.min.js
c0.wp.com/p/jetpack/10.7/_inc/build/photon/
685 B
417 B
Script
General
Full URL
https://c0.wp.com/p/jetpack/10.7/_inc/build/photon/photon.min.js
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
5cfd3418ebf7c95f8f7a9024ebfa383ff5a267a8568c9a2708c26733824bdf07
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT lhr 1
date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Tue, 07 Dec 2021 16:56:47 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Sun, 16 Apr 2023 05:12:40 GMT
21712388.js
js.hs-scripts.com/
1 KB
956 B
Script
General
Full URL
https://js.hs-scripts.com/21712388.js?integration=WordPress
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e24c6bdac65562331c678bafc06b723057157421f934d9c90f84a11a3cefbf0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
x-hubspot-correlation-id
967c5fb6-83d8-4187-9424-5c205a2472c4
last-modified
Sat, 16 Apr 2022 05:11:08 GMT
server
cloudflare
x-trace
2BAD1E9E18867D7761B02F7A23D6B0E812B80730AD000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.massblog.xyz
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
6fca6d6469af23c7-ZRH
expires
Sat, 16 Apr 2022 05:13:40 GMT
intersection-observer.js
www.massblog.xyz/wp-content/plugins/jetpack-boost/vendor/automattic/jetpack-lazy-images/dist/
9 KB
3 KB
Script
General
Full URL
https://www.massblog.xyz/wp-content/plugins/jetpack-boost/vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&ver=ba2aa80003251440130b63de19cb609d
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
9900b23f9f49af5f34387eb63a8673a563ab131c1e171cfaf14cf8b67a466b9d

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Fri, 04 Mar 2022 09:53:21 GMT
server
LiteSpeed
etag
"2317-6221e191-99f07bef534c7458;br"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
2894
expires
Sat, 23 Apr 2022 05:12:40 GMT
lazy-images.js
www.massblog.xyz/wp-content/plugins/jetpack-boost/vendor/automattic/jetpack-lazy-images/dist/
2 KB
947 B
Script
General
Full URL
https://www.massblog.xyz/wp-content/plugins/jetpack-boost/vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&ver=ae8c0bea6a07ab76470a02053fc74216
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
2a4e9b3f33edb851ba930430bdbf317a3b95e0974763617d68ec0b555a3bb8fe

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Fri, 04 Mar 2022 09:53:21 GMT
server
LiteSpeed
etag
"925-6221e191-99797573104137ce;br"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
897
expires
Sat, 23 Apr 2022 05:12:40 GMT
scripts.min.js
www.massblog.xyz/wp-content/themes/jannah/assets/js/
22 KB
7 KB
Script
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/js/scripts.min.js?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
d90a92a7cfa091e8b08b8a24572b8c67d1aa35d4e2a9b09887cfb412acc3adfc

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"57c9-6159393a-4c27459305574b2c;br"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
6618
expires
Sat, 23 Apr 2022 05:12:40 GMT
lightbox.js
www.massblog.xyz/wp-content/themes/jannah/assets/ilightbox/
80 KB
24 KB
Script
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/ilightbox/lightbox.js?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
31a8dbe7c39cf4ffa9fe214267bc1aa73dca7304f689437bd4bb257066fa4b04

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"13e0f-6159393a-2da1a53fc9fc22aa;br"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
24319
expires
Sat, 23 Apr 2022 05:12:40 GMT
sliders.min.js
www.massblog.xyz/wp-content/themes/jannah/assets/js/
48 KB
11 KB
Script
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/js/sliders.min.js?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
4aedd618e5afdcceeaeb82c1d6926175a4bb43dd363e9c64eacfca2ae80c9b60

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"c0a7-6159393a-c08e14267057f194;br"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
11214
expires
Sat, 23 Apr 2022 05:12:40 GMT
shortcodes.js
www.massblog.xyz/wp-content/themes/jannah/assets/js/
11 KB
4 KB
Script
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/js/shortcodes.js?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
b5c9fd37dca1ec56a382c45a38fd9aa8425a4b522200f6526b982902f3c3f06c

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"2bad-6159393a-fc5e7be62184e47;br"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
3734
expires
Sat, 23 Apr 2022 05:12:40 GMT
single.min.js
www.massblog.xyz/wp-content/themes/jannah/assets/js/
5 KB
2 KB
Script
General
Full URL
https://www.massblog.xyz/wp-content/themes/jannah/assets/js/single.min.js?ver=5.4.9
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
e84a340caf47fb7f52d6d4eef3db512e84c911268acf1c5eb66b44887f343457

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Sun, 03 Oct 2021 05:01:46 GMT
server
LiteSpeed
etag
"15ad-6159393a-401ffae821913fff;br"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
1809
expires
Sat, 23 Apr 2022 05:12:40 GMT
comment-reply.min.js
c0.wp.com/c/5.9.3/wp-includes/js/
3 KB
1 KB
Script
General
Full URL
https://c0.wp.com/c/5.9.3/wp-includes/js/comment-reply.min.js
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT lhr 1
date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
last-modified
Mon, 01 Nov 2021 21:47:13 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
strict-transport-security
max-age=15552000
timing-allow-origin
*
expires
Sun, 16 Apr 2023 05:12:40 GMT
e-202215.js
stats.wp.com/
9 KB
3 KB
Script
General
Full URL
https://stats.wp.com/e-202215.js
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT lhr
date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
server
nginx
etag
W/"6197c5cf-3508"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Sun, 02 Apr 2023 08:56:47 GMT
admin-ajax.php
www.massblog.xyz/wp-admin/
0
389 B
XHR
General
Full URL
https://www.massblog.xyz/wp-admin/admin-ajax.php
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/wp-content/plugins/visitors-traffic-real-time-statistics-pro/js/front.js?ver=5.9.3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-litespeed-cache-control
no-cache
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
20
referrer-policy
strict-origin-when-cross-origin
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://www.massblog.xyz
vary
Accept-Encoding,User-Agent
cache-control
no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
x-robots-tag
noindex
expires
Wed, 11 Jan 1984 05:00:00 GMT
universal.js
cdn.sender.net/accounts_resources/
259 KB
65 KB
Script
General
Full URL
https://cdn.sender.net/accounts_resources/universal.js
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.68.172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
712847935d8c995737a28164bc6ba341f514753824c84fdd9b83fd723b36e322
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6233
strict-transport-security
max-age=63072000; includeSubdomains
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 31 Mar 2022 15:46:38 GMT
server
cloudflare
etag
W/"6245ccde-40d47"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GoD%2F0M3Cx0dIQuJlfyosZ41o8FLiTTIMfoo7TTYjz8epNVOiuzs%2Fkpaa5QqBtEscyuDRjfgjShrcWuzU57u4EDZSFDou8FD%2FhqpvzU%2BWVHM11JJIGHI%2BhRrUwVh4jDnM"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cf-ray
6fca6d641d1554c4-MAN
sa.js
sibautomation.com/
8 KB
3 KB
Script
General
Full URL
https://sibautomation.com/sa.js?key=4f3drcnyprnt015984rjflw0
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2291 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Sails <sailsjs.com>
Resource Hash
5e97094a8849dee9b17f4f531a0dba09fd513bd4a79284a7a66a784747c1ca84
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
92
x-powered-by
Sails <sailsjs.com>
x-xss-protection
1
x-sib-server
SENDINBLUE-web1-2
cf-bgj
minify
server
cloudflare
etag
W/"2b1a-jZxXrWrJmGjhDPrVJd8DBPWQrQM"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-polished
origSize=11034
cf-ray
6fca6d647a5501f0-ZRH
expires
Sat, 16 Apr 2022 09:12:40 GMT
invoke.js
www.effectivedisplayformats.com/5c468cdbebc131c9dae4d225295a4b13/
0
0
Script
General
Full URL
https://www.effectivedisplayformats.com/5c468cdbebc131c9dae4d225295a4b13/invoke.js
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Referer
https://www.massblog.xyz/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Sat, 16 Apr 2022 05:12:40 GMT
Server
nginx/1.17.6
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA,x-Device-User-Agent
Content-Type
application/javascript
Content-Length
0
a2b19160884833.json
cdn.sender.net/accounts_resources/base/
11 KB
2 KB
Fetch
General
Full URL
https://cdn.sender.net/accounts_resources/base/a2b19160884833.json
Requested by
Host: cdn.sender.net
URL: https://cdn.sender.net/accounts_resources/universal.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.68.172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1edf3d204039d80d58683c2b681e348d298db9faa1f17bc61a776b360f0736a3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
last-modified
Wed, 02 Mar 2022 09:36:34 GMT
server
cloudflare
etag
W/"621f3aa2-2b98"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMdWRIY1xhod1bQeckPjX4Urj8OAYzbYEwnAyiQq6H9br0S9TxDskgEosBcdaR8JiZ%2B%2BcOTaFsPqTU5QRwEZUaXBUTw0i0opPwi%2BHrFb%2F01U550tO5qeNiAp%2FCIzCWlr"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6fca6d64bcc135d1-MAN
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cm.html
sibautomation.com/ Frame F3CC
3 KB
2 KB
Document
General
Full URL
https://sibautomation.com/cm.html?key=4f3drcnyprnt015984rjflw0
Requested by
Host: sibautomation.com
URL: https://sibautomation.com/sa.js?key=4f3drcnyprnt015984rjflw0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2291 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Sails <sailsjs.com>
Resource Hash
0b0177d59de3aae322bccf040c86ef1e167990cd19003382b49fb8db8b1c00de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

access-control-allow-origin
*
age
92
cache-control
public, max-age=7200
cf-apo-via
origin,host
cf-cache-status
HIT
cf-ray
6fca6d64dab301f0-ZRH
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sat, 16 Apr 2022 05:12:40 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Sat, 16 Apr 2022 07:12:40 GMT
last-modified
Sat, 16 Apr 2022 05:11:08 GMT
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
x-powered-by
Sails <sailsjs.com>
x-sib-server
SENDINBLUE-web2-2
x-xss-protection
1
cm.html
sibautomation.com/ Frame 44CA
3 KB
2 KB
Document
General
Full URL
https://sibautomation.com/cm.html?key=4f3drcnyprnt015984rjflw0
Requested by
Host: sibautomation.com
URL: https://sibautomation.com/sa.js?key=4f3drcnyprnt015984rjflw0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2291 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Sails <sailsjs.com>
Resource Hash
0b0177d59de3aae322bccf040c86ef1e167990cd19003382b49fb8db8b1c00de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

access-control-allow-origin
*
age
92
cache-control
public, max-age=7200
cf-apo-via
origin,host
cf-cache-status
HIT
cf-ray
6fca6d64dab401f0-ZRH
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sat, 16 Apr 2022 05:12:40 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Sat, 16 Apr 2022 07:12:40 GMT
last-modified
Sat, 16 Apr 2022 05:11:08 GMT
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
x-powered-by
Sails <sailsjs.com>
x-sib-server
SENDINBLUE-web2-2
x-xss-protection
1
v652eace1692a40cfa3763df669d7439c1639079717194
static.cloudflareinsights.com/beacon.min.js/ Frame F3CC
14 KB
5 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by
Host: sibautomation.com
URL: https://sibautomation.com/cm.html?key=4f3drcnyprnt015984rjflw0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:440e::6812:2fe6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer
https://sibautomation.com/
Origin
https://sibautomation.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
gzip
last-modified
Thu, 09 Dec 2021 19:55:17 GMT
server
cloudflare
etag
W/2021.12.0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
6fca6d65fa3ccc46-ZRH
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/
303 KB
108 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8854358402279613
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
19c18f65cd4182ebfccb02a04088a5f6d4e0f3bf5ae0928ac44df3df791a4fbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
110840
x-xss-protection
0
server
cafe
etag
18146372733193212812
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sat, 16 Apr 2022 05:12:40 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220413/r20190131/ Frame 9426
10 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220413/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8854358402279613
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
27641
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4398
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 15 Apr 2022 21:31:59 GMT
etag
14837630671339829333
expires
Fri, 29 Apr 2022 21:31:59 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cm
in-automate.sendinblue.com/ Frame F3CC
0
203 B
XHR
General
Full URL
https://in-automate.sendinblue.com/cm?uuid=920667b7-3789-48db-ba2c-f1b67ed5a03a&key=4f3drcnyprnt015984rjflw0&cuid=46ea259c-4bbd-4aa0-bbc0-a64ce47023f9
Requested by
Host: sibautomation.com
URL: https://sibautomation.com/cm.html?key=4f3drcnyprnt015984rjflw0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:90c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://sibautomation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-origin
*
cache-control
no-cache
cf-apo-via
origin,host
cf-ray
6fca6d66184c0208-ZRH
v652eace1692a40cfa3763df669d7439c1639079717194
static.cloudflareinsights.com/beacon.min.js/ Frame 44CA
14 KB
5 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by
Host: sibautomation.com
URL: https://sibautomation.com/cm.html?key=4f3drcnyprnt015984rjflw0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:440e::6812:2fe6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer
https://sibautomation.com/
Origin
https://sibautomation.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
gzip
last-modified
Thu, 09 Dec 2021 19:55:17 GMT
server
cloudflare
etag
W/2021.12.0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
6fca6d660a3dcc46-ZRH
cm
in-automate.sendinblue.com/ Frame 44CA
0
36 B
XHR
General
Full URL
https://in-automate.sendinblue.com/cm?uuid=920667b7-3789-48db-ba2c-f1b67ed5a03a&key=4f3drcnyprnt015984rjflw0&cuid=46ea259c-4bbd-4aa0-bbc0-a64ce47023f9
Requested by
Host: sibautomation.com
URL: https://sibautomation.com/cm.html?key=4f3drcnyprnt015984rjflw0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:90c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://sibautomation.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-origin
*
cache-control
no-cache
cf-apo-via
origin,host
cf-ray
6fca6d66184d0208-ZRH
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/gif
invoke.js
www.effectivedisplayformats.com/140dc6097210c6c57d01c69d53debec1/
0
0
Script
General
Full URL
https://www.effectivedisplayformats.com/140dc6097210c6c57d01c69d53debec1/invoke.js
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Referer
https://www.massblog.xyz/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Sat, 16 Apr 2022 05:12:40 GMT
Server
nginx/1.17.6
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA,x-Device-User-Agent
Content-Type
application/javascript
Content-Length
0
chat.js
sibautomation.com/
1 KB
729 B
Script
General
Full URL
https://sibautomation.com/chat.js?key=4f3drcnyprnt015984rjflw0
Requested by
Host: sibautomation.com
URL: https://sibautomation.com/sa.js?key=4f3drcnyprnt015984rjflw0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2291 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
1ddecc9eadd3fd74f51899bd888adf3d4072e4acf352a35da887607ae83e7fc3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
91
x-powered-by
Express
x-xss-protection
1
x-sib-server
SENDINBLUE-web1-2
cf-bgj
minify
server
cloudflare
etag
W/"6b5-INtgk+zfcjY2jyupmmteMVlfXeI"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-polished
origSize=1717
cf-ray
6fca6d668c0601f0-ZRH
expires
Sat, 16 Apr 2022 09:12:40 GMT
rum
sibautomation.com/cdn-cgi/ Frame F3CC
0
58 B
XHR
General
Full URL
https://sibautomation.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2291 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://sibautomation.com/cm.html?key=4f3drcnyprnt015984rjflw0
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
content-type
application/json

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
x-content-type-options
nosniff
server
cloudflare
cf-ray
6fca6d668c0c01f0-ZRH
x-frame-options
DENY
rum
sibautomation.com/cdn-cgi/ Frame 44CA
0
41 B
XHR
General
Full URL
https://sibautomation.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2291 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://sibautomation.com/cm.html?key=4f3drcnyprnt015984rjflw0
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
content-type
application/json

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
x-content-type-options
nosniff
server
cloudflare
cf-ray
6fca6d668c0d01f0-ZRH
x-frame-options
DENY
cookie.js
partner.googleadservices.com/gampad/
216 B
646 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www.massblog.xyz&callback=_gfp_s_&client=ca-pub-8854358402279613
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f2.1e100.net
Software
cafe /
Resource Hash
db0dd8cb0e0b563cd95c08d0461a1486353194e79eb5081fe96e6415f7ca3d02
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
202
x-xss-protection
0
integrator.js
adservice.google.co.uk/adsid/
107 B
792 B
Script
General
Full URL
https://adservice.google.co.uk/adsid/integrator.js?domain=www.massblog.xyz
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.massblog.xyz
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 9506
303 KB
71 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&adk=2969136045&adf=3689892565&lmt=1650085960&plat=9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960501&bpp=2&bdt=739&idt=219&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4700897849079&frm=20&pv=2&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=232
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00a52aa85badec7474aacd51c2c87e39d27a22c4eb24e770add11877664ac439
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
72337
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 05:12:41 GMT
expires
Sat, 16 Apr 2022 05:12:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame F6EA
23 KB
10 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=1318467558&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960503&bpp=2&bdt=741&idt=236&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=174&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=oGxbEQjqNn&p=https%3A//www.massblog.xyz&dtd=242
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a54b5ebcde4092fa1cadd83791ed2d3ad1095ae67ca4545eb9f465493584348c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
9837
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 05:12:40 GMT
expires
Sat, 16 Apr 2022 05:12:40 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 693B
142 KB
34 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
63e9323b6bd6a9a761a3408cc92e33b3e6269cd203f528c8fc7a62b12035651d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
35099
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 05:12:41 GMT
expires
Sat, 16 Apr 2022 05:12:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame D5C1
91 KB
32 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2bea692fa42f7d6acff0b43b69ee90d742168d54ec42b367c97cd42a2e0b8641
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
33106
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 05:12:41 GMT
expires
Sat, 16 Apr 2022 05:12:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sib-chat.js
chat.sendinblue.com/static/js/
615 B
576 B
Script
General
Full URL
https://chat.sendinblue.com/static/js/sib-chat.js
Requested by
Host: sibautomation.com
URL: https://sibautomation.com/chat.js?key=4f3drcnyprnt015984rjflw0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
404387e40a81704a338e00e4d77cad4d4630fa49fe36994312889392666ccf13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
5461
cf-polished
origSize=641
last-modified
Fri, 04 Mar 2022 07:27:58 GMT
x-xss-protection
1
x-sib-server
SENDINBLUE-srv-pr-rancher-worker-7
cf-bgj
minify
server
cloudflare
etag
W/"6221bf7e-281"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
6fca6d679af5cc46-ZRH
expires
Sat, 16 Apr 2022 09:12:40 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 0DC6
93 KB
30 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0670fd32e34c88456d5d713c33f9eea581b3ec56053fad5cb8f88fedee2daf29
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
31163
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 05:12:41 GMT
expires
Sat, 16 Apr 2022 05:12:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 5FB1
23 KB
10 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=600&slotname=8662774254&adk=2108418797&adf=2733401458&pi=t.ma~as.8662774254&w=300&lmt=1650085960&psa=0&format=300x600&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960651&bpp=1&bdt=889&idt=116&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=515&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=f7nWwbj92e&p=https%3A//www.massblog.xyz&dtd=118
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
47ed1510850611cea5c6d5b011f38c0ea0cb16ed6e515e345a6ca2fa68d15293
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
9808
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 05:12:40 GMT
expires
Sat, 16 Apr 2022 05:12:40 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 8176
436 B
236 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=3789721525&adk=2085446625&adf=4221696457&pi=t.ma~as.3789721525&w=336&lmt=1650085960&psa=0&format=336x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960774&bpp=3&bdt=1011&idt=3&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1046&ady=2631&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=UaAEOnLNwb&p=https%3A//www.massblog.xyz&dtd=5
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6adb50ebc0453f30ad050a1bb8c285662df8d1dbf13155f9150bcd70b49cff43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
213
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 05:12:40 GMT
expires
Sat, 16 Apr 2022 05:12:40 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 37FF
95 KB
31 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6ac49b932dc7757819232eb1bd532a11c7df0d87c63f35984b34582c4b6518ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
31521
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 05:12:41 GMT
expires
Sat, 16 Apr 2022 05:12:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
admin-ajax.php
www.massblog.xyz/wp-admin/
63 B
98 B
XHR
General
Full URL
https://www.massblog.xyz/wp-admin/admin-ajax.php?postviews_id=245874&action=tie_postviews&_=1650085960260
Requested by
Host: c0.wp.com
URL: https://c0.wp.com/c/5.9.3/wp-includes/js/jquery/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
208.73.202.146 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
da600.is.cc
Software
LiteSpeed /
Resource Hash
7ed3fb8726f5c6c484b65456bf15028e3803e0a731e99e9a87f6ca0252470322
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Referer
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
X-Requested-With
XMLHttpRequest
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
server
LiteSpeed
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
x-litespeed-cache-control
no-cache
cache-control
no-cache, must-revalidate, max-age=0
x-robots-tag
noindex
vary
Accept-Encoding,User-Agent
content-length
74
x-content-type-options
nosniff
expires
Wed, 11 Jan 1984 05:00:00 GMT
21712388.js
js.hs-banner.com/
60 KB
16 KB
Script
General
Full URL
https://js.hs-banner.com/21712388.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21712388.js?integration=WordPress
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d66fd57929db61111c48c8d091f74c0c1f2cb71ee994c15ac9943ab3501dc81d

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
cf-cache-status
HIT
age
91
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-request-id
XJN4BQAG694DTEWR
x-amz-id-2
HqXoxYjFIyK5MupsmpJTMfS+gInAZAdYX7KWZzGdpwEdQxbne4IPn2FvOCts8pPZzpQiS6NzgBA=
timing-allow-origin
*
last-modified
Fri, 01 Apr 2022 06:30:53 GMT
server
cloudflare
etag
W/"a0391e7ec836a7305a69e7e80b3c0731"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
pTTxdHNBlsF.r4J1xJrMSUufkxTLv8Cc
access-control-allow-origin
https://www.massblog.xyz
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
6fca6d67e9510225-ZRH
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Sat, 16 Apr 2022 05:16:09 GMT
21712388.js
js.hs-analytics.net/analytics/1650085800000/
62 KB
20 KB
Script
General
Full URL
https://js.hs-analytics.net/analytics/1650085800000/21712388.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21712388.js?integration=WordPress
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5de0952e1f1de424a4eb81820d998404d4e6d63425362ccdf0c5d4208886fac7

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
cf-cache-status
HIT
age
91
x-amz-server-side-encryption
AES256
x-amz-request-id
XJN3BK2MHJ7KB2KX
x-amz-id-2
rBBfHDe+CSTfM0PspgPGHmBKAQsj3yuNZC8kxjVXpstQeUZLsRTCkev5fcV5qj98vau9jReS3EY=
last-modified
Thu, 14 Apr 2022 17:42:55 GMT
server
cloudflare
etag
W/"cb43567d537e4c27cdd1e44951658727"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=300, public
access-control-allow-credentials
false
x-amz-version-id
null
cf-ray
6fca6d67e90b233d-ZRH
expires
Sat, 16 Apr 2022 05:16:09 GMT
collectedforms.js
js.hscollectedforms.net/
73 KB
25 KB
Script
General
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21712388.js?integration=WordPress
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:81ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a996803be97bd6eed2f13e2aaceed65ee5cc24e0669fcbd223788c5cf9159c2e

Request headers

Referer
https://www.massblog.xyz/
Origin
https://www.massblog.xyz
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
via
1.1 2c0478fce3b7f4f5348678901d1bf60a.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
91
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.273/bundles/project.js&cfRay=6fca6b2bfa0923df-IAD
x-cache
Hit from cloudfront
access-control-max-age
3000
x-amz-replication-status
COMPLETED
content-encoding
br
cf-ray
6fca6d67ec35021d-ZRH
last-modified
Fri, 04 Mar 2022 03:24:42 UTC
server
cloudflare
etag
W/"5655d6c20b8fbd0326ccba67c4a94b8e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
x-amz-version-id
d8qvQ4NJOEEA6UgWpFiA1cbs11TvqQym
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-hs-cache-status
MISS
x-amz-cf-pop
IAD89-P2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
WFYhFFAA9wmbRlOMaYqu0UBlH4Iw9Wr5WXFwDNmVM33Q84MN1MgoSg==
x-hs-target-asset
collected-forms-embed-js/static-1.273/bundles/project.js
css
fonts.googleapis.com/
3 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Montserrat:600,regular&subset=latin&display=swap
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4f92f6f2cf3f4dc48ba6cf0ddb4b26a977dc6486aa3eb64610b9a694678c4f72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 05:08:10 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 16 Apr 2022 05:12:40 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 16 Apr 2022 05:12:40 GMT
g.gif
pixel.wp.com/
50 B
93 B
Image
General
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A10.7&blog=199780555&post=245874&tz=0&srv=www.massblog.xyz&host=www.massblog.xyz&ref=https%3A%2F%2Ft.co%2F&fcp=929&rand=0.9125003204943736
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sat, 16 Apr 2022 05:12:40 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
08f2d91eb8051d8ebK9c2.html
cdn.sender.net/accounts_resources/popups/93948/20196/
15 KB
4 KB
Fetch
General
Full URL
https://cdn.sender.net/accounts_resources/popups/93948/20196/08f2d91eb8051d8ebK9c2.html
Requested by
Host: cdn.sender.net
URL: https://cdn.sender.net/accounts_resources/universal.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.68.172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
682fbd31276143963d8f249635babe30ff466316867bb2f84d3ec62e8338d8ef
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
last-modified
Wed, 02 Mar 2022 09:36:33 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2F8QPE9CY2ZywRUqjASgrEfSKDNxDR%2BQDFFKJw%2FjykeKpzOkSfVvX1QldpJRFxYqmrQKViDiHgy%2FKomIkND9YR9eMmyjoxLNugjKdeuok5htP75nkAIS9a5F9qW4DE1Y"}],"group":"cf-nel","max_age":604800}
content-type
text/html
access-control-allow-origin
*
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6fca6d672f9035d1-MAN
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
3-Breitling-x-Triumph.jpg
i0.wp.com/www.massblog.xyz/wp-content/uploads/2022/04/
5 KB
5 KB
Image
General
Full URL
https://i0.wp.com/www.massblog.xyz/wp-content/uploads/2022/04/3-Breitling-x-Triumph.jpg?resize=220%2C150&ssl=1
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
b700204654b191ae16a0e1f4687381108358bf9244ae1efec0a380b23215d4b2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
MISS lhr 2
date
Sat, 16 Apr 2022 05:12:41 GMT
x-content-type-options
nosniff
last-modified
Sat, 16 Apr 2022 05:12:41 GMT
server
nginx
etag
"ffca31cc5b6a1aa6"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://www.massblog.xyz/wp-content/uploads/2022/04/3-Breitling-x-Triumph.jpg>; rel="canonical"
content-length
4886
expires
Mon, 15 Apr 2024 17:12:41 GMT
GettyImages-624090164_500031_mmovbg.jpg
i0.wp.com/www.massblog.xyz/wp-content/uploads/2022/04/
3 KB
3 KB
Image
General
Full URL
https://i0.wp.com/www.massblog.xyz/wp-content/uploads/2022/04/GettyImages-624090164_500031_mmovbg.jpg?resize=220%2C150&ssl=1
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
6dcdfab21fa29136d080a0780bf509c5ceba73b0e03f12789250cd7bb81994b0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT lhr 3
date
Sat, 16 Apr 2022 05:12:40 GMT
x-content-type-options
nosniff
last-modified
Sat, 16 Apr 2022 05:11:09 GMT
server
nginx
etag
"a6c66dfb6400f6e9"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://www.massblog.xyz/wp-content/uploads/2022/04/GettyImages-624090164_500031_mmovbg.jpg>; rel="canonical"
content-length
3130
expires
Mon, 15 Apr 2024 17:11:09 GMT
p
in-automate.sendinblue.com/
0
36 B
XHR
General
Full URL
https://in-automate.sendinblue.com/p?key=4f3drcnyprnt015984rjflw0&cuid=46ea259c-4bbd-4aa0-bbc0-a64ce47023f9&ma_url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&sib_type=page&ma_title=Karakurt%20Ensnares%20Conti%2C%20Diavol%20Ransomware%20Groups%20in%20Its%20Web%20%E2%80%93%20Mass%20Blog&sib_name=Karakurt%20Ensnares%20Conti%2C%20Diavol%20Ransomware%20Groups%20in%20Its%20Web%20%E2%80%93%20Mass%20Blog&ma_referrer=https%3A%2F%2Ft.co%2F&ma_path=%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F
Requested by
Host: sibautomation.com
URL: https://sibautomation.com/sa.js?key=4f3drcnyprnt015984rjflw0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:90c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-origin
*
cache-control
no-cache
cf-apo-via
origin,host
cf-ray
6fca6d67c9b60208-ZRH
css2
fonts.googleapis.com/ Frame EB51
8 KB
861 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Requested by
Host: cdn.sender.net
URL: https://cdn.sender.net/accounts_resources/universal.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9d6ff9ce590e9d6210ffc6a7a282630fea42336748d898de6cb8e1ec68a97437
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 04:08:20 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 16 Apr 2022 05:12:40 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 16 Apr 2022 05:12:40 GMT
forms.css
cdn.sender.net/accounts_resources/ Frame EB51
75 KB
9 KB
Stylesheet
General
Full URL
https://cdn.sender.net/accounts_resources/forms.css
Requested by
Host: cdn.sender.net
URL: https://cdn.sender.net/accounts_resources/universal.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.68.172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b1839b15e350bd02f8c61dc42a6b9bb3c8130f27e07e53b77d295f0695f0437
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5152
strict-transport-security
max-age=63072000; includeSubdomains
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 18 Jan 2021 15:57:16 GMT
server
cloudflare
etag
W/"6005afdc-12a12"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOiU%2FKwyOy%2B1hLqLmZXafwEO0bDTBwV%2FJEB5GY9N5h08PlcijwUprWhj77SzTuj8glj6iEZPHVV6oEzrykGKRpXaZSeTOxwAyfFzTOh4XSt1VJImuIOa2w4Eg9viy6IN"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cf-ray
6fca6d680d7535c5-MAN
sender-brand.png
cdn.sender.net/accounts_resources/popups/ Frame EB51
5 KB
6 KB
Image
General
Full URL
https://cdn.sender.net/accounts_resources/popups/sender-brand.png
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.68.172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
741aaea466ad264aaa738236928cafdbfe88541a09ef493364df309a6d13a1df
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1140
cf-polished
origFmt=png, origSize=9616
content-disposition
inline; filename="sender-brand.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5128
last-modified
Fri, 09 Oct 2020 06:37:56 GMT
server
cloudflare
etag
"5f800544-2590"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FcLEfQ2QKtecKTP25x3hd%2FG0jOeWzu13D33VHmXnn8OQERlKNAqHdNPgItdtSqk40yIwAHb0PRDmvETvOKhC5JruYq%2F8nhEyY%2FSV7nTbM1IunDBkFbItjzFMCMneqWpt"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
vary
Accept
accept-ranges
bytes
cf-ray
6fca6d680d7435c5-MAN
cf-bgj
imgq:100,h2pri,csam-hash
vendor.70cea5f9.chunk.js
chat.sendinblue.com/static/js/
1 MB
239 KB
Script
General
Full URL
https://chat.sendinblue.com/static/js/vendor.70cea5f9.chunk.js
Requested by
Host: chat.sendinblue.com
URL: https://chat.sendinblue.com/static/js/sib-chat.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8fec7d374b50535d67c65b519d2ed135d1ed25534a934d0ede47634d5ba3a4cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
7184
cf-polished
origSize=1230491
last-modified
Fri, 04 Mar 2022 07:27:57 GMT
x-xss-protection
1
x-sib-server
SENDINBLUE-srv-pr-rancher-worker-15
cf-bgj
minify
server
cloudflare
etag
W/"6221bf7d-12c69b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
6fca6d682b3acc46-ZRH
expires
Sat, 16 Apr 2022 09:12:40 GMT
react-bundle.1e303add.chunk.js
chat.sendinblue.com/static/js/
199 KB
49 KB
Script
General
Full URL
https://chat.sendinblue.com/static/js/react-bundle.1e303add.chunk.js
Requested by
Host: chat.sendinblue.com
URL: https://chat.sendinblue.com/static/js/sib-chat.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a417b775676ac50b50fed07811ab9277525d4f07beb932e71fcc2832824a98c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
7184
cf-polished
origSize=203924
last-modified
Fri, 04 Mar 2022 07:27:57 GMT
x-xss-protection
1
x-sib-server
SENDINBLUE-srv-pr-rancher-worker-17
cf-bgj
minify
server
cloudflare
etag
W/"6221bf7d-31c94"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
6fca6d682b3bcc46-ZRH
expires
Sat, 16 Apr 2022 09:12:40 GMT
main.f69c18fa.js
chat.sendinblue.com/static/js/
328 KB
90 KB
Script
General
Full URL
https://chat.sendinblue.com/static/js/main.f69c18fa.js
Requested by
Host: chat.sendinblue.com
URL: https://chat.sendinblue.com/static/js/sib-chat.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ada8ec2c31e6beef0e1f0d861a4349ce9966965c2f652779b722335f07d322e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
2336
cf-polished
origSize=336368
last-modified
Fri, 04 Mar 2022 07:27:57 GMT
x-xss-protection
1
x-sib-server
SENDINBLUE-srv-pr-rancher-worker-9
cf-bgj
minify
server
cloudflare
etag
W/"6221bf7d-521f0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
6fca6d682b3ecc46-ZRH
expires
Sat, 16 Apr 2022 09:12:40 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame F6EA
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=1318467558&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960503&bpp=2&bdt=741&idt=236&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=174&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=oGxbEQjqNn&p=https%3A//www.massblog.xyz&dtd=242
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:05:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
446
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:05:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame F6EA
119 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=1318467558&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960503&bpp=2&bdt=741&idt=236&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=174&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=oGxbEQjqNn&p=https%3A//www.massblog.xyz&dtd=242
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36909
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649897599747219"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 16 Apr 2022 05:12:41 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame F6EA
15 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=1318467558&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960503&bpp=2&bdt=741&idt=236&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=174&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=oGxbEQjqNn&p=https%3A//www.massblog.xyz&dtd=242
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:06:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
359
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:06:42 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame F6EA
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CARiMSFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKECT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLF46SZi9ZM0QzSF2Ook0ZU67BSNAe0BmXm2gMR06vHyL0-TCqOl1IAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTg4NTQzNTg0MDIyNzk2MTMYAA&sigh=eKT7IhVUxG0&uach_m=[UACH]&cid=CAQSGwCNIrLMVM6xrtZb2JwLwP3fNyzzAaXdWqs4cBgB
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=1318467558&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960503&bpp=2&bdt=741&idt=236&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=174&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=oGxbEQjqNn&p=https%3A//www.massblog.xyz&dtd=242
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=1318467558&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960503&bpp=2&bdt=741&idt=236&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=174&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=oGxbEQjqNn&p=https%3A//www.massblog.xyz&dtd=242
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Sat, 16 Apr 2022 05:12:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Sat, 16 Apr 2022 05:12:41 GMT
notify
rtb.nl.eu.criteo.com/google/auction/ Frame F6EA
0
0
Fetch
General
Full URL
https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=UcvMEL_6RLAJmAKH-lcYAgAAAP3cVL_hKnVJcNRnexBHUFpitR_7tA141BVK0CoAEg&wp=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=1318467558&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960503&bpp=2&bdt=741&idt=236&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=174&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=oGxbEQjqNn&p=https%3A//www.massblog.xyz&dtd=242
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
server
Kestrel
server-processing-duration-in-ticks
245015
content-length
0
strict-transport-security
max-age=31536000; preload;
afr.php
ads.eu.criteo.com/delivery/r/ Frame 202F
147 KB
46 KB
Document
General
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=1318467558&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960503&bpp=2&bdt=741&idt=236&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=174&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=oGxbEQjqNn&p=https%3A//www.massblog.xyz&dtd=242
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
301bc8762f0b2a757b490fd15213b68926895c01b624a2ffdaaf030725473d0d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 05:12:40 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=m_StIwcHkZnT6OwQvkpEiFJWrG0gXZNii2HnWscx7WJp1VzDq5Y4BvYQLZ-veCrlPQQnVjlv4q94iOkQ-ya5NhhjcarBX4Bdt-eeKWCendaMxbnJOXTzyFhckoCZ1O2UfiiUDjinsqYdCclD6ZDZyaL3rbNEDq2CY_AeTPKTrTzc-BF386dFDGJcY6DKCQltfsfB8d9wUtj7Ppq4h-LX6BV7qkdZ75c3jVK62NU601y6liwTJn5PAUhO8Cj0EbWYf_2yTw"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
102808676
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v23/
30 KB
31 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v23/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:600,regular&subset=latin&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.massblog.xyz
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 11:55:47 GMT
x-content-type-options
nosniff
age
321414
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30876
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:11:59 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 12 Apr 2023 11:55:47 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 5FB1
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=600&slotname=8662774254&adk=2108418797&adf=2733401458&pi=t.ma~as.8662774254&w=300&lmt=1650085960&psa=0&format=300x600&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960651&bpp=1&bdt=889&idt=116&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=515&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=f7nWwbj92e&p=https%3A//www.massblog.xyz&dtd=118
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:05:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
446
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:05:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 5FB1
119 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=600&slotname=8662774254&adk=2108418797&adf=2733401458&pi=t.ma~as.8662774254&w=300&lmt=1650085960&psa=0&format=300x600&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960651&bpp=1&bdt=889&idt=116&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=515&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=f7nWwbj92e&p=https%3A//www.massblog.xyz&dtd=118
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36909
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649897599747219"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 16 Apr 2022 05:12:41 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 5FB1
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=600&slotname=8662774254&adk=2108418797&adf=2733401458&pi=t.ma~as.8662774254&w=300&lmt=1650085960&psa=0&format=300x600&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960651&bpp=1&bdt=889&idt=116&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=515&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=f7nWwbj92e&p=https%3A//www.massblog.xyz&dtd=118
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:06:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
359
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:06:42 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 5FB1
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CU27VSFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEoAJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHI2zgW-eLJ4jcZJvHf4qPKN0pl2DXF8Afu8PbRkgJ9jIqImyDWNaABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi04ODU0MzU4NDAyMjc5NjEzGAA&sigh=wqfW86NjN4w&uach_m=[UACH]&cid=CAQSGwCNIrLMPXzmW1QyI9z4g-V5-SsyZTgAqdV6AxgB
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=600&slotname=8662774254&adk=2108418797&adf=2733401458&pi=t.ma~as.8662774254&w=300&lmt=1650085960&psa=0&format=300x600&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960651&bpp=1&bdt=889&idt=116&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=515&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=f7nWwbj92e&p=https%3A//www.massblog.xyz&dtd=118
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=600&slotname=8662774254&adk=2108418797&adf=2733401458&pi=t.ma~as.8662774254&w=300&lmt=1650085960&psa=0&format=300x600&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960651&bpp=1&bdt=889&idt=116&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=515&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=f7nWwbj92e&p=https%3A//www.massblog.xyz&dtd=118
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Sat, 16 Apr 2022 05:12:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Sat, 16 Apr 2022 05:12:41 GMT
notify
rtb.nl.eu.criteo.com/google/auction/ Frame 5FB1
0
0
Fetch
General
Full URL
https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=UcvMEMuBMKwC2ASH-lcYAgAAANADdm_a9_blcNRnexBHUFpiR7Rz0jKr3ynVmncAEg&wp=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=600&slotname=8662774254&adk=2108418797&adf=2733401458&pi=t.ma~as.8662774254&w=300&lmt=1650085960&psa=0&format=300x600&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960651&bpp=1&bdt=889&idt=116&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=515&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=f7nWwbj92e&p=https%3A//www.massblog.xyz&dtd=118
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
server
Kestrel
server-processing-duration-in-ticks
192412
content-length
0
strict-transport-security
max-age=31536000; preload;
afr.php
ads.eu.criteo.com/delivery/r/ Frame EF90
229 KB
60 KB
Document
General
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=600&slotname=8662774254&adk=2108418797&adf=2733401458&pi=t.ma~as.8662774254&w=300&lmt=1650085960&psa=0&format=300x600&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960651&bpp=1&bdt=889&idt=116&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1050&ady=515&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&fsb=1&xpc=f7nWwbj92e&p=https%3A//www.massblog.xyz&dtd=118
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
01c02c2b82429d7ab0c99d51af3266223d7843fe0a6aab7b41986e716af9c94d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 05:12:41 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=1bWa3wcHkZnT6OwQI66hskbcMm7KbwT6KRnzR8746lwq5LjwsboYtgwHmZUV1e17Wt1eRRyp8IPkCsiASaMZ4LanpM0Z1okkmR5CcDKoAFYNxSXjLRs4q3B5tDyLBw5nmdGmBOB7GLTA7iol2loTtTD6DtVjGAn4YcC19WJNawUtcFUGLZ4LtppPhD7ynI9P_hs6kGsaP0iITwRIxqMi_Kp6dRP54etae8gG5cIejAbFFcvbUDhjIS7W4uwyxMpsoGSP6qDkpFDyhzpK"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
132196217
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
json
forms.hubspot.com/collected-forms/v1/config/
116 B
1 KB
XHR
General
Full URL
https://forms.hubspot.com/collected-forms/v1/config/json?portalId=21712388&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b438737b45df2532ee53aa0429e56c4b533693cc326e14047279c893415fdd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.massblog.xyz/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
3ac33773-85b5-4ae5-82d0-18972f08d10f
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AWqHNBh1Qd8LYw48CgPPr8hWqU40T9SJ%2FwuVghfsW8HPA24%2FB3EdJPST8cj7v%2BUOdyqRtZtDXZh4IVY1%2FU%2BbP31FraxSeVZBFz8zRJDWbV5UcEUuEmz3acbkNH7jJJ8oPwhDnPDBF7rfbWOuq98I"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.massblog.xyz
x-robots-tag
none
access-control-allow-credentials
false
cf-ray
6fca6d695ae90208-ZRH
access-control-allow-headers
*
operators
chat-backend.sendinblue.com/chat/ Frame
0
0
Preflight
General
Full URL
https://chat-backend.sendinblue.com/chat/operators
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:90c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept
*/*
Access-Control-Request-Headers
x-auth-token
Access-Control-Request-Method
GET
Origin
https://www.massblog.xyz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Content-Disposition,Authorization,Origin,Accept,X-auth-token,X-source-url
access-control-allow-methods
GET,DELETE,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.massblog.xyz
cf-cache-status
DYNAMIC
cf-ray
6fca6d6afc470208-ZRH
content-length
0
date
Sat, 16 Apr 2022 05:12:41 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
x-content-type-options
nosniff
x-sib-server
srv-pr-rancher-worker-11.prod.illiad.51b.tech
x-xss-protection
1
operators
chat-backend.sendinblue.com/chat/
101 B
204 B
XHR
General
Full URL
https://chat-backend.sendinblue.com/chat/operators
Requested by
Host: chat.sendinblue.com
URL: https://chat.sendinblue.com/static/js/vendor.70cea5f9.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:90c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1d5738a2e76486f59228c099c83bcb13e6bb11d65f6cf85bf19c1a584a15041
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept
application/json
Referer
https://www.massblog.xyz/
X-auth-token
eyJhbGciOiJIUzI1NiJ9.Mzk2MjI1Mg.bjBpy9ch_GTaPQvC_cgenDoXXqMOVDtg65o4zaH_BhQ
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.massblog.xyz
access-control-allow-credentials
true
cf-apo-via
origin,host
cf-ray
6fca6d6bacd80208-ZRH
x-xss-protection
1
x-sib-server
srv-pr-rancher-worker-14.prod.illiad.51b.tech
counters.gif
forms.hsforms.com/embed/v3/
35 B
516 B
Image
General
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3
Requested by
Host: www.massblog.xyz
URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5505 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
x-hubspot-correlation-id
9c66475b-9d9f-4af2-a3cd-ba97a6c33b8b
cf-ray
6fca6d6c397c23df-ZRH
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
35
server
cloudflare
x-trace
2BE64A3837A45F0B3D0E7D1106F22ED4308805EC4A000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/gif
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
truncated
/ Frame F6EA
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
69a19ce5d435b895645a9049fbc35106ce7f131a2449a2672d18ccb2642d6919

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
583c04eba622323b1bc7d6fda2f57e1e.js
www.gstatic.com/mysidia/ Frame D5C1
9 KB
4 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/583c04eba622323b1bc7d6fda2f57e1e.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b968113e586107906911e61864086ba097b7b45cf857c0de3c4fd20963a90e61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 03:02:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
353434
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3720
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 03:53:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 11 Jul 2022 03:02:07 GMT
d153763d065fc486a30a5318c8635961.js
www.gstatic.com/mysidia/ Frame D5C1
8 KB
4 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/d153763d065fc486a30a5318c8635961.js?tag=text/vanilla_highlight
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae3a15a3e9733515bb33d29c4820b33c0bcaf30a522fd034ea68d104939901d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 11 Apr 2022 19:34:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
380300
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3697
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 03:53:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sun, 10 Jul 2022 19:34:21 GMT
css
fonts.googleapis.com/ Frame D5C1
8 KB
892 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 03:20:37 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 16 Apr 2022 05:12:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 16 Apr 2022 05:12:41 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame D5C1
2 KB
908 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 04:47:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1522
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 04:47:19 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame D5C1
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:00:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
734
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8002
x-xss-protection
0
server
cafe
etag
5332015062585099865
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:00:27 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame D5C1
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:09:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
199
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:09:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame D5C1
119 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36909
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649897599747219"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 16 Apr 2022 05:12:41 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame D5C1
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:10:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
153
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:10:08 GMT
fb084ba56019ecef1e967c41e75d05fd.js
www.gstatic.com/mysidia/ Frame D5C1
29 KB
12 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/fb084ba56019ecef1e967c41e75d05fd.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
320829d08d5e492bb1e0e2c49e7ddfe9a4d5c9f7ed57f4c1316914276450b4c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 08:37:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
246928
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11996
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 03:53:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 12 Jul 2022 08:37:13 GMT
css
fonts.googleapis.com/ Frame 0DC6
2 KB
532 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5c35ba43b7900752a3023550de81888bb9fa36138e72edf3db3bd20e1dc09186
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 03:24:14 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 16 Apr 2022 05:12:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 16 Apr 2022 05:12:41 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 0DC6
2 KB
902 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 04:32:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2440
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
875
x-xss-protection
0
server
cafe
etag
16974406330603315520
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 04:32:01 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame 0DC6
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dc3f2293f6503ff6ee63c2a69421d235a0f7881a80d89dd407ec2f15eda63fdd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 20:00:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
33134
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7964
x-xss-protection
0
server
cafe
etag
4741051639382073774
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 29 Apr 2022 20:00:27 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 0DC6
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:11:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
45
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:11:56 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 0DC6
119 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36909
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649897599747219"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 16 Apr 2022 05:12:41 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 0DC6
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6808c7f1192e091f9e9b4e15e28fa2a8904117ba54c11e51fc8eb9d179733e1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 00:13:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
17946
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6368
x-xss-protection
0
server
cafe
etag
1861550861606854559
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 00:13:35 GMT
fb084ba56019ecef1e967c41e75d05fd.js
www.gstatic.com/mysidia/ Frame 0DC6
29 KB
12 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/fb084ba56019ecef1e967c41e75d05fd.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
320829d08d5e492bb1e0e2c49e7ddfe9a4d5c9f7ed57f4c1316914276450b4c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 08:37:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
246928
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11996
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 03:53:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 12 Jul 2022 08:37:13 GMT
privacy_small.svg
static.criteo.net/flash/icon/ Frame 202F
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 05:12:41 GMT
adchoices_en.svg
static.criteo.net/flash/icon/ Frame 202F
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/adchoices_en.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-759"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 05:12:41 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame 202F
308 B
636 B
Image
General
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Tue, 11 Apr 2023 05:12:41 GMT
back_button.svg
static.criteo.net/flash/icon/ Frame 202F
507 B
835 B
Image
General
Full URL
https://static.criteo.net/flash/icon/back_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Thu, 01 Apr 2021 14:03:13 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"6065d2a1-1fb"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
507
expires
Tue, 11 Apr 2023 05:12:41 GMT
lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame 202F
43 B
348 B
Image
General
Full URL
https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=xOMeW2jMT0uUVlcwwBjgAUC2GPqgKkiTrDPJ4Uu_lc-lKxKMKfUtHjhFv0iY_yt1o3zRTuOSeviBWtAG7ACREPOgziZKAZ8T4aS52IEZph3my2bMRh6mFmikLHwEdYJ7_X_3J7A06anPBgfVz_PAtw1fuwI6WTsnUS9KC9wUZsogs8uqzA1LrPt7kyR-IiVNlWcx81iS2i2Ke_KxxuLdEVLGB-Oe-_KayW633APhN7y3pCFE3LB4yH7bOkdqD30Ji6rBsEHSuyORQTuTlLUfF1UQL6I2QQiUM4ZXxOXimbUa3t7_242Uu-bnMpYn7Rnu7pp6vMNgeelF-mTOBMidYKRfBXdTkk2iMAO6I1Xf3UOphNIwnokv74RWUicrkEphfmfqiNX8seUuLg_l8ljKP3V_nbODJ2D2HP0jhXvUtaULXU-CQEUty9KrNp96MssK_rnbkQ
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 05:12:40 GMT
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
3213514
content-type
image/gif
expires
Mon, 26 Jul 1997 05:00:00 GMT
10034708100168757718
tpc.googlesyndication.com/daca_images/simgad/ Frame 37FF
124 KB
124 KB
Image
General
Full URL
https://tpc.googlesyndication.com/daca_images/simgad/10034708100168757718
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3ec9cf1e071391908cd6834390e44e8fb8ae3961852618171a24f1f0a44dd5ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
127225
x-xss-protection
0
last-modified
Mon, 28 Mar 2022 16:10:51 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 16 Apr 2023 05:12:41 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame 37FF
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:00:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
734
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8002
x-xss-protection
0
server
cafe
etag
5332015062585099865
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:00:27 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 37FF
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:09:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
199
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:09:22 GMT
transparent.png
tpc.googlesyndication.com/pagead/images/ Frame 37FF
67 B
91 B
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/transparent.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 18:15:01 GMT
x-content-type-options
nosniff
server
cafe
age
39460
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag
2462972746714251406
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67
x-xss-protection
0
expires
Sat, 16 Apr 2022 18:15:01 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 37FF
119 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36909
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649897599747219"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 16 Apr 2022 05:12:41 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 37FF
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:10:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
153
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:10:08 GMT
one_click_handler_one_afma_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 37FF
29 KB
12 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/one_click_handler_one_afma_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
02af7e03520b6699b7eff36516fcd9fc000f00f6388f8ddeac599d00a76e6d0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 00:35:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
16636
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11979
x-xss-protection
0
server
cafe
etag
7739490655680154556
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 00:35:25 GMT
privacy_small.svg
static.criteo.net/flash/icon/ Frame EF90
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 05:12:41 GMT
adchoices_en.svg
static.criteo.net/flash/icon/ Frame EF90
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/adchoices_en.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-759"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 05:12:41 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame EF90
308 B
636 B
Image
General
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Tue, 11 Apr 2023 05:12:41 GMT
back_button.svg
static.criteo.net/flash/icon/ Frame EF90
507 B
835 B
Image
General
Full URL
https://static.criteo.net/flash/icon/back_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Thu, 01 Apr 2021 14:03:13 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"6065d2a1-1fb"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
507
expires
Tue, 11 Apr 2023 05:12:41 GMT
lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame EF90
43 B
347 B
Image
General
Full URL
https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=dP2_LR4JO58jtlomsmEydB309D1fSolPDNVq8AUvtDe8xt9yReSYYC45_qSCzV3WYsRPY3qXNs-rJbLe1t3TssscYvaxRul9Xj5HGcQwov4cvhTThnqcnWUTbKxMwYeApIohZI5B9lJcr1pMlat-WDk05ea2QCFUBCwsbxn_ErvWTfB315QEle8UzOzdrt2H83Yq2hRpQ4Fu7Mx2pqX25h9Ssye9yVJdnzvh_QgVfNDAUMjrRF2MUCOqcjchBVqvxAoy2s7AmXPGfK0wr524f98wicDNUcYKfG2barLgUgbD5rx6Rxf8-F7xMjmUOdKHI2SZIgnp4CX-U73fgYLnik4bI2uvgMYl5AEWNpX52VAMIS3ItqNd4URvM-hmDFO-0SMTaSc_0vaH9UMWdI9I7u2eQQux9xuhRvhvCv1zwyV6qpgr2MgLLoHOIPIlrGv4U2J1yg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 05:12:41 GMT
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
3433090
content-type
image/gif
expires
Mon, 26 Jul 1997 05:00:00 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 0DC6
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CvuBXSFBaYr7rMsLQ1fAPmcudmAmai9vQaZL5gI_1DpaCzYWIFhABIMnz-X5gu4aAgNAKoAHr_IqqKMgBCakCJuWz7ZHptT6oAwHIA8sEqgSeAk_Q6V4SL8SsJxb9nfFl5efp9Lq0kNllXEMcUCrfxGMM9mU1JxeeVysEysdfBXFMi_oZLXfls6SiMWhAbXgaChp7WiLd7SuzCSGgdCSytOmYmj3OeW15UTmoOqIS5CKOJLuNLiCmGyEbR-TlftyoLHU2VJWJyhxS4USa5oiVjv8EWI2XDDRmZvsjQOr2KqzfiLoPSY_WN_ciHL05JAckexGjbMfZ2WOQX1N1KJ1JowcGIy8BZo1UrLwVwSKXREfTM5VBjfZ0rB93Jto3BbJmUdyZLh6qc3LdtKwG_A0luwDhA4lcmXcWHKN68IKuMcdldVdA066XGr3e-sCL-8cpsQQ0OU113pZkRGIwDNd8oLS8Y1Xlao28ZjacOKOkSS_ABL-I2tz_A5IFBAgEGAGSBQQIBRgEoAYugAfrtNuJA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB6a-G9gHAPIHBBDs3ATSCAkIgOGAEBABGB-ACgHICwHYEw7QFQGAFwGyFxwKGggAEhRwdWItODg1NDM1ODQwMjI3OTYxMxgA&sigh=bkSRAd85Apk&uach_m=[UACH]&template_id=494
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Sat, 16 Apr 2022 05:12:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame 5FB1
209 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3c302be6c3e6327b652a268f0d19cb878310058fd1ebabfaa070749509d232f3

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
adview
googleads.g.doubleclick.net/pagead/ Frame 37FF
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CEpipSFBaYurgMrnG1fAPg56O2AKi0pXFafCGhfHED72ByuH5LxABIMnz-X5gu4aAgNAKoAGM2YzlAsgBAqkCJuWz7ZHptT6oAwHIA8kEqgScAk_QtrZoI9vpqCpI2PK_w-EnjAg8aD4d_mDxKfwfA3Nz-LObX9xOsBllKem8tedQRPm5mojDc7AfY2vdJpCYauqhCT1oE2RKE270ltNOzWfbIXw-JUltjSygRTAvQT5-EsP864Ssm1Dbm-5jFDCc3oE1yThWcAyFX2owPC2vkv4-kL8GT_T2zG7E3UaI3iIWW7P5D7M_GRsomsdbvufRZ4CTd3akPqCxESWXScW9MVz-LgM18yXv6Vt0vZ2wjzviMMv28pMO4yjqDVTL7P3LAJCGtgBlW4kX53xDIXjtlQqIZ8_vzYUodAKiFH1sjBuY6oaMG_4JUp3KGVe1-LbdWBvwRK8AqRcVmJtTAvPuyEUYRzl98pNjPDmL-91dwATy8Zje8wOSBQQIBBgBkgUECAUYBKAGAoAH3KbzmgGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBD1hwHSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItODg1NDM1ODQwMjI3OTYxMxgA&sigh=giBX20MaI-M&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Sat, 16 Apr 2022 05:12:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
shopping
encrypted-tbn0.gstatic.com/ Frame 0DC6
11 KB
11 KB
Image
General
Full URL
https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRSzFAfsHBM1Xxqw8gb37oXxIYY34QMy4epBiMiL9IqyVUjDe0&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fb2a76ad4d12a2c7b2b02d7f786263a50263282bfcb6eeb53dd699b41cc3d8d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 20:19:35 GMT
x-content-type-options
nosniff
age
31986
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10816
x-xss-protection
0
last-modified
Thu, 14 Apr 2022 07:11:43 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Sat, 15 Apr 2023 20:19:35 GMT
shopping
encrypted-tbn0.gstatic.com/ Frame 0DC6
75 KB
75 KB
Image
General
Full URL
https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRiX1gEgPjSPggwhpXOS-StxAkCAxOqEuBgVqtKtcfU4hZUJUkcwzFHu2kSpg&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
787a6352c8fa4ceb889a14569d3e3ebc28849d179eb8a7a65e9bd26123ee62cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 19:59:33 GMT
x-content-type-options
nosniff
age
33188
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
76528
x-xss-protection
0
last-modified
Sun, 10 Apr 2022 01:09:24 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Sat, 15 Apr 2023 19:59:33 GMT
shopping
encrypted-tbn2.gstatic.com/ Frame 0DC6
10 KB
10 KB
Image
General
Full URL
https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQ7oLv9G4lwL8o1hlFk5lO1WVQYt-0W_r1n9zBpiR7PWYMbsTE&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65913f23c45040878bb000efd280385e4fd632b69c9b4724686b600e245f1a70
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 14 Apr 2022 11:39:41 GMT
x-content-type-options
nosniff
age
149580
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10125
x-xss-protection
0
last-modified
Mon, 04 Apr 2022 01:41:25 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Fri, 14 Apr 2023 11:39:41 GMT
shopping
encrypted-tbn2.gstatic.com/ Frame 0DC6
12 KB
12 KB
Image
General
Full URL
https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcTCtJOWGADjkab85Sm8iJm4FBz2yMe1vgpcQuS_aeeLisTpEZEv&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
839ef46ec2d213b3c572d8513462ca464f831d1586175123652d964dc70f2974
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 14 Apr 2022 05:40:56 GMT
x-content-type-options
nosniff
age
171105
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12564
x-xss-protection
0
last-modified
Tue, 22 Feb 2022 09:51:30 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Fri, 14 Apr 2023 05:40:56 GMT
webfontloader.js
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 202F
12 KB
5 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
177939
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4420
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:17:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb04030-30d9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e8pMdyp5n0GsgtiNJoDgCGTrIPUiG3kTRGm78NZgyEiy5QIHuZSrP9aPgX7a9iJaI6ocaBIeCqFBa57GPDgpHFKFbKvl%2BwD%2BRxHgUsVrbbCOXmtpQNrRiV9dRirZFyRXXA9jc8Mj%2BZB5q%2Bc%2B%2BD0p2lLA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6fca6d6cad90cc46-ZRH
expires
Thu, 06 Apr 2023 05:12:41 GMT
animejs.js
static.criteo.net/animejs/ Frame 202F
12 KB
6 KB
Script
General
Full URL
https://static.criteo.net/animejs/animejs.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2019 17:44:11 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5c9a64eb-3181"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 05:12:41 GMT
img
pix.eu.criteo.net/img/ Frame 202F
13 KB
13 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?h=556&m=0&partner=65059&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F65059%2F210330%2F6c528a63f71c4d72a0d8e9687e87328d_logo_vertical_03.png&v=3&w=528&s=_v6Pg6iWIW2F0s4q4hO_7-4e
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
8b5abf902c157c372285a8277bd336ce30ac5efe1422a610d3b89e8024174e15
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=30240885
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
13506
expires
Sat, 01 Apr 2023 05:27:27 GMT
img
pix.eu.criteo.net/img/ Frame 202F
10 KB
10 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fa%2F_acer-aspire-5_a517-52-52g_fp-backlit_silver_1000main_nx.aarek.004.png&v=3&w=800&s=MyxS-m3ruTq2DSI9ZVzmOwsL&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
bbf18ae550d420504652ee7304deb5b21ae4c2e500bbd0e13489298a6b9a314d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=869064
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
9828
expires
Tue, 26 Apr 2022 06:37:05 GMT
img
pix.eu.criteo.net/img/ Frame 202F
15 KB
15 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fn%2F_nitro5_an515-57_bl1_rgb-bk_main1000_nh.qewek.003.png&v=3&w=800&s=5bxCdDzRSxqKm-qrl4lrS7Am&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
972de7ed44386eb4b67225f4847421642810a04a9a1aecfe6386893e75d8a9d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=998941
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
15446
expires
Wed, 27 Apr 2022 18:41:43 GMT
img
pix.eu.criteo.net/img/ Frame 202F
33 KB
34 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fa%2F_acer-spin-5_-sp513-55n-55na_fp-backlit_steel-gray_main_nx.a5pek.008.png&v=3&w=800&s=JJVR0YEDkp9IlQetCRsh0QaA&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
5d46bea8e4553cd5cdc3a2261c47c4ba7c01a40aa00519313afbc8a97680940d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=1011668
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
34018
expires
Wed, 27 Apr 2022 22:13:50 GMT
img
pix.eu.criteo.net/img/ Frame 202F
33 KB
33 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Ft%2F_travelmate-p2_tmp214-52-52g-p40-52-modelmain_nx.vlnek.00a.png&v=3&w=800&s=mNeEJkvWWxuvP9_OsaV4V4P5&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
a36f4eacb099ca6271c6f1cf491c84ac6f2df89c1da8592788035a44ddf9469f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=650822
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
33958
expires
Sat, 23 Apr 2022 17:59:43 GMT
img
pix.eu.criteo.net/img/ Frame 202F
10 KB
10 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fe%2F_extensa-15-ex215-54-54g-bk_1000main_nx.egjek.00a.png&v=3&w=800&s=dNmWw12ySYFlNIO-y1kQQ79a&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
ecaaeea6f052e64589d8acd2e3c5ec361b9ccf162d2953f2174c16a73a1f490c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=490998
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
10010
expires
Thu, 21 Apr 2022 21:36:00 GMT
all
csm.eu.criteo.net/ Frame 202F
0
127 B
Ping
General
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=m_StIwcHkZnT6OwQvkpEiFJWrG0gXZNii2HnWscx7WJp1VzDq5Y4BvYQLZ-veCrlPQQnVjlv4q94iOkQ-ya5NhhjcarBX4Bdt-eeKWCendaMxbnJOXTzyFhckoCZ1O2UfiiUDjinsqYdCclD6ZDZyaL3rbNEDq2CY_AeTPKTrTzc-BF386dFDGJcY6DKCQltfsfB8d9wUtj7Ppq4h-LX6BV7qkdZ75c3jVK62NU601y6liwTJn5PAUhO8Cj0EbWYf_2yTw&sds=2&rev=81123&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 16 Apr 2022 05:12:41 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 202F
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 05:12:41 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame 202F
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 05:12:41 GMT
thread
chat-backend.sendinblue.com/chat/
172 B
227 B
XHR
General
Full URL
https://chat-backend.sendinblue.com/chat/thread
Requested by
Host: chat.sendinblue.com
URL: https://chat.sendinblue.com/static/js/vendor.70cea5f9.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:90c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5f487bb3d5dc7be6f0e5ab7afb5892e59d4e2d003e41655405f7f23ed30644d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept
application/json
Referer
https://www.massblog.xyz/
X-auth-token
eyJhbGciOiJIUzI1NiJ9.Mzk2MjI1Mg.bjBpy9ch_GTaPQvC_cgenDoXXqMOVDtg65o4zaH_BhQ
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
X-source-url
https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/
Content-Type
application/json

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
application/json
access-control-allow-origin
https://www.massblog.xyz
access-control-allow-credentials
true
cf-ray
6fca6d6d0dd00208-ZRH
x-xss-protection
1
x-sib-server
srv-pr-rancher-worker-17.prod.illiad.51b.tech
thread
chat-backend.sendinblue.com/chat/ Frame
0
0
Preflight
General
Full URL
https://chat-backend.sendinblue.com/chat/thread
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:90c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-auth-token,x-source-url
Access-Control-Request-Method
POST
Origin
https://www.massblog.xyz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Content-Disposition,Authorization,Origin,Accept,X-auth-token,X-source-url
access-control-allow-methods
GET,DELETE,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.massblog.xyz
cf-cache-status
DYNAMIC
cf-ray
6fca6d6c7d6c0208-ZRH
content-length
0
date
Sat, 16 Apr 2022 05:12:41 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
vary
Origin
x-content-type-options
nosniff
x-sib-server
srv-pr-rancher-worker-16.prod.illiad.51b.tech
x-xss-protection
1
webfontloader.js
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame EF90
12 KB
5 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
177939
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4420
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:17:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb04030-30d9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1G0T6MpnvcLrZiQu2ghLJjxT05c4G%2B1sUNxkxrRdFwOWYyIAgHBReWWqsr2aGrB4R%2F%2BSIY%2BpDNEiRgDwJ2PwlpWdoMDQQVad2XLB5mQoIugz0hdm9iTw%2FcYjSTZwgB8TUb%2BNnp548XIlmogJ5LZCdQt2"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6fca6d6cad94cc46-ZRH
expires
Thu, 06 Apr 2023 05:12:41 GMT
animejs.js
static.criteo.net/animejs/ Frame EF90
12 KB
6 KB
Script
General
Full URL
https://static.criteo.net/animejs/animejs.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2019 17:44:11 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5c9a64eb-3181"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 05:12:41 GMT
img
pix.eu.criteo.net/img/ Frame EF90
10 KB
10 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fa%2F_acer-aspire-5_a517-52-52g_fp-backlit_silver_1000main_nx.aarek.004.png&v=3&w=800&s=MyxS-m3ruTq2DSI9ZVzmOwsL&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
bbf18ae550d420504652ee7304deb5b21ae4c2e500bbd0e13489298a6b9a314d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=869064
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
9828
expires
Tue, 26 Apr 2022 06:37:05 GMT
img
pix.eu.criteo.net/img/ Frame EF90
33 KB
33 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Ft%2F_travelmate-p2_tmp214-52-52g-p40-52-modelmain_nx.vlnek.00a.png&v=3&w=800&s=mNeEJkvWWxuvP9_OsaV4V4P5&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
a36f4eacb099ca6271c6f1cf491c84ac6f2df89c1da8592788035a44ddf9469f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=650822
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
33958
expires
Sat, 23 Apr 2022 17:59:43 GMT
img
pix.eu.criteo.net/img/ Frame EF90
15 KB
15 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fn%2F_nitro5_an515-57_bl1_rgb-bk_main1000_nh.qewek.003.png&v=3&w=800&s=5bxCdDzRSxqKm-qrl4lrS7Am&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
972de7ed44386eb4b67225f4847421642810a04a9a1aecfe6386893e75d8a9d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=998941
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
15446
expires
Wed, 27 Apr 2022 18:41:43 GMT
cb41b6a5008f4f24a3d23d9d0a8e0007_cpn_300x600_1.jpeg
static.criteo.net/design/dt/65059/220408/ Frame EF90
112 KB
113 KB
Image
General
Full URL
https://static.criteo.net/design/dt/65059/220408/cb41b6a5008f4f24a3d23d9d0a8e0007_cpn_300x600_1.jpeg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
3a592a77aa5c43692dfe8d8380ba6554d1df8131834826c46580d14074b3cf0d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Fri, 08 Apr 2022 09:46:14 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"62500466-1c198"
strict-transport-security
max-age=31536000; preload;
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
115096
expires
Tue, 11 Apr 2023 05:12:41 GMT
img
pix.eu.criteo.net/img/ Frame EF90
13 KB
13 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?h=268&m=0&partner=65059&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F65059%2F210330%2F6c528a63f71c4d72a0d8e9687e87328d_logo_vertical_03.png&v=3&w=596&s=n6-15fCI8Ebaq3En8l-fqxRu
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
8b5abf902c157c372285a8277bd336ce30ac5efe1422a610d3b89e8024174e15
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=30240885
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
13506
expires
Sat, 01 Apr 2023 05:27:27 GMT
img
pix.eu.criteo.net/img/ Frame EF90
10 KB
10 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fa%2F_acer-travelmate-p2_tmp215-53-53g_fp-backlit_1000main_nx.vqbek.00e.png&v=3&w=800&s=iqKX2rSkX9e6kDMZUp23ZAqi&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e60b5ae2f507c6b3008250bc07ef6245df6b6bdef292c6097e130d3cd3a8340b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=476205
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
9856
expires
Thu, 21 Apr 2022 17:29:26 GMT
img
pix.eu.criteo.net/img/ Frame EF90
29 KB
30 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fo%2F_orion-3000_po3-630_gl_gallery_main_usb_dg.e2cek.00m.png&v=3&w=800&s=h6yRB5LHuZUvdHr4QQNcimuc&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
58d260c57004679defa1dbbf59b59df7bc1df71b6b664767b9bc0f4e76de9f3b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=644622
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
29938
expires
Sat, 23 Apr 2022 16:16:23 GMT
img
pix.eu.criteo.net/img/ Frame EF90
10 KB
10 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fs%2F_swift-3-sf314-511-fpbl-sv_1000main_nx.ablek.00m.png&v=3&w=800&s=eyIYnLMX2eiwpQeP3u9QoRaC&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
2a88596d8c0a225f0cdf6b710209c1089865da2d0785d38f21dbc0e3068945ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=1009136
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
10106
expires
Wed, 27 Apr 2022 21:31:38 GMT
img
pix.eu.criteo.net/img/ Frame EF90
13 KB
14 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fp%2F_predator-helios-300-ph-315-54-bl-bk-1000main_nh.qc2ek.004.png&v=3&w=800&s=rWUs4fsAAGWwg-pCR_LX31DP&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
af614e60edfd6bd509e319f7611e4eb013560eb4f9770128140405cf01d16876
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=558580
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
13704
expires
Fri, 22 Apr 2022 16:22:22 GMT
img
pix.eu.criteo.net/img/ Frame EF90
10 KB
10 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fs%2F_swift-3-sf316-51-fpbl-sg_1000main_nx.abdek.00f.png&v=3&w=800&s=DKpiVPFaNK74_yY5SV9snb7p&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e8388a9550fb495f762a7949f39c25376ed723649903b4d360472b74c1368e7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=1008483
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
10174
expires
Wed, 27 Apr 2022 21:20:45 GMT
img
pix.eu.criteo.net/img/ Frame EF90
28 KB
29 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fa%2F_acer-spin-3_sp314-54n_wp_fp_silver_modelmain_pen_nx.hq7ek.002.png&v=3&w=800&s=ctMAIZ1Bq-vp9vfXGyE4rP0K&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
58c486410327935edee0c88f48524bed22efb851f1297de45141491d6a2c025b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=1014309
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
28915
expires
Wed, 27 Apr 2022 22:57:51 GMT
img
pix.eu.criteo.net/img/ Frame EF90
13 KB
13 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fa%2F_acer-travelmate-spin-p4_tmp414rn-51-51g_fp-backlit_main_1000.png&v=3&w=800&s=8Jn9Z1Uu-bL4ntUQ-ApW_zAY&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
c25833e081f87a2528b18817d4ed59cfcfb0fb781312a1089309f638cf57c3e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:40 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=1057432
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
13032
expires
Thu, 28 Apr 2022 10:56:34 GMT
img
pix.eu.criteo.net/img/ Frame EF90
10 KB
11 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fa%2F_aspire-5_a515-56_fp_silver_1000main_nx.at1ek.006.png&v=3&w=800&s=PpcBQM51b7bEmzkAp3OgDqGF&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
8bc0fa4be9acbacf8d917de91f865417f7669ac0130a8fcbd773de02bcd03e92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=472723
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
10524
expires
Thu, 21 Apr 2022 16:31:25 GMT
img
pix.eu.criteo.net/img/ Frame EF90
33 KB
33 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Ft%2F_travelmate-p2_tmp214-52-52g-p40-52-modelmain_nx.vlhek.008.png&v=3&w=800&s=wD92A9RxLdF7LNN8EflHsNCD&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
a36f4eacb099ca6271c6f1cf491c84ac6f2df89c1da8592788035a44ddf9469f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/png
cache-control
public, max-age=672209
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
33958
expires
Sat, 23 Apr 2022 23:56:11 GMT
all
csm.eu.criteo.net/ Frame EF90
0
128 B
Ping
General
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=1bWa3wcHkZnT6OwQI66hskbcMm7KbwT6KRnzR8746lwq5LjwsboYtgwHmZUV1e17Wt1eRRyp8IPkCsiASaMZ4LanpM0Z1okkmR5CcDKoAFYNxSXjLRs4q3B5tDyLBw5nmdGmBOB7GLTA7iol2loTtTD6DtVjGAn4YcC19WJNawUtcFUGLZ4LtppPhD7ynI9P_hs6kGsaP0iITwRIxqMi_Kp6dRP54etae8gG5cIejAbFFcvbUDhjIS7W4uwyxMpsoGSP6qDkpFDyhzpK&sds=2&rev=81123&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 16 Apr 2022 05:12:41 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame EF90
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 05:12:41 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame EF90
2 KB
1 KB
Image
General
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
strict-transport-security
max-age=31536000; preload;
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 11 Apr 2023 05:12:41 GMT
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/
145 KB
51 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/reactive_library_fy2019.js?bust=31067098
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
42ac37e28965ec66567546eb503f6183594d305ffb1d0630a960557202926e15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52677
x-xss-protection
0
server
cafe
etag
14970179548365003902
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sat, 16 Apr 2022 05:12:41 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 0D44
143 B
163 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
367
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 05:06:34 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 37FF
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
59c6c7f7e78cc4e00a9e93eaa95ee6b0dc198fb0b6a55bebd133a12ab41c3320

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 693B
2 KB
908 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 04:47:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1522
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 04:47:19 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame 693B
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:00:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
734
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8002
x-xss-protection
0
server
cafe
etag
5332015062585099865
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:00:27 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 693B
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:09:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
199
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:09:22 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 693B
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:10:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
153
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:10:08 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 693B
119 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36909
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649897599747219"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 16 Apr 2022 05:12:41 GMT
fb084ba56019ecef1e967c41e75d05fd.js
www.gstatic.com/mysidia/ Frame 693B
29 KB
12 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/fb084ba56019ecef1e967c41e75d05fd.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
320829d08d5e492bb1e0e2c49e7ddfe9a4d5c9f7ed57f4c1316914276450b4c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 08:37:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
246928
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11996
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 03:53:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 12 Jul 2022 08:37:13 GMT
truncated
/ Frame 0DC6
211 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a0e857dc0bda54adbf8df1c31a3f4faa3cc1a0f56c092cc66309b95ca4b7fdd7

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
adview
googleads.g.doubleclick.net/pagead/ Frame D5C1
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CxoBYSFBaYuLOMr7H1fAPuOi0sAvG8-nNaY7B3oPTD8CNtwEQASDJ8_l-YLuGgIDQCqAB1N_bryjIAQGpAibls-2R6bU-qAMByAPLBKoEmgJP0DVmddeawjCZY8xJtD-T5YJLAGohxAjc8xOwYB-DXFcJsxGKzqukCdntaokBR2bwsd5EI--DkiP_JhZGwvkocUGX8VwFRliRIPYgnwRedmn2eJA2Ka3SFdV51lj9gbKqi5pJrg1KysoZ2Rj-gHLcaj8w52bfaWsVbZOfzHTi8-hwrmyIFiHwRxbf7Rir0T7tHPZGTgJuHYRFPcj_QZKT3tRruT5-4JIsH7an_zvUvU8rwCa6xYyrlRJZbQY2S33oX6UNpR6i2jXVxvsQpPE09iiQUmMC1DY7cKV3NayTPn1hmMxHR52sDPAevW7yyqj6w547rTebFePsagjiVHb9gR70aHUqkROGr9eAUljf_5JHOV1S3ziamhLABNXk0-33A4AH1JesjwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBC5wwvSCAkIgOGAEBABGB-ACgHICwHYEwPQFQGAFwGyFxwKGggAEhRwdWItODg1NDM1ODQwMjI3OTYxMxgA&sigh=DHRjQfsXnQw&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Sat, 16 Apr 2022 05:12:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame E47A
143 B
163 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
367
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 05:06:34 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
adview
googleads.g.doubleclick.net/pagead/ Frame 693B
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CNfNfSFBaYvqXMtyKx_AP6dKH2A6eiq3OaZSl0PbMD9rPtfr7LBABIMnz-X5gu4aAgNAKoAHW77n2A8gBCagDAcgDywSqBJICT9DPcMuCJkrKAByU1dJDwe8pfKMjSSoIaWWsjdTPL5biWjjH__TXyGSDIpyKG_ysowANxU71GTrEj9DmnIPYqQlsnVTxQWhDjdVx_5UC904wtguqCw2WiEGV25jhzBbwKZ7zqpe92NTi1B6X4Dya6yK37ytp912Z9CqpP183bnN7-TmqQj-YEWT90_CasHTdXTH-aTKJ4TEVWBgJZ2bUfXV0md3e5puCAV-ttDSFpr3syvGOm_-cjo5pSxiYadrKxZ5w5dgE1hhxz5K10Ej9L8dDqVWgAIvSD8vQGAleZUcwGQk4QVW6YYjJxP7Ju-1pDgQ1xudxmoTi0yPeRnBh95TFicmfIaaGVo16aLoHW7Ogs8AE2Zmigu4DkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB5KQxgmoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwQQu6sF0ggJCIDhgBAQARgfgAoByAsB2BMO0BUBmBYBgBcBshccChoIABIUcHViLTg4NTQzNTg0MDIyNzk2MTMYAA&sigh=9OSyMBlx-f0&uach_m=[UACH]&template_id=494
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Sat, 16 Apr 2022 05:12:41 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
shopping
encrypted-tbn2.gstatic.com/ Frame 693B
21 KB
21 KB
Image
General
Full URL
https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcSFGxH356GdAV6qylH0dDEguUCN5sA_l40ZRMA53wgDfyK1lGa2MXloBuK_E-o&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1004790da4f4ff9554828677090ce64fc85fe6cc818d755551df60b85af18588
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 08:05:23 GMT
x-content-type-options
nosniff
age
508038
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21478
x-xss-protection
0
last-modified
Fri, 20 Aug 2021 01:33:37 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Mon, 10 Apr 2023 08:05:23 GMT
shopping
encrypted-tbn3.gstatic.com/ Frame 693B
24 KB
24 KB
Image
General
Full URL
https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcSrWOSYC1XNECaEMShHe_74tflVRfmAKPvDH62GKdXM7u3ccBdB-W9DObwG0HE&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f531fc4b1981754b623942a77f8766cf715d205e0404c50b8ee0b15334fe34b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 18:52:47 GMT
x-content-type-options
nosniff
age
469194
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24327
x-xss-protection
0
last-modified
Fri, 10 Sep 2021 02:38:24 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Mon, 10 Apr 2023 18:52:47 GMT
shopping
encrypted-tbn1.gstatic.com/ Frame 693B
22 KB
22 KB
Image
General
Full URL
https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcRzSntr_zbnuBhZoyE8z8rzduHOOWFEygD418MmrwWvELq0BlO2ervZ62KPe5E&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fab541eb9da5a742c3f6c5c6840f2bea0a7b3c5a1df7e34dfe65e809ddd72ced
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 18:11:20 GMT
x-content-type-options
nosniff
age
471681
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22562
x-xss-protection
0
last-modified
Sat, 14 Aug 2021 02:00:58 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Mon, 10 Apr 2023 18:11:20 GMT
shopping
encrypted-tbn2.gstatic.com/ Frame 693B
12 KB
12 KB
Image
General
Full URL
https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcTScP7EkZxx8mQn_QZ7djQb_xORZNB6gbb2LJnDcQcHafIK0KCIoDF_wy9bog&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3763d2a2290cd57c24f6b28dafa96c31b9dc5b86a9a0271eff66caf6fc50f991
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 14 Apr 2022 17:58:46 GMT
x-content-type-options
nosniff
age
126835
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12667
x-xss-protection
0
last-modified
Thu, 14 Apr 2022 06:04:37 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Fri, 14 Apr 2023 17:58:46 GMT
shopping
encrypted-tbn0.gstatic.com/ Frame 693B
23 KB
23 KB
Image
General
Full URL
https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRkZuON55b-aw0UQhLsizKLGxmVWDZccI60f8K0cFK1WPxRqmYyhsiYuhSEUA&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
385f58815d186015cf42e0dcc2d91dbb2c2ea6c2ece3ecc009004e9128273d19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 04:58:37 GMT
x-content-type-options
nosniff
age
260044
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24026
x-xss-protection
0
last-modified
Thu, 04 Mar 2021 01:05:15 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Thu, 13 Apr 2023 04:58:37 GMT
shopping
encrypted-tbn3.gstatic.com/ Frame 693B
21 KB
21 KB
Image
General
Full URL
https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcSEUdcnd58TWWHg3XUDhbD_OML3ZZmIsC3OjAmLcdMIKol0pUTDeI1b4g8XORM&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a8ce07bd50b75c148130753df4b25b9078988f056023bae727beac69a50b17c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 11 Apr 2022 05:59:32 GMT
x-content-type-options
nosniff
age
429189
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21070
x-xss-protection
0
last-modified
Mon, 22 Feb 2021 01:25:56 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Tue, 11 Apr 2023 05:59:32 GMT
shopping
encrypted-tbn0.gstatic.com/ Frame 693B
21 KB
21 KB
Image
General
Full URL
https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcTtYxjsTVrJUNsQAq8gn8910w61-bpwFFAWyaDNuZ2ZH5C2nfKAJXblNakxQDA&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b922b23709acdda3759eff0f45ebccfb68268454f941ae6ab4aae7836c01ecd1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 17:31:19 GMT
x-content-type-options
nosniff
age
474082
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21926
x-xss-protection
0
last-modified
Tue, 18 May 2021 01:55:41 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Mon, 10 Apr 2023 17:31:19 GMT
shopping
encrypted-tbn1.gstatic.com/ Frame 693B
23 KB
23 KB
Image
General
Full URL
https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcTKe_RjcbBqrwRWkS0ZOgJojUUO64ZWxW9DucDlsL3cSWWzAq4f&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
67d9045a84b2424899a0bee08dd8a0675308270d4c7420071eddf553deb05583
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 18:00:01 GMT
x-content-type-options
nosniff
age
472360
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23283
x-xss-protection
0
last-modified
Tue, 16 Mar 2021 01:46:27 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Mon, 10 Apr 2023 18:00:01 GMT
shopping
encrypted-tbn0.gstatic.com/ Frame 693B
23 KB
23 KB
Image
General
Full URL
https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcTU7Wf555DgbrhS4JbhPtPMxTP0U5NrhrD8TNgUNFcHejOtGS_2ADq0lMjFPQ&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d4a7ec6dee21fbe04f2a5089f8e8c7601ab20856842a65578cbbde26081210a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 17:35:53 GMT
x-content-type-options
nosniff
age
473808
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23442
x-xss-protection
0
last-modified
Mon, 01 Feb 2021 02:36:18 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Mon, 10 Apr 2023 17:35:53 GMT
shopping
encrypted-tbn0.gstatic.com/ Frame 693B
23 KB
23 KB
Image
General
Full URL
https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcTa3Nvxm67FdmLyBC_pJHMyZHBI0ZhuAhjvFrlKfVy_nwN-X0MU6zhvyXqXXQ&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a17d5478ab0a0fd6f9e5cce1e46b944378fdd5cabb669cbfc527eaddb69b4e75
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 10 Apr 2022 18:41:44 GMT
x-content-type-options
nosniff
age
469857
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23509
x-xss-protection
0
last-modified
Thu, 29 Oct 2020 13:34:36 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Mon, 10 Apr 2023 18:41:44 GMT
shopping
encrypted-tbn3.gstatic.com/ Frame 693B
30 KB
30 KB
Image
General
Full URL
https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTem560O1ykHYGnjupAmlXH6YCvkXxkkS2RaHaMotFYePVawThRzpSlFe68Y4w&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a2616cdc332dcbd5db79ab7cde842f2d17f494a327e0d30408fb4ff21fe69c3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 04:41:48 GMT
x-content-type-options
nosniff
age
261053
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30932
x-xss-protection
0
last-modified
Sat, 20 Feb 2021 16:05:23 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Thu, 13 Apr 2023 04:41:48 GMT
shopping
encrypted-tbn3.gstatic.com/ Frame 693B
18 KB
18 KB
Image
General
Full URL
https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQfaBTNxjoPXpCZQr_ERuPmHIvfDu9zMfTEFLBmx879YWoDG2-T4h3osG7ZV0M&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7a2ebc692b2b25d120952dab0a0c4663b344ad9eb494ab6df9cc8edaa7f0079f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 01:07:02 GMT
x-content-type-options
nosniff
age
360339
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18171
x-xss-protection
0
last-modified
Sat, 02 Oct 2021 02:55:34 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Wed, 12 Apr 2023 01:07:02 GMT
shopping
encrypted-tbn2.gstatic.com/ Frame 693B
18 KB
18 KB
Image
General
Full URL
https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQMzno35dCud-qq3pVafGSKbvZQfsyHysbMQS5408HvWxeABig&usqp=CAI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
300cd678581c1f04ad918b185f5e75f1b67944339b7e52b008dc8aea9f9f1dfb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 02:40:02 GMT
x-content-type-options
nosniff
age
95559
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18500
x-xss-protection
0
last-modified
Wed, 17 Apr 2019 09:55:38 GMT
server
sffe
report-to
{"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type
image/jpeg
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="images-tbn"
expires
Sat, 15 Apr 2023 02:40:02 GMT
truncated
/ Frame D5C1
210 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d4762506e77643f50d84a839ba379f3466545d6238747a0d44ffbe2597f6d323

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v20/ Frame 0DC6
20 KB
20 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesansdisplay/v20/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 01:52:30 GMT
x-content-type-options
nosniff
age
98411
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20784
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 18:58:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 15 Apr 2023 01:52:30 GMT
css
fonts.googleapis.com/ Frame 202F
2 KB
435 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Muli:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c3d628f4e66cecd08fd6e79132a41585dfd209b14bd6e0695af0842025ee2768
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 04:01:32 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 16 Apr 2022 05:12:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 16 Apr 2022 05:12:41 GMT
css
fonts.googleapis.com/ Frame EF90
2 KB
435 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Muli:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c3d628f4e66cecd08fd6e79132a41585dfd209b14bd6e0695af0842025ee2768
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 04:11:14 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 16 Apr 2022 05:12:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 16 Apr 2022 05:12:41 GMT
integrator.js
adservice.google.co.uk/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.co.uk/adsid/integrator.js?domain=www.massblog.xyz
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.massblog.xyz
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 16 Apr 2022 05:12:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/ Frame 7317
10 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
27091
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4398
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 15 Apr 2022 21:41:10 GMT
etag
14837630671339829333
expires
Fri, 29 Apr 2022 21:41:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/ Frame 5A83
10 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
27091
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4398
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 15 Apr 2022 21:41:10 GMT
etag
14837630671339829333
expires
Fri, 29 Apr 2022 21:41:10 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
img
pix.eu.criteo.net/img/ Frame 202F
15 KB
15 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fn%2F_nitro5_an515-57_bl1_rgb-bk_main1000_nh.qewek.003.png&v=3&w=800&s=5bxCdDzRSxqKm-qrl4lrS7Am&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
972de7ed44386eb4b67225f4847421642810a04a9a1aecfe6386893e75d8a9d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=998941
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
15446
expires
Wed, 27 Apr 2022 18:41:43 GMT
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c7e9fae42da423a5462d0ace05843f6fc4200c59f237488a0ffe580dae288228

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 693B
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
103b2c8f828a165a9bb9863f122d9067e75214bfdef34c63a4ae2637e925aae7

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
img
pix.eu.criteo.net/img/ Frame EF90
15 KB
15 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fn%2F_nitro5_an515-57_bl1_rgb-bk_main1000_nh.qewek.003.png&v=3&w=800&s=5bxCdDzRSxqKm-qrl4lrS7Am&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
972de7ed44386eb4b67225f4847421642810a04a9a1aecfe6386893e75d8a9d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:41 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=998941
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
15446
expires
Wed, 27 Apr 2022 18:41:43 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 0D44
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 05:12:42 GMT
expires
Sat, 16 Apr 2022 05:12:42 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 05:12:42 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
pagead2.googlesyndication.com/bg/ Frame D2C3
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=6232600773&adk=3960313629&adf=463535606&pi=t.ma~as.6232600773&w=1200&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960780&bpp=1&bdt=1018&idt=1&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180%2C782x196%2C300x600%2C336x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3231&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=qduQrfIEoi&p=https%3A//www.massblog.xyz&dtd=4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 17:28:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
42250
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13566
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 15 Apr 2023 17:28:31 GMT
7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v26/ Frame 202F
31 KB
31 KB
Font
General
Full URL
https://fonts.gstatic.com/s/muli/v26/7Auwp_0qiz-afTLGLQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e14a625deb5e7cb388813d12ff906c39d7140ead453b49a22cc7d11497035790
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ads.eu.criteo.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 01:52:36 GMT
x-content-type-options
nosniff
age
98405
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31248
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:37:29 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 15 Apr 2023 01:52:36 GMT
4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v42/ Frame D5C1
28 KB
28 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v42/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 22:46:42 GMT
x-content-type-options
nosniff
age
282359
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28328
x-xss-protection
0
last-modified
Tue, 01 Mar 2022 21:57:43 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Apr 2023 22:46:42 GMT
7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v26/ Frame EF90
31 KB
31 KB
Font
General
Full URL
https://fonts.gstatic.com/s/muli/v26/7Auwp_0qiz-afTLGLQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e14a625deb5e7cb388813d12ff906c39d7140ead453b49a22cc7d11497035790
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ads.eu.criteo.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 01:52:36 GMT
x-content-type-options
nosniff
age
98405
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31248
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:37:29 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 15 Apr 2023 01:52:36 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame E47A
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 05:12:42 GMT
expires
Sat, 16 Apr 2022 05:12:42 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 05:12:42 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
css2
fonts.googleapis.com/ Frame 7317
4 KB
634 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 03:19:25 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 16 Apr 2022 05:12:42 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 16 Apr 2022 05:12:42 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7317
205 B
229 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 03:11:12 GMT
x-content-type-options
nosniff
age
7290
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sun, 16 Apr 2023 03:11:12 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7317
604 B
629 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 00:22:53 GMT
x-content-type-options
nosniff
age
17389
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sun, 16 Apr 2023 00:22:53 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/ Frame 7317
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1240106b570dda5fdb8cf5e703d20b1068194eb2f18795e20fa85fcb96108fdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:02:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
583
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8275
x-xss-protection
0
server
cafe
etag
13275616604445095965
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:02:59 GMT
583c04eba622323b1bc7d6fda2f57e1e.js
www.gstatic.com/mysidia/ Frame 5A83
9 KB
4 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/583c04eba622323b1bc7d6fda2f57e1e.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b968113e586107906911e61864086ba097b7b45cf857c0de3c4fd20963a90e61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 03:02:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
353435
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3720
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 03:53:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 11 Jul 2022 03:02:07 GMT
d153763d065fc486a30a5318c8635961.js
www.gstatic.com/mysidia/ Frame 5A83
8 KB
4 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/d153763d065fc486a30a5318c8635961.js?tag=text/vanilla_highlight
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae3a15a3e9733515bb33d29c4820b33c0bcaf30a522fd034ea68d104939901d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 11 Apr 2022 19:34:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
380301
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3697
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 03:53:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sun, 10 Jul 2022 19:34:21 GMT
css
fonts.googleapis.com/ Frame 5A83
8 KB
892 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 03:24:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 16 Apr 2022 05:12:42 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 16 Apr 2022 05:12:42 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 5A83
2 KB
911 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 04:47:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1523
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 04:47:19 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame 5A83
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:00:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
735
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8002
x-xss-protection
0
server
cafe
etag
5332015062585099865
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:00:27 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 5A83
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:09:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:09:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 5A83
119 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36909
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649897599747219"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 16 Apr 2022 05:12:42 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 5A83
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:10:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
154
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:10:08 GMT
fb084ba56019ecef1e967c41e75d05fd.js
www.gstatic.com/mysidia/ Frame 5A83
29 KB
12 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/fb084ba56019ecef1e967c41e75d05fd.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
320829d08d5e492bb1e0e2c49e7ddfe9a4d5c9f7ed57f4c1316914276450b4c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 08:37:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
246929
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11996
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 03:53:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 12 Jul 2022 08:37:13 GMT
iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
pagead2.googlesyndication.com/bg/ Frame 6E0C
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=196&slotname=2101235331&adk=1648560868&adf=1277333274&pi=t.ma~as.2101235331&w=782&fwrn=4&lmt=1650085960&rafmt=11&psa=0&format=782x196&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960630&bpp=20&bdt=868&idt=132&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280%2C250x180&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=2975&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=2&fsb=1&xpc=xi5Vs4uKoJ&p=https%3A//www.massblog.xyz&dtd=134
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 17:28:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
42251
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13566
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 15 Apr 2023 17:28:31 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame 5A83
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=COMKCSFBaYuyWMojH7_UP_86IwArtlOGXaJWFyLj3DtmbwM2RLBABIMnz-X5gu4aAgNAKoAHak6HMAsgBAakCJuWz7ZHptT6oAwHIA8sEqgSiAk_QZNZoL_3naXgP4MXggWDb1zYJCuEVNQddckP5uWqCchkQ7qdnLxt4xccTr9cndmWWv-rSUUHLH034MxMwWOZ2rrEuuTdtX1HLzaL4ec0HNcXHBRcMVuuBrk-VlwsgVXvkrN8AKQlWnBSZFoAaWJCeCxnq0ZWgAbtEVBHrKxbPEAu8-OVAiRagatGX0eK4fuYybf5QE8HoDzqlsCQXEOT1hiOAeHR2EHgru5dcU-dBtcwrdynukgoGsqDDSxhXmlfOfs1zElbBeOuNPdVtJ0gwCLsGG-U0BMcCePS0Rb0cngkQoieJrGExPT5MuX4doLA7BanChisxv_VUjo7UlTayc9QdFjDd4Dt5ARUjmzonfHf2wIqD7jm67QbOOXKZAujPwATeroiM4wOSBQQIBBgBkgUECAUYBIAHjuzeswGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDc2QjSCAkIgOGAEBABGB-ACgHICwHYEw2IFALQFQGAFwGyFxwKGggAEhRwdWItODg1NDM1ODQwMjI3OTYxMxgA&sigh=Q_MJpZ5AgHo&uach_m=[UACH]
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Sat, 16 Apr 2022 05:12:42 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame C798
143 B
163 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

age
368
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 05:06:34 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
583c04eba622323b1bc7d6fda2f57e1e.js
www.gstatic.com/mysidia/ Frame CD95
9 KB
4 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/583c04eba622323b1bc7d6fda2f57e1e.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b968113e586107906911e61864086ba097b7b45cf857c0de3c4fd20963a90e61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 03:02:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
353435
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3720
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 03:53:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 11 Jul 2022 03:02:07 GMT
dbf3cef656a25118592bc3f04dbd33f7.js
www.gstatic.com/mysidia/ Frame CD95
146 KB
54 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/dbf3cef656a25118592bc3f04dbd33f7.js?tag=gpa/dynamic_fig_web_banner_v2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cefc5d3d49043f4e32a056c97b314b82579c568ceacd159fa3b9ddb47eb55e6f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 14 Apr 2022 04:21:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
175843
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55495
x-xss-protection
0
last-modified
Wed, 13 Apr 2022 00:43:25 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 13 Jul 2022 04:21:59 GMT
css
fonts.googleapis.com/ Frame CD95
4 KB
812 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c9faa887081053d0ba3aa93fe82b3bb77190d4e43cfed2f20fbbde79c3f51f9a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 16 Apr 2022 03:32:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 16 Apr 2022 05:12:42 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 16 Apr 2022 05:12:42 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame CD95
2 KB
911 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 04:47:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1523
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 04:47:19 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame CD95
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:00:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
735
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8002
x-xss-protection
0
server
cafe
etag
5332015062585099865
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:00:27 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame CD95
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:09:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:09:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame CD95
119 KB
36 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36909
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1649897599747219"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 16 Apr 2022 05:12:42 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame CD95
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:10:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
154
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Apr 2022 05:10:08 GMT
fb084ba56019ecef1e967c41e75d05fd.js
www.gstatic.com/mysidia/ Frame CD95
29 KB
12 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/fb084ba56019ecef1e967c41e75d05fd.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
320829d08d5e492bb1e0e2c49e7ddfe9a4d5c9f7ed57f4c1316914276450b4c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 08:37:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
246929
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11996
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 03:53:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 12 Jul 2022 08:37:13 GMT
truncated
/ Frame 5A83
219 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
905f8c96ad4a92caa8bc411cb9a73d9bbfb4f1b0939fd32566074f39ce1f9508

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
pagead2.googlesyndication.com/bg/ Frame 0FC6
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=280&slotname=1877874053&adk=2546417002&adf=3318573824&pi=t.ma~as.1877874053&w=720&fwrn=4&fwrnh=100&lmt=1650085960&rafmt=1&psa=0&format=720x280&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960505&bpp=1&bdt=743&idt=247&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=246&ady=795&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=YxbswUM9CH&p=https%3A//www.massblog.xyz&dtd=250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 17:28:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
42251
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13566
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 15 Apr 2023 17:28:31 GMT
csi
csi.gstatic.com/ Frame CD95
0
327 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~l21ekt39&c=163210605963&slotId=81605302981.5&qqid=COvarJzpl_cCFYjjuwgdfycCqA&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=ssc&ulv=1
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/dbf3cef656a25118592bc3f04dbd33f7.js?tag=gpa/dynamic_fig_web_banner_v2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4005:807::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 05:12:42 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
hq1.jpg
i1.ytimg.com/vi/-ZEzRpV4S8Q/ Frame CD95
14 KB
15 KB
Image
General
Full URL
https://i1.ytimg.com/vi/-ZEzRpV4S8Q/hq1.jpg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
53b726b8489dc99aec19d200b5b5d26cbdb298f2a6ccb8468dede9a5e49efa54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:42 GMT
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14529
x-xss-protection
0
server
sffe
etag
"1594631705"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sat, 16 Apr 2022 07:12:42 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame F6EA
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuFqmf9qV5Et9seYwZKfqgf5tKlCJzh4T1Td1ho1X_iM75veMECcWxVN9LspOSjqpuM1ZXZP4LV3j_VR6IWXeXhCw&sig=Cg0ArKJSzKdmK6SuMdQYEAE&id=lidar2&mcvt=1066&p=0,0,280,1200&mtos=1066,1066,1066,1066,1066&tos=1066,0,0,0,0&v=20220413&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3960313629&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650085960746&rpt=522&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 05:12:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
videoplayback
rr1---sn-aigzrn7e.googlevideo.com/ Frame CD95
3 MB
3 MB
Media
General
Full URL
https://rr1---sn-aigzrn7e.googlevideo.com/videoplayback?expire=1650114761&ei=SVBaYoj5FZXi7gPU4om4Cg&ip=2001:ac8:21:e::10&id=f991334695784bc4&itag=18&source=youtube&requiressl=yes&mh=FZ&mm=31&mn=sn-aigzrn7e&ms=au&mv=m&mvi=1&pl=48&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=38.684&lmt=1631730283659129&mt=1650085745&txp=2218224&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAI6IFLR1_Zv_FrETY8m8emqEKNnArLLKyBfU7FXN-aTjAiEA_sNrRBCOitRNEC736TdogoeMw6hKWmZsGIKrRfB3EY8=&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRAIgfO7eLKbFtqq0jVTN2ff1pzrMJe8a1OJMv6kWrlmwihwCIDgXa5YKTAr9z_lNH7McL-M73Nx-iqI7-De6yBs64J_2&cpn=lb59cKAZOIEecRdk
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4009:13::6 London, United Kingdom, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
7c186f0c2a07ceaee0d12da4b6c2e976bc7f4bc64ddae7498faff479d9f51a5d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://googleads.g.doubleclick.net/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Range
bytes=0-

Response headers

Date
Sat, 16 Apr 2022 05:12:42 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 15 Sep 2021 18:24:43 GMT
Server
gvs 1.0
Vary
Origin
Content-Type
video/mp4
Content-Range
bytes 0-2997101/2997102
Cache-Control
private, max-age=28499
Cross-Origin-Resource-Policy
cross-origin
Connection
close
Accept-Ranges
bytes
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length
2997102
Expires
Sat, 16 Apr 2022 05:12:42 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame C798
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 05:12:42 GMT
expires
Sat, 16 Apr 2022 05:12:42 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 16 Apr 2022 05:12:42 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
pagead2.googlesyndication.com/bg/ Frame 2997
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 17:28:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
42251
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13566
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 15 Apr 2023 17:28:31 GMT
iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
pagead2.googlesyndication.com/bg/ Frame E009
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8854358402279613&output=html&h=180&slotname=7210091784&adk=2954428961&adf=83760943&pi=t.ma~as.7210091784&w=250&lmt=1650085960&psa=0&format=250x180&url=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650085960506&bpp=1&bdt=744&idt=252&shv=r20220413&mjsv=m202204120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C720x280&nras=1&correlator=4700897849079&frm=20&pv=1&ga_vid=1338010584.1650085961&ga_sid=1650085961&ga_hid=1245624721&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=481&ady=1239&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065742%2C31067098%2C31066185%2C31062931&oid=2&pvsid=990825940849860&pem=184&tmod=1684303376&uas=0&nvt=1&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=2n2Ov5zcUR&p=https%3A//www.massblog.xyz&dtd=254
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 17:28:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
42251
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13566
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 15 Apr 2023 17:28:31 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 5FB1
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssIV-R-2UMSjjzhZoVa1Pcq6B8LDQ_1kZN7hScFZtEx8OrGuRrZeN23muD2qAgW7wBkOIybFFCJoFXft1EFcu1hDg&sig=Cg0ArKJSzJvKq6a_58NmEAE&id=lidar2&mcvt=1048&p=0,0,600,300&mtos=1048,1048,1048,1048,1048&tos=1048,0,0,0,0&v=20220413&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2108418797&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650085960769&rpt=672&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 05:12:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
all
csm.eu.criteo.net/ Frame 202F
0
127 B
Ping
General
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=m_StIwcHkZnT6OwQvkpEiFJWrG0gXZNii2HnWscx7WJp1VzDq5Y4BvYQLZ-veCrlPQQnVjlv4q94iOkQ-ya5NhhjcarBX4Bdt-eeKWCendaMxbnJOXTzyFhckoCZ1O2UfiiUDjinsqYdCclD6ZDZyaL3rbNEDq2CY_AeTPKTrTzc-BF386dFDGJcY6DKCQltfsfB8d9wUtj7Ppq4h-LX6BV7qkdZ75c3jVK62NU601y6liwTJn5PAUhO8Cj0EbWYf_2yTw&sds=2&rev=81123&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMrV4IFVTbAAe3HVx4PWbRUFnzHbv9Eg&u=%7CPB2zhvQEITKkY0XmOa3aBIy463YStMuSOjvqUlvyIrA%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9xOVhUoU3KHrt8RCBjLG-FmsP6T4c8_8THsqZU8lYFjOx9aAYaDzTPKJca9D1GSUSUGEii4iZlYC4stqbcT2PhjZQ0OUnRT6pGQtS3rI0QzgBqmaLNqNGiwqir9JHmQn84prW41iqZTZdKxPUvCwSg__BDqsz3Xu4wazhy_66M6XBcCxvywKwx7BaYpIFOXVNQIBkYACir4roHA6j_EFFxSrwEVRWea2Hs0Kbh1FvOByNwCDHRJ1cj5HJ6d688xkDTUQ_l44cMuIG_-8rXv9B9CFoEFE16bscL_3EIRvt0WK0Bcu5dsfni2IRhRvDJ_WKxT70fX_V3zVG51o5RKuKOoOnckti806iu-p2GYVH4jXnVSNYMkdXewTuDCLkcRNpIVJa13uMYgPozDpkcD3EibYwxN49Z86FCCGuASG23SITmPHh9DmuChgEkpTwpLww&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1gHESFBaYt7aMtup1fAPne6e6ALkj9KxXL_b_YiIAcCNtwEQASAAYLuGgIDQCoIBF2NhLXB1Yi04ODU0MzU4NDAyMjc5NjEzoAG91IjrA8gBCakCJuWz7ZHptT6oAwGqBKQCT9D1rYIBQlUs6Vdo24FhvOLlpHrn79oV-JAk6LkHA5sdF8dmwcXL08CZzUsc5qut0coI7o8rn31nTTzvwErOLgBLZgkiPC7xRAA5nCTwWmkJkOa-SEzarz-mZc5Z4KwuNOHrMQCXp2g6zUFwsttMZT6AhZkhrbzz-e65F59zxxf_5Ij1oh4xOLrL2jsJRQW3WMDwhX7hycl_kVZJdN-Eq_ddvv_hiyNz6mPy-ysM5Dn_-BQGGwTiWvIfLmqECGbiXJEDlTNNnEDCsRQW4gKSwAyOxgptJjYlRYFlaHEyyeI9p6xJDXS0oA4qaBFWRf4MLQdZ48QO-QTKpLE66wfwJjHGRqd313KntQmR7wCHvecvgaI4G6DoS07sA1dCjUmgR-wPbIAG-cO0zfyi6eHCAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3RkUVbS1x3fjWMzIrlP8lfVOPdkA%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 16 Apr 2022 05:12:42 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
sodar
pagead2.googlesyndication.com/getconfig/
14 KB
10 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220413&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cfb6651e493c49c5227c48842598b621f46b22cbcf753f09ee1170e39b27a4bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 16 Apr 2022 05:12:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10630
x-xss-protection
0
__ptq.gif
track.hubspot.com/
45 B
955 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1541009889&v=1.1&a=21712388&ct=blog-post&r=https%3A%2F%2Ft.co%2F&pu=https%3A%2F%2Fwww.massblog.xyz%2Fkarakurt-ensnares-conti-diavol-ransomware-groups-in-its-web%2F&t=Karakurt+Ensnares+Conti%2C+Diavol+Ransomware+Groups+in+Its+Web+%E2%80%93+Mass+Blog&cts=1650085962679&vi=c0e1bfad8efec54720287f40b691bb6d&nc=true&u=93791682.c0e1bfad8efec54720287f40b691bb6d.1650085962677.1650085962677.1650085962677.1&b=93791682.1.1650085962677&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:42 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
a3cae3e5-19a1-47a4-8590-84d47c27593b
cf-ray
6fca6d73cc392325-ZRH
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TU7DTPNh6b03Vi9jmDukIFRp8aKOqO2OfChTCRStomf0dQo8Nkh8tBIwmqSfkgqMDIw9ugY59DjUyyGwMhbcZ69OJ8ytdJ200q0EgSxj6L9NJbtYydg2dUYf1hTrVMpdEVRMotWyI3vXEAQkmr4c"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
pagead2.googlesyndication.com/bg/ Frame 3FC5
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 17:28:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
42251
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13566
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 15 Apr 2023 17:28:31 GMT
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8854358402279613&plah=www.massblog.xyz&bust=31067098
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 16 Apr 2022 05:12:42 GMT
all
csm.eu.criteo.net/ Frame EF90
0
127 B
Ping
General
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=1bWa3wcHkZnT6OwQI66hskbcMm7KbwT6KRnzR8746lwq5LjwsboYtgwHmZUV1e17Wt1eRRyp8IPkCsiASaMZ4LanpM0Z1okkmR5CcDKoAFYNxSXjLRs4q3B5tDyLBw5nmdGmBOB7GLTA7iol2loTtTD6DtVjGAn4YcC19WJNawUtcFUGLZ4LtppPhD7ynI9P_hs6kGsaP0iITwRIxqMi_Kp6dRP54etae8gG5cIejAbFFcvbUDhjIS7W4uwyxMpsoGSP6qDkpFDyhzpK&sds=2&rev=81123&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YlpQSAAMjjIKe5QXAALi3evzhf-pSHX5w0fyPw&u=%7CPB2zhvQEITKeAuyN4WS6cu2Cotvh8YkEV8fOJlfDDks%3D%7C&c1=jWCgqsKSUoV3SMf7iUfSyN9Zdtl6nAKbFqSqspWYQC9QtxaN2yFPYz7E27bdan5Oj7k42CU8oFGKRUiI_nWN0RDLIXfSc1bdH4FzShidQKmnR5wG8Yg5sE7TA3xeYvTQrvsgimwWAlmMarKsv6w7VEdjxiSD6OTWUrLxPwelLqKDGUGmP_jEAJzeplF_fpeSu2Y7R9pxarNqsd_4DVTm0QXa4MDfJ-jQhOzdWqs8nop5_26hjug10Jm8mVnLW70iqr31ZbeBxMf9e6BLXwqeg_zirTsRBCAQrwAd8ka9iOUMU-jDYawWvQZJobY_oO5nxEZX-HrbPmnrRNgrcf5FkGHb8S3ytN0c-kw_Z-GxnZ8XI52_qvoPgRevs4-M5Wnyuf1bgldI88UGEbWSz4urOR1b4LLnSofyQCe-DIInBc5ztstItveyGqxOwtCr2ioOmnCZj_f5GzbLV9WS0rzOkkfV56dK9g80ruoTpCZ01CQ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC5L17SFBaYrKcMpeo7gPdxYvIBeSP0rFcp5LhiIgBwI23ARABIABgu4aAgNAKggEXY2EtcHViLTg4NTQzNTg0MDIyNzk2MTOgAb3UiOsDyAEJqQIm5bPtkem1PqgDAaoEowJP0LJpeaD-Hiw2wrurC0fw5MnAPV_0cj3XbHIfdE_fw5fOxuZig_NgaVuRlddfY-yyJrZSjmL9yKESS2uTxMJ7ysucqzswj6LyyQrPrHoTjHgS5EVIroxHVWHXBBUtw6J0Jxvyt6Lng2MfgEhI5jAof11tP7WhA9GGhlS4pss2hoOMLtFH2C3pEl1W43XvRf-GbIA_L6Ol1MXoKF7eq4hSE4Uitil_3tK_jRDec20YMqrtpIqsm_w9L6OfCTEPlUGMLkms_qfl6xfV8p7hR2oPNBx6iZSH41sTGEDkqSaJl9e9jmQEEgKMPw1bVA9kYf6rEjnGWKaBWemHYW7ByTQp1Y1PlpRf_O4Tg949ndzdOdjENVi_2um26B4y8-tpXUViie-ABvnDtM38ounhwgGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0uYz-HyIR0A2-wvT9pH0dISCc5Ww%26client%3Dca-pub-8854358402279613%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 16 Apr 2022 05:12:42 GMT
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
strict-transport-security
max-age=31536000; preload;
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CB7B
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
age
2210
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 04:35:52 GMT
expires
Sun, 16 Apr 2023 04:35:52 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 3DEA
783 B
536 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ac1d592590450d7df46186a41638532e052b097e0501e3752a7f18bb358ab878
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-d5T3PzMpPSHRtliW3pfX4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.massblog.xyz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-d5T3PzMpPSHRtliW3pfX4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 16 Apr 2022 05:12:42 GMT
expires
Sat, 16 Apr 2022 05:12:42 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
sodar
pagead2.googlesyndication.com/pagead/ Frame 3DEA
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220413&jk=990825940849860&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
pagead2.googlesyndication.com/bg/ Frame CB7B
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 17:28:31 GMT
content-encoding
br
x-content-type-options
nosniff
age
42252
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13566
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 15 Apr 2023 17:28:31 GMT
generate_204
tpc.googlesyndication.com/ Frame CB7B
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?-9tMRw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 693B
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuTNrdwSIrg-lPeoor6M-HxkQjIB_BsvvwrqufFWFbsGnf-8J4zidxbtry5EDZZVp80JpdKmbaALbeRkFqjCrs_9__tUJTQccpsp1aXO39boGQzIa0A9w&sai=AMfl-YTSLRF07gu1i244f-uAnebf-O1rhH4PNFifIyQ_VnaBFqddqWbXyG8WoYHF9O3AMax02WQmSKWcxxyZ&sig=Cg0ArKJSzBIwZlQYhBLpEAE&id=lidar2&mcvt=1001&p=0,0,280,720&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220413&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2546417002&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650085960756&rpt=1460&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 05:12:43 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 5A83
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst1ZSu0UfvGwUjf-mfe9aR6GDxgpp9h7q972UYZpXGZjntjN06mu9bk-C1EpyykV8H0QQkJBbgnjaWkcO5QltGelDU9f3p2jLFSnhElZxH_12GuNcl57Q&sai=AMfl-YQkPwyvVvPznMIXi_DkgimJ68fvCh7Fdk8oU07v53dLYIntvyi8oDUkC6OhrTlM7ehlzIhUL7EmWYcZ&sig=Cg0ArKJSzMATgMRn5KDKEAE&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=239,888,1000,1000,1000&tos=239,649,112,0,0&v=20220413&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2969136041&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650085961878&rpt=489&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 05:12:43 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220413&jk=990825940849860&bg=!8POl87fNAAZvJBiFTyQ7ACkAdvg8WkX3PuIysY6Iv7_auA9YOaQdVviB4kLfzDTx5jMZn-BZES1BFwIAAABeUgAAAANoAQcKAIzI-eVqXZQVXF2G53VISzj1JSPUTpzCwqJSS1r0omMAE9H8I2w02F2zZIma-KSsDPNmbq8uIQAs1O2fVWH5S8x3t85IJzqf15_4lb_e7_po_q6nyUijt6V-pkSsb9smsc3dmNIxutFfyA4gfFdO_ThO51RyyvT2Or_NO4HF034cD-9vHDQfjqQL2NENfpkCqYhHMRsURv5JEa1L0lCkrE4I0ad1Md9HmrpYnIHk63xgyGf4PHJ7mJuzLykFJQSZ8vKErMN18DyxOtifXCSTFr7bCNOkaIKSK4Sqx2URnp7GVADfDizjctFRF5AJaeqRNqbdv07Y0ZgEfzIp0xtwVk-6T0r9JES9qDGvcoVlJPNwo_aU-3-51iSx-t7EDiE5HEUEhYokK3OB4AWZ6I904aHK4HvglcT7myJxagDaeOtY6MpSQFrNTc-YTyRGma6gDCL2U6Ysi_xL2HAR3jfCUiWxF7Z0j5AjnghjZRO7HMxS16WwUqvJizGDxVNdA0-M_8p29_Zl0DrQF9PSti_nFlz61xLpCLU6njB8oFMTpsMtZj63ueJISvxonQLgjfYg_3196n7jK7BZ5AIcf-5Crh2iiGX5vzxJk9ILOzoFwNngGOlabi_rRkWw8_3C9HFLN1C7GUQo4NEnnZjL1LEMRQJb6mzTjp1CPqaHg8DT8J2yq7p98WKIq3xVKo7dMHbZGxORLrUDboL5gOVRzjvLzbW-bfXfHLuWxaafIc-GVqqs4i9d0o3FNl3JoUrk_i07PwCtvxwaVReMzorwyrCYaE6qNaqCU6aXLh1K6DsXiUe8joq1qK8OlL6v97GRpc9_H8X2bTySnJH39fvHJTnpqzoBVYMplKt1ajv6gNc9yt3TuUygTP7L9re65U2b5krUXQc2Uk6JS7tw412TlfVpmvY9TNDdMJsiGUS23OVRP5t5wLyCj4R3jbZuhEqNmjMcn36ugatNQ0V1NfBoL6Zu8mB-5Z9LEX9f6EBML5x-udoHllfSLfGwR9VNXmb-5x_J_2eRVf2nBD9ZU4x6NIo28pdSOXMEmXzJhaGjlsa8beg4Ri6bNnVifjsrYW_4gMvWOq4s3ls92SGtiw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.massblog.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

csi
csi.gstatic.com/ Frame CD95
0
17 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~l21ekt3e&c=163210605963&slotId=81605302981.5&qqid=COvarJzpl_cCFYjjuwgdfycCqA&umsem=0&ple=1&ape=1
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/dbf3cef656a25118592bc3f04dbd33f7.js?tag=gpa/dynamic_fig_web_banner_v2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4005:807::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Apr 2022 05:12:44 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cb41b6a5008f4f24a3d23d9d0a8e0007_cpn_300x600_1.jpeg
static.criteo.net/design/dt/65059/220408/ Frame EF90
112 KB
113 KB
Image
General
Full URL
https://static.criteo.net/design/dt/65059/220408/cb41b6a5008f4f24a3d23d9d0a8e0007_cpn_300x600_1.jpeg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
3a592a77aa5c43692dfe8d8380ba6554d1df8131834826c46580d14074b3cf0d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:45 GMT
last-modified
Fri, 08 Apr 2022 09:46:14 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"62500466-1c198"
strict-transport-security
max-age=31536000; preload;
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
115096
expires
Tue, 11 Apr 2023 05:12:45 GMT
img
pix.eu.criteo.net/img/ Frame EF90
10 KB
10 KB
Image
General
Full URL
https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=65059&q=80&r=0&u=https%3A%2F%2Fstatic2-ecemea.acer.com%2Fmedia%2Fcatalog%2Fproduct%2F_%2Fa%2F_acer-travelmate-p2_tmp215-53-53g_fp-backlit_1000main_nx.vqbek.00e.png&v=3&w=800&s=iqKX2rSkX9e6kDMZUp23ZAqi&b=400
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
pix.am5.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e60b5ae2f507c6b3008250bc07ef6245df6b6bdef292c6097e130d3cd3a8340b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sat, 16 Apr 2022 05:12:44 GMT
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Finatra
vary
Origin
content-type
image/webp
cache-control
public, max-age=476201
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
9856
expires
Thu, 21 Apr 2022 17:29:26 GMT

Verdicts & Comments Add Verdict or Comment

134 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| _wpemojiSettings object| ahc_ajax_front string| pageid string| page_id string| pagetitle string| page_title string| posttype string| post_type string| referer string| useragent string| servername string| hostname string| request_uri object| xhttp undefined| $ function| jQuery object| sibErrMsg object| ajax_sib_front_object string| captchaRes function| sibVerifyCallback object| _hsq object| hbspt object| taqyeem string| Sender function| sender object| sib object| sendinblue object| adsbygoogle object| atOptions object| regeneratorRuntime object| __core-js_shared__ object| core object| twemoji object| wp object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_lpabyc string| google_user_agent_client_hint object| senderObjects function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| leadin_wordpress object| jetpackLazyImagesL10n object| tie function| tieFlexMenu function| tieLazyLoad function| tieTabs function| tie_animate_element function| tie_animate_reviews object| $doc object| $window object| $html object| $body object| $themeHeader object| $mainNav object| $container boolean| is_RTL number| intialWidth boolean| isDuringAjax boolean| scrollBarWidth boolean| mobileMenu object| emergence object| browserPrefixes boolean| is_boxed_layout object| $the_post object| $postContent object| addComment object| _stq object| WebFontConfig function| loadCSS string| c object| _hsp object| WebFont function| st_go function| linktracker_init object| wpcom object| php_js boolean| _hspb_loaded object| __hsCollectedFormsDebug object| _paq function| sanitizeKey boolean| _hstc_loaded object| webpackJsonpundefined object| scCGSHMRCache object| googletag object| google_llp boolean| _hspb_ran boolean| _hstc_ran string| __hsUserToken number| expireDateTime object| GoogleGcLKhOms object| google_image_requests

11 Cookies

Domain/Path Name / Value
.t.co/ Name: muc
Value: 48ba90b4-adf4-4ec2-8e3c-dc8bc28e553f
.www.massblog.xyz/ Name: sib_cuid
Value: 46ea259c-4bbd-4aa0-bbc0-a64ce47023f9
sibautomation.com/ Name: uuid
Value: 920667b7-3789-48db-ba2c-f1b67ed5a03a
.massblog.xyz/ Name: __gads
Value: ID=c88674190f9dc8e6-22a4d11379cd0054:T=1650085960:RT=1650085960:S=ALNI_MYy9XgoA5iy8Y4R4IXuZoQwknJYpA
.doubleclick.net/ Name: IDE
Value: AHWqTUk9-ChGOdFXxZTNDd2UcjXFKiJ1EQOLXH6-lClEkVSSCg46gEmPa8pKkDGzOTE
.doubleclick.net/ Name: DSID
Value: NO_DATA
.massblog.xyz/ Name: __hstc
Value: 93791682.c0e1bfad8efec54720287f40b691bb6d.1650085962677.1650085962677.1650085962677.1
.massblog.xyz/ Name: hubspotutk
Value: c0e1bfad8efec54720287f40b691bb6d
.massblog.xyz/ Name: __hssrc
Value: 1
.massblog.xyz/ Name: __hssc
Value: 93791682.1.1650085962677
.hubspot.com/ Name: __cf_bm
Value: D5pmyFj88nwanA7fOcpfbYv32u1dQsq4FSxChWPp2Sg-1650085962-0-AWZ34LhxZD5tvF4n7p0rEU95EhX5RV2G2F5Uqr8an5XJSjZWRjfSJ3nZz7K6h40hEynoY3d1XNQ5Ayo3M6mUhDo=

7 Console Messages

Source Level URL
Text
javascript warning URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/(Line 496)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.effectivedisplayformats.com/5c468cdbebc131c9dae4d225295a4b13/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/(Line 496)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.effectivedisplayformats.com/5c468cdbebc131c9dae4d225295a4b13/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://www.effectivedisplayformats.com/5c468cdbebc131c9dae4d225295a4b13/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/(Line 691)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.effectivedisplayformats.com/140dc6097210c6c57d01c69d53debec1/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://www.massblog.xyz/karakurt-ensnares-conti-diavol-ransomware-groups-in-its-web/(Line 691)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.effectivedisplayformats.com/140dc6097210c6c57d01c69d53debec1/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://www.effectivedisplayformats.com/140dc6097210c6c57d01c69d53debec1/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1#RS-1-&adk=2969136041&client=ca-pub-8854358402279613&fa=1&ifi=10&uci=a!a&btvi=5&xpc=L1BgNmD46g&p=https%3A//www.massblog.xyz
Message:
The resource https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.co.uk
adservice.google.com
ajax.googleapis.com
c0.wp.com
cat.nl.eu.criteo.com
cdn.sender.net
cdnjs.cloudflare.com
chat-backend.sendinblue.com
chat.sendinblue.com
csi.gstatic.com
csm.eu.criteo.net
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
i0.wp.com
i1.ytimg.com
in-automate.sendinblue.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscollectedforms.net
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
pixel.wp.com
rr1---sn-aigzrn7e.googlevideo.com
rtb.nl.eu.criteo.com
sibautomation.com
static.cloudflareinsights.com
static.criteo.net
stats.wp.com
t.co
tpc.googlesyndication.com
track.hubspot.com
www.effectivedisplayformats.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.massblog.xyz
104.244.42.69
172.67.68.172
178.250.2.135
178.250.2.148
178.250.2.150
192.0.76.3
192.0.77.2
192.0.77.37
192.243.59.13
208.73.202.146
216.58.212.130
2606:4700:4400::6812:21ab
2606:4700:4400::6812:2291
2606:4700:440e::6812:2fe6
2606:4700::6810:5505
2606:4700::6811:190e
2606:4700::6811:47b0
2606:4700::6811:81ab
2606:4700::6811:90c
2606:4700::6811:a0c
2606:4700::6811:d4cc
2606:4700::6813:9b53
2607:f8b0:4005:807::2003
2a00:1450:4001:800::200e
2a00:1450:4001:802::2002
2a00:1450:4001:808::2003
2a00:1450:4001:810::200e
2a00:1450:4001:812::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::200e
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2004
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2001
2a00:1450:4009:13::6
2a02:2638:1::2
2a02:2638:1::3
2a02:2638:1::4
00a52aa85badec7474aacd51c2c87e39d27a22c4eb24e770add11877664ac439
01c02c2b82429d7ab0c99d51af3266223d7843fe0a6aab7b41986e716af9c94d
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
02af7e03520b6699b7eff36516fcd9fc000f00f6388f8ddeac599d00a76e6d0f
03dd15a551c408fc3ee4496227c5b0798ead05885e535e47f3fa13b6d0fad687
0670fd32e34c88456d5d713c33f9eea581b3ec56053fad5cb8f88fedee2daf29
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b0177d59de3aae322bccf040c86ef1e167990cd19003382b49fb8db8b1c00de
0f79c64f686102f8cc72db584b52c51dbd0720d7ade9a3284a3520bd91dc5328
1004790da4f4ff9554828677090ce64fc85fe6cc818d755551df60b85af18588
1021efafbf9b43acf446f436556222d910e0d86d09d796b6fb16101efedffa22
103b2c8f828a165a9bb9863f122d9067e75214bfdef34c63a4ae2637e925aae7
1240106b570dda5fdb8cf5e703d20b1068194eb2f18795e20fa85fcb96108fdb
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19c18f65cd4182ebfccb02a04088a5f6d4e0f3bf5ae0928ac44df3df791a4fbf
1d4a7ec6dee21fbe04f2a5089f8e8c7601ab20856842a65578cbbde26081210a
1ddecc9eadd3fd74f51899bd888adf3d4072e4acf352a35da887607ae83e7fc3
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
1edf3d204039d80d58683c2b681e348d298db9faa1f17bc61a776b360f0736a3
20ad570647067e9b483a46204d2ddb1854ee1bd3a380e96ffc1437b7380acf74
2a417b775676ac50b50fed07811ab9277525d4f07beb932e71fcc2832824a98c
2a4e9b3f33edb851ba930430bdbf317a3b95e0974763617d68ec0b555a3bb8fe
2a88596d8c0a225f0cdf6b710209c1089865da2d0785d38f21dbc0e3068945ca
2bea692fa42f7d6acff0b43b69ee90d742168d54ec42b367c97cd42a2e0b8641
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
300c2a57d0ed169063b3daaff0550227cf8be6e702a58ab79f40a351df655243
300cd678581c1f04ad918b185f5e75f1b67944339b7e52b008dc8aea9f9f1dfb
301bc8762f0b2a757b490fd15213b68926895c01b624a2ffdaaf030725473d0d
31a8dbe7c39cf4ffa9fe214267bc1aa73dca7304f689437bd4bb257066fa4b04
320829d08d5e492bb1e0e2c49e7ddfe9a4d5c9f7ed57f4c1316914276450b4c8
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
3763d2a2290cd57c24f6b28dafa96c31b9dc5b86a9a0271eff66caf6fc50f991
385f58815d186015cf42e0dcc2d91dbb2c2ea6c2ece3ecc009004e9128273d19
3a592a77aa5c43692dfe8d8380ba6554d1df8131834826c46580d14074b3cf0d
3c288f0c3cb0999bbd6a9f6486f6b13064ead24052234ac35f8b053b9db9ae96
3c302be6c3e6327b652a268f0d19cb878310058fd1ebabfaa070749509d232f3
3ec9cf1e071391908cd6834390e44e8fb8ae3961852618171a24f1f0a44dd5ef
404387e40a81704a338e00e4d77cad4d4630fa49fe36994312889392666ccf13
42ac37e28965ec66567546eb503f6183594d305ffb1d0630a960557202926e15
47ed1510850611cea5c6d5b011f38c0ea0cb16ed6e515e345a6ca2fa68d15293
4879dcab21b2218432075c33aff13cea89de4f392f749eaef3df339f3f694c72
487c90b14ef1b44e6b572cfd3082a2df28190d5d4894fcfc115fccb61d63d10e
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
4aedd618e5afdcceeaeb82c1d6926175a4bb43dd363e9c64eacfca2ae80c9b60
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f92f6f2cf3f4dc48ba6cf0ddb4b26a977dc6486aa3eb64610b9a694678c4f72
5362a303c93171df9fa4f60b8fc041dfdf018e08dd2362b8e8347fb7a549640e
53b726b8489dc99aec19d200b5b5d26cbdb298f2a6ccb8468dede9a5e49efa54
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58c486410327935edee0c88f48524bed22efb851f1297de45141491d6a2c025b
58d260c57004679defa1dbbf59b59df7bc1df71b6b664767b9bc0f4e76de9f3b
59c6c7f7e78cc4e00a9e93eaa95ee6b0dc198fb0b6a55bebd133a12ab41c3320
5c35ba43b7900752a3023550de81888bb9fa36138e72edf3db3bd20e1dc09186
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5cfd3418ebf7c95f8f7a9024ebfa383ff5a267a8568c9a2708c26733824bdf07
5d46bea8e4553cd5cdc3a2261c47c4ba7c01a40aa00519313afbc8a97680940d
5d9190292acdd48ba0fc35080f7e7448f3cdf0d79199a4d23f0f49b5341fdf29
5de0952e1f1de424a4eb81820d998404d4e6d63425362ccdf0c5d4208886fac7
5e97094a8849dee9b17f4f531a0dba09fd513bd4a79284a7a66a784747c1ca84
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63e9323b6bd6a9a761a3408cc92e33b3e6269cd203f528c8fc7a62b12035651d
65913f23c45040878bb000efd280385e4fd632b69c9b4724686b600e245f1a70
67d9045a84b2424899a0bee08dd8a0675308270d4c7420071eddf553deb05583
6808c7f1192e091f9e9b4e15e28fa2a8904117ba54c11e51fc8eb9d179733e1c
682fbd31276143963d8f249635babe30ff466316867bb2f84d3ec62e8338d8ef
69a19ce5d435b895645a9049fbc35106ce7f131a2449a2672d18ccb2642d6919
6a8c8e9e1e7f692c21af1956de163f3d026778e6449fe93a09a671847ca1ae65
6ac49b932dc7757819232eb1bd532a11c7df0d87c63f35984b34582c4b6518ec
6adb50ebc0453f30ad050a1bb8c285662df8d1dbf13155f9150bcd70b49cff43
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6dcdfab21fa29136d080a0780bf509c5ceba73b0e03f12789250cd7bb81994b0
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
712847935d8c995737a28164bc6ba341f514753824c84fdd9b83fd723b36e322
741aaea466ad264aaa738236928cafdbfe88541a09ef493364df309a6d13a1df
77b438737b45df2532ee53aa0429e56c4b533693cc326e14047279c893415fdd
787a6352c8fa4ceb889a14569d3e3ebc28849d179eb8a7a65e9bd26123ee62cb
7a2ebc692b2b25d120952dab0a0c4663b344ad9eb494ab6df9cc8edaa7f0079f
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7c186f0c2a07ceaee0d12da4b6c2e976bc7f4bc64ddae7498faff479d9f51a5d
7ed3fb8726f5c6c484b65456bf15028e3803e0a731e99e9a87f6ca0252470322
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
8133f6e5c98f920ffbe15f23fc2bf00db1f8cdd8594f79a7a8571dc9695b9ed9
82649ad7d4ec9c61f1e525b2dade75153ffb03610b88d22e1ba3ba98fd55de81
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
839ef46ec2d213b3c572d8513462ca464f831d1586175123652d964dc70f2974
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8b5abf902c157c372285a8277bd336ce30ac5efe1422a610d3b89e8024174e15
8bc0fa4be9acbacf8d917de91f865417f7669ac0130a8fcbd773de02bcd03e92
8e24c6bdac65562331c678bafc06b723057157421f934d9c90f84a11a3cefbf0
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
8fec7d374b50535d67c65b519d2ed135d1ed25534a934d0ede47634d5ba3a4cf
905f8c96ad4a92caa8bc411cb9a73d9bbfb4f1b0939fd32566074f39ce1f9508
930552fc38751e8eed028880df6682b197df07cb1716a6b65e7dcb6a895f3dca
972de7ed44386eb4b67225f4847421642810a04a9a1aecfe6386893e75d8a9d3
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9900b23f9f49af5f34387eb63a8673a563ab131c1e171cfaf14cf8b67a466b9d
9b1839b15e350bd02f8c61dc42a6b9bb3c8130f27e07e53b77d295f0695f0437
9d105532b10ffe64f4dd076d7dbb8784e3abfe6d1ec8fc26cfe13ec5684a408d
9d6ff9ce590e9d6210ffc6a7a282630fea42336748d898de6cb8e1ec68a97437
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a0e857dc0bda54adbf8df1c31a3f4faa3cc1a0f56c092cc66309b95ca4b7fdd7
a10b9570a1c7858442b42f1cd48b69a191638269f37e4046607bf5fe188e38bf
a17d5478ab0a0fd6f9e5cce1e46b944378fdd5cabb669cbfc527eaddb69b4e75
a2616cdc332dcbd5db79ab7cde842f2d17f494a327e0d30408fb4ff21fe69c3b
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a36f4eacb099ca6271c6f1cf491c84ac6f2df89c1da8592788035a44ddf9469f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a54b5ebcde4092fa1cadd83791ed2d3ad1095ae67ca4545eb9f465493584348c
a5f487bb3d5dc7be6f0e5ab7afb5892e59d4e2d003e41655405f7f23ed30644d
a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
a8ce07bd50b75c148130753df4b25b9078988f056023bae727beac69a50b17c8
a996803be97bd6eed2f13e2aaceed65ee5cc24e0669fcbd223788c5cf9159c2e
aae68d7418f7820c7267d6dc0ec4f3f0935d15e965d5dfd0730ee15265cb932e
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ac1d592590450d7df46186a41638532e052b097e0501e3752a7f18bb358ab878
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
ada8ec2c31e6beef0e1f0d861a4349ce9966965c2f652779b722335f07d322e4
ae3a15a3e9733515bb33d29c4820b33c0bcaf30a522fd034ea68d104939901d3
af614e60edfd6bd509e319f7611e4eb013560eb4f9770128140405cf01d16876
b1d5738a2e76486f59228c099c83bcb13e6bb11d65f6cf85bf19c1a584a15041
b4e54900492e7fa37b1da9dfb701b52ce20eb8709219e48f9db66b9fd547c429
b5c9fd37dca1ec56a382c45a38fd9aa8425a4b522200f6526b982902f3c3f06c
b700204654b191ae16a0e1f4687381108358bf9244ae1efec0a380b23215d4b2
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b922b23709acdda3759eff0f45ebccfb68268454f941ae6ab4aae7836c01ecd1
b968113e586107906911e61864086ba097b7b45cf857c0de3c4fd20963a90e61
bbf18ae550d420504652ee7304deb5b21ae4c2e500bbd0e13489298a6b9a314d
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
bf3b52f874aebd7cfc4c49cc840977ec1fa179df6026c7cbb23794a3ccbde172
c25833e081f87a2528b18817d4ed59cfcfb0fb781312a1089309f638cf57c3e4
c345acba0a210f6f8a646a51cb24fcb63ef3998a6913f6463d97a3b0c7634480
c3d628f4e66cecd08fd6e79132a41585dfd209b14bd6e0695af0842025ee2768
c7e9fae42da423a5462d0ace05843f6fc4200c59f237488a0ffe580dae288228
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
c9faa887081053d0ba3aa93fe82b3bb77190d4e43cfed2f20fbbde79c3f51f9a
cefc5d3d49043f4e32a056c97b314b82579c568ceacd159fa3b9ddb47eb55e6f
cfb6651e493c49c5227c48842598b621f46b22cbcf753f09ee1170e39b27a4bc
d020600f12c7f01e28904df701750c46c4f005f10ed07f0852a4bc33d7854165
d4762506e77643f50d84a839ba379f3466545d6238747a0d44ffbe2597f6d323
d503937452e40c21fce10346b29287ad23b221a372547f248da87ca5efb55767
d66fd57929db61111c48c8d091f74c0c1f2cb71ee994c15ac9943ab3501dc81d
d8469ad6e03ba1a6c2c9fee151001c818233baff45efada0b93f6d864c21dbb3
d90a92a7cfa091e8b08b8a24572b8c67d1aa35d4e2a9b09887cfb412acc3adfc
db0dd8cb0e0b563cd95c08d0461a1486353194e79eb5081fe96e6415f7ca3d02
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc3f2293f6503ff6ee63c2a69421d235a0f7881a80d89dd407ec2f15eda63fdd
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e14a625deb5e7cb388813d12ff906c39d7140ead453b49a22cc7d11497035790
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e60b5ae2f507c6b3008250bc07ef6245df6b6bdef292c6097e130d3cd3a8340b
e8388a9550fb495f762a7949f39c25376ed723649903b4d360472b74c1368e7d
e84a340caf47fb7f52d6d4eef3db512e84c911268acf1c5eb66b44887f343457
ea2ababc30e456846310dfe02ae49db7fe6866c0cb5ad6b432c53bacda37b3c1
ecaaeea6f052e64589d8acd2e3c5ec361b9ccf162d2953f2174c16a73a1f490c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd5ad608d8f3603b3eb9ca9f2c65ed45d7ca18acd0296fe5fc24b150eb4c4e9
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f5010764339d94d1fa6a5cc219dd0ab07cfca326a11e866768b80d6081773950
f531fc4b1981754b623942a77f8766cf715d205e0404c50b8ee0b15334fe34b3
fab541eb9da5a742c3f6c5c6840f2bea0a7b3c5a1df7e34dfe65e809ddd72ced
fb2a76ad4d12a2c7b2b02d7f786263a50263282bfcb6eeb53dd699b41cc3d8d9
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505