www.softpanorama.org Open in urlscan Pro
184.170.146.10 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker....
Submission: On September 05 via manual (September 5th 2021, 4:13:53 pm UTC) from US

Summary HTTP 171 Redirects Links 189 Behaviour Indicators

Summary

This website contacted 29 IPs in 6 countries across 30 domains to perform 171 HTTP transactions. The main IP is 184.170.146.10, located in United States and belongs to FORTRESSITX, US. The main domain is www.softpanorama.org.

This is the only time www.softpanorama.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	184.170.146.10 184.170.146.10	25653 (FORTRESSITX) (FORTRESSITX)
4	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1 1	94.31.29.96 94.31.29.96	6461 (ZAYO-6461) (ZAYO-6461)
1	130.211.198.3 130.211.198.3	15169 (GOOGLE) (GOOGLE)
3 6	104.20.207.62 104.20.207.62	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 11	104.111.231.15 104.111.231.15	16625 (AKAMAI-AS) (AKAMAI-AS)
24 32	2a04:4e42:600... 2a04:4e42:600::775	54113 (FASTLY) (FASTLY)
3 3	192.64.119.107 192.64.119.107	22612 (NAMECHEAP...) (NAMECHEAP-NET)
3	167.71.243.126 167.71.243.126	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	74.208.236.152 74.208.236.152	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
2 3	52.35.104.127 52.35.104.127	16509 (AMAZON-02) (AMAZON-02)
4 8	192.0.72.27 192.0.72.27	2635 (AUTOMATTIC) (AUTOMATTIC)
2	151.101.14.133 151.101.14.133	54113 (FASTLY) (FASTLY)
2	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
38	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
3 7	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
1 3	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
2 4	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
16	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
3 3	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	79.137.69.120 79.137.69.120	16276 (OVH) (OVH)
1 2	2a05:d01c:1d8... 2a05:d01c:1d8:8101:8678:af0d:fda8:5a84	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1 1	52.18.11.109 52.18.11.109	16509 (AMAZON-02) (AMAZON-02)
1 1	52.59.79.213 52.59.79.213	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
171	29

12 184.170.146.10 (United States)

ASN25653 (FORTRESSITX, US)
PTR: web301.coolhandle.com

www.softpanorama.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.31.29.96 (United Kingdom) 1 redirects

ASN6461 (ZAYO-6461, US)
PTR: 94.31.29.96.IPYX-077437-ZYO.above.net

cdn.blog.malwarebytes.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.198.3 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 3.198.211.130.bc.googleusercontent.com

blog.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.20.207.62 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

blog.emsisoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.111.231.15 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-231-15.deploy.static.akamaitechnologies.com

blog.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a04:4e42:600::775 (United States) 24 redirects

ASN54113 (FASTLY, US)

robpickering.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.64.119.107 (United States) 3 redirects

ASN22612 (NAMECHEAP-NET, US)

windowssecrets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 167.71.243.126 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: askwoody.com

www.askwoody.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.208.236.152 (United States) 1 redirects

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)

couleetechlink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.35.104.127 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-35-104-127.us-west-2.compute.amazonaws.com

coulee.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.coulee.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 192.0.72.27 (United States) 4 redirects

ASN2635 (AUTOMATTIC, US)

sophosnews.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.14.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.78 (United Kingdom) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 79.137.69.120 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: gcm10.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d01c:1d8:8101:8678:af0d:fda8:5a84 (London, United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.11.109 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.59.79.213 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-79-213.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
61	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	676 KB
33	doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	131 KB
32	robpickering.com 24 redirects robpickering.com	6 KB
12	softpanorama.org www.softpanorama.org	799 KB
11	trendmicro.com 4 redirects blog.trendmicro.com	690 KB
9	gstatic.com www.gstatic.com fonts.gstatic.com	105 KB
9	google.com 3 redirects adservice.google.com www.google.com	2 KB
8	wordpress.com 4 redirects sophosnews.files.wordpress.com	979 B
6	googletagservices.com www.googletagservices.com	202 KB
6	emsisoft.com 3 redirects blog.emsisoft.com	11 KB
4	rlcdn.com 2 redirects id.rlcdn.com	1 KB
3	pubmatic.com 3 redirects image6.pubmatic.com	1 KB
3	quantserve.com 1 redirects cms.quantserve.com	1 KB
3	coulee.tech 2 redirects coulee.tech www.coulee.tech	443 B
3	askwoody.com www.askwoody.com
3	windowssecrets.com 3 redirects windowssecrets.com	690 B
2	innovid.com 1 redirects ag.innovid.com	684 B
2	rubiconproject.com 2 redirects pixel.rubiconproject.com	920 B
2	openx.net 2 redirects rtb.openx.net	639 B
2	googleapis.com fonts.googleapis.com	1 KB
2	google.de adservice.google.de	435 B
2	googleadservices.com partner.googleadservices.com	880 B
2	paypalobjects.com www.paypalobjects.com	4 KB
1	agkn.com 1 redirects d.agkn.com	762 B
1	everesttech.net 1 redirects pixel.everesttech.net	374 B
1	gemius.pl 1 redirects googlecm.hit.gemius.pl	337 B
1	couleetechlink.com 1 redirects couleetechlink.com	220 B
1	malwarebytes.com blog.malwarebytes.com	19 KB
1	malwarebytes.org 1 redirects cdn.blog.malwarebytes.org	265 B
1	blogspot.com 1.bp.blogspot.com	43 KB
171	30

	Domain	Requested by
38	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
32	robpickering.com	24 redirects www.softpanorama.org
23	pagead2.googlesyndication.com	www.softpanorama.org pagead2.googlesyndication.com googleads.g.doubleclick.net www.gstatic.com tpc.googlesyndication.com www.googletagservices.com
17	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
16	cm.g.doubleclick.net	www.softpanorama.org googleads.g.doubleclick.net
12	www.softpanorama.org	www.softpanorama.org
11	blog.trendmicro.com	4 redirects www.softpanorama.org
8	sophosnews.files.wordpress.com	4 redirects www.softpanorama.org
7	www.google.com	3 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
6	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
6	blog.emsisoft.com	3 redirects www.softpanorama.org
5	www.gstatic.com	googleads.g.doubleclick.net
4	fonts.gstatic.com	fonts.googleapis.com
4	id.rlcdn.com	2 redirects googleads.g.doubleclick.net
3	image6.pubmatic.com	3 redirects
3	cms.quantserve.com	1 redirects googleads.g.doubleclick.net
3	www.askwoody.com	www.softpanorama.org
3	windowssecrets.com	3 redirects
2	ag.innovid.com	1 redirects googleads.g.doubleclick.net
2	pixel.rubiconproject.com	2 redirects
2	rtb.openx.net	2 redirects
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	partner.googleadservices.com	pagead2.googlesyndication.com
2	www.paypalobjects.com	www.softpanorama.org
2	coulee.tech	2 redirects
1	d.agkn.com	1 redirects
1	pixel.everesttech.net	1 redirects
1	googlecm.hit.gemius.pl	1 redirects
1	www.coulee.tech	www.softpanorama.org
1	couleetechlink.com	1 redirects
1	blog.malwarebytes.com	www.softpanorama.org
1	cdn.blog.malwarebytes.org	1 redirects
1	1.bp.blogspot.com	www.softpanorama.org
171	35

This site contains links to these domains. Also see Links.

Domain
en.wikipedia.org
www.theguardian.com
msdn.microsoft.com
www.kernelmode.info
1214447.r.msn.com
www.bleepingcomputer.com
spywarewarrior.com
www.techsupportforum.com
www.reddit.com
robpickering.com
www.microsoft.com
www.virustotal.com
deletemalware.blogspot.com
www.xerox.com
lifehacker.com
blog.emsisoft.com
blog.trendmicro.com
www.opendns.com
support.microsoft.com
www.makeuseof.com
www.amazon.com
superuser.com
glipho.com
www.foolishit.com
www.computerworld.com
answers.microsoft.com
www.shadowexplorer.com
www.google.com
blogs.computerworld.com
www.tomsguide.com
abcnews.go.com
windowssecrets.com
www.kttc.com
www.doit.wisc.edu
nakedsecurity.sophos.com
www.theregister.co.uk
www.ikugz.com
www.justice.gov
www.gchq.gov.uk
www.ubuntu.com
www.nationalcrimeagency.gov.uk
twit.tv
linode.com
blockchain.info
www.moneypak.com
www.imdb.com
www.carbonite.com
www.crashplan.com
cloudsecurity.trendmicro.com
about-threats.trendmicro.com
blogs.technet.com
www.smallbizserver.com
www.marketwatch.com
technet.microsoft.com
www.nsa.gov
gktibioivpqbot.net
chart.av-comparatives.org
imgur.com
www.geek.com
nerdanswer.com
www.wisc.edu
support.kaspersky.com
www.malwarebytes.org
i.imgur.com
forum.avast.com
www.youtube.com
developers.google.com
www.elsevierdirect.com
blog.windowsnt.lv
social.technet.microsoft.com
malwr.com
vms.drweb.com
www.cmitsolutions.com
www.techrepublic.com
softpanorama.biz
www.un.org

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.emsisoft.com RapidSSL RSA CA 2018	`2020-06-03` - `2022-06-03`	2 years	crt.sh
www.trendmicro.com Entrust Certification Authority - L1M	`2021-07-15` - `2022-08-13`	a year	crt.sh
robpickering.com R3	`2021-08-26` - `2021-11-24`	3 months	crt.sh
askwoody.com R3	`2021-07-08` - `2021-10-06`	3 months	crt.sh
www.coulee.tech R3	`2021-07-11` - `2021-10-09`	3 months	crt.sh
*.files.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-21` - `2022-01-21`	a year	crt.sh
www.paypalobjects.com DigiCert SHA2 Extended Validation Server CA	`2021-04-29` - `2021-12-13`	8 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-16` - `2021-11-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
www.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh

This page contains 22 frames:

Primary Page: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Frame ID: 670635DB1E9A6957FA4A53BE2B629EDF
Requests: 51 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/zrt_lookup.html
Frame ID: 9946049FB231789D99069DFEAFD759A5
Requests: 1 HTTP requests in this frame

Frame: http://www.softpanorama.org/topupdates.shtml
Frame ID: 1458F792286A515777940316B44E4CBE
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241
Frame ID: 0BF2BB3D69779313C94FF88E093A1B00
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&adk=1812271804&adf=3025194257&lmt=1630858413&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&ea=0&flash=0&pra=7&wgl=1&dt=1630858413240&bpp=2&bdt=460&idt=3&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=5&uci=a!5&fsb=1&dtd=10
Frame ID: 880C185E2F748396B9220650E1C1E009
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=600&slotname=0371843916&adk=855761454&adf=2722944954&pi=t.ma~as.0371843916&w=160&lmt=1630858413&psa=0&format=160x600&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413011&bpp=1&bdt=232&idt=254&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1420&ady=1263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=u19Q61eRO2&p=http%3A//www.softpanorama.org&dtd=258
Frame ID: 1B4D65F676B6E6DDAD4B1EEC210A810B
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3274064497&adk=3776831882&adf=4261137787&pi=t.ma~as.3274064497&w=336&lmt=1630858413&psa=0&format=336x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413013&bpp=1&bdt=233&idt=262&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0%2C160x600&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=26&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nEXGjeOB4A&p=http%3A//www.softpanorama.org&dtd=266
Frame ID: 086CD956D3F42BD599BD84E278091D85
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=90&slotname=2589461422&adk=3812213861&adf=3408173157&pi=t.ma~as.2589461422&w=728&lmt=1630858413&url=http%3A%2F%2Fwww.softpanorama.org%2Ftopupdates.shtml&flash=0&wgl=1&dt=1630858413304&bpp=14&bdt=145&idt=72&shv=r20210831&mjsv=m202109010101&ptt=5&saldr=sa&correlator=5731227515698&frm=21&ife=1&pv=1&ga_vid=1666206666.1630858413&ga_sid=1630858413&ga_hid=1067035641&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=389&ady=21344&biw=1600&bih=1200&isw=1480&ish=320&ifk=352169860&scr_x=0&scr_y=0&eid=21065725%2C21067665%2C31062297&oid=3&pvsid=3551126409740499&top=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1480%2C320&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.gy6htlngvnjo&btvi=1&fsb=1&xpc=H65P0wtxh5&p=http%3A//www.softpanorama.org&dtd=80
Frame ID: 6358418C2702DB4FE9DB276CB77C42F7
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: C9D026A03CA3D0859075103FC44D3DCD
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3FD0F6302C447E33ED3C712483DE12DF
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 186F73CA1AD7826DA20F9A16F4D1B148
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5795F7CE78BA895669F5F2FEAE2474A9
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js
Frame ID: 468C6044EBA489A6FEB158326E1CE4C6
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js
Frame ID: 664947C333C1FEE0AA02EC7FFC0574E7
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0063192BD0E1D2AA6DC485A42A8E81F3
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js
Frame ID: C95AC3EA749CC8F9246ECDF0F9B17101
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html
Frame ID: EAC40F283D0F3471915852C88708590A
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: C67E71F49087CFDBBC3D5035146F6D06
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 0AE687018391D0E9C2D93C5356165A61
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2EE7CD00A991EA45B7130ED1C06C8003
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: F3AD0B94AF060347D469A898D428FF00
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9C25444F12A4A6D03FF87CFBC4080202
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cryptolocker Trojan (Win32/Crilock.A)

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

171
Requests

89 %
HTTPS

46 %
IPv6

30
Domains

35
Subdomains

29
IPs

6
Countries

2682 kB
Transfer

4454 kB
Size

4
Cookies

189 Outgoing links

These are links going to different origins than the main page.

URL: http://en.wikipedia.org/wiki/Ransomware_(malware)
Title: Ransomware

Search URL Search Domain Scan URL

URL: http://www.theguardian.com/money/2013/oct/19/cryptolocker-attacks-computer-ransomeware
Title: Guardian

Search URL Search Domain Scan URL

URL: http://msdn.microsoft.com/en-us/library/aa376977(v=vs.85).aspx
Title: CurrentVersion\Run

Search URL Search Domain Scan URL

URL: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2945#p20765
Title: Trojan:Win32/Crilock.A

Search URL Search Domain Scan URL

URL: http://1214447.r.msn.com/?ld=6vsY068D6ZuseR1aWJ_YhNmTVUCUwMDTNPwtWZhhRRsLvPot2uwvkAjHs9-YHmOtrakXrcj1JXIJ6ykBml5y7y_CAsXUIdXuRkbW6T9Jq2R_Hu0oS_L0DArhJvStHYt1qOGum23A&u=mycuredcomputer.com%2flp
Title: Crypto Locker Removal - We Remove The Crypto Virus Fast!

Search URL Search Domain Scan URL

URL: http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/page-84
Title: Cryptolocker Hijack program

Search URL Search Domain Scan URL

URL: http://spywarewarrior.com/de-listed.htm#sh_note
Title: Rogue/Suspect Anti-Spyware Products List

Search URL Search Domain Scan URL

URL: http://www.techsupportforum.com/forums/f50/spyhunter-loop-de-loop-706441.html#post4179545
Title: topic

Search URL Search Domain Scan URL

URL: http://www.reddit.com/r/sysadmin/comments/1p32lx/cryptolocker_recap_a_new_guide_to_the_bleepingest/
Title: CryptoLocker Recap A new guide to the bleepingest virus of 2013. sysadmin

Search URL Search Domain Scan URL

URL: http://www.reddit.com/r/sysadmin/comments/1mizfx/proper_care_feeding_of_your_cryptolocker/
Title: Proper Care & Feeding of your CryptoLocker Infection

Search URL Search Domain Scan URL

URL: http://robpickering.com/2013/10/cryptolocker-an-executive-infection-1420
Title: Cryptolocker – An Executive Infection - RobPickering.com

Search URL Search Domain Scan URL

URL: http://www.reddit.com/user/CryptoLocker
Title: CryptoLocker

Search URL Search Domain Scan URL

URL: http://www.reddit.com/user/bluesoul
Title: bluesoul

Search URL Search Domain Scan URL

URL: http://www.reddit.com/user/PBI325
Title: PBI325

Search URL Search Domain Scan URL

URL: http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/Crilock.A
Title: TrojanWin32-Crilock.A

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9/analysis/1379395790/
Title: (VirusTotal

Search URL Search Domain Scan URL

URL: http://deletemalware.blogspot.com/2013/10/remove-cryptolocker-virus-and-restore.html
Title: Remove CryptoLocker virus and restore encrypted files

Search URL Search Domain Scan URL

URL: http://www.xerox.com/
Title: http://www.xerox.com

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/Whitelist
Title: whitelist

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/File_extension
Title: file extensions

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/Bitcoin
Title: Bitcoin

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/Public-key_cryptography
Title: asymmetric encryption

Search URL Search Domain Scan URL

URL: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2945
Title: KernelMode.info)

Search URL Search Domain Scan URL

URL: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2945
Title: Select all

Search URL Search Domain Scan URL

URL: http://lifehacker.com/5683682/five-best-domain-name-registrars
Title: domain names registrars

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Domain_Generation_Algorithm
Title: Domain generation algorithm

Search URL Search Domain Scan URL

URL: http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/
Title: CryptoLocker - a new ransomware variant Emsisoft Blog

Search URL Search Domain Scan URL

URL: http://blog.emsisoft.com/wp-content/uploads/2013/09/public_key1.png
Title:

Search URL Search Domain Scan URL

URL: http://blog.emsisoft.com/wp-content/uploads/2013/09/initial_request.png
Title:

Search URL Search Domain Scan URL

URL: http://blog.emsisoft.com/wp-content/uploads/2013/09/key_reply1.png
Title:

Search URL Search Domain Scan URL

URL: http://blog.trendmicro.com/trendlabs-security-intelligence/latest-pushdo-variants-challenge-antimalware-solution/
Title: http://blog.trendmicro.com/trendlabs-security-intelligence/latest-pushdo-variants-challenge-antimalware-solution/

Search URL Search Domain Scan URL

URL: http://blog.trendmicro.com/trendlabs-security-intelligence/pushdo-takedown-damages-botnet/
Title: several times

Search URL Search Domain Scan URL

URL: http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/pushdo-traffic-1.jpg
Title:

Search URL Search Domain Scan URL

URL: http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/CNC-Pushdo-2.jpg
Title:

Search URL Search Domain Scan URL

URL: http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/generated-domains-PUSHDO.jpg
Title:

Search URL Search Domain Scan URL

URL: http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/wrs-query-trendmicro-screenshot.jpg
Title:

Search URL Search Domain Scan URL

URL: http://www.opendns.com/
Title: OpenDNS

Search URL Search Domain Scan URL

URL: http://www.bleepingcomputer.com/
Title: bleepingcomputer.com

Search URL Search Domain Scan URL

URL: http://support.microsoft.com/?id=837388
Title: http://support.microsoft.com/?id=837388

Search URL Search Domain Scan URL

URL: http://www.makeuseof.com/tag/windows-7-firewall-compares-firewalls/
Title: Windows 7 Firewall How It Compares Against Other Firewalls

Search URL Search Domain Scan URL

URL: https://www.amazon.com/Apricorn-Hardware-Encrypted-Portable-A25-3PL256-1000/dp/B007JGB0EI/ref=pd_sim_147_3?_encoding=UTF8&pd_rd_i=B007JGB0EI&pd_rd_r=RWY0T636PY55CD42AA3K&pd_rd_w=w1JeK&pd_rd_wg=VUARt&psc=1&refRID=RWY0T636PY55CD42AA3K
Title: Apricorn Aegis Padlock

Search URL Search Domain Scan URL

URL: https://www.amazon.com/Kingston-64GB-Traveler-Encrypted-DTVP30/dp/B00G31OONY/ref=sr_1_6?ie=UTF8&qid=1495505844&sr=8-6&keywords=USB+drive+encrypted
Title: Kingston Digital 64GB Data Traveler AES Encrypted Vault Privacy 256Bit 3.0 USB Flash Drive

Search URL Search Domain Scan URL

URL: http://support.microsoft.com/kb/311272
Title: DevCon

Search URL Search Domain Scan URL

URL: https://superuser.com/questions/443162/remove-usb-device-from-command-line
Title: windows - Remove USB device from command line - Super User

Search URL Search Domain Scan URL

URL: http://glipho.com/anti-malware-blogger/cryptolocker-prevention
Title: CryptoLocker Prevention

Search URL Search Domain Scan URL

URL: http://www.foolishit.com/vb6-projects/cryptoprevent/
Title: CryptoPrevent Computer Technician - PC Repair Software Foolish IT LLC

Search URL Search Domain Scan URL

URL: http://www.computerworld.com/s/article/9243537/Cryptolocker_How_to_avoid_getting_infected_and_what_to_do_if_you_are_?taxonomyId=125&pageNumber=2
Title: computerworld.com

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Shadow_Copy
Title: Shadow Copy

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Shadow_Copy#cite_note-14
Title: [14]

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Shadow_Copy#cite_note-15
Title: [15]

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Windows_Vista_editions
Title: editions of Windows Vista

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Shadow_Copy#cite_note-16
Title: [16]

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Windows_7_editions
Title: Windows 7 editions

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Shadow_Copy#cite_note-17
Title: [17]

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Shadow_Copy#cite_note-18
Title: [18]

Search URL Search Domain Scan URL

URL: https://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/how-to-enable-volume-shadow-copy-in-windows-7/faaf7490-d929-47a6-a12f-1bf100db66e5
Title: How to Enable Volume Shadow Copy in windows 7 - Microsoft Community

Search URL Search Domain Scan URL

URL: http://www.shadowexplorer.com/
Title: ShadowExplorer

Search URL Search Domain Scan URL

URL: http://www.computerworld.com/s/article/9243537/Cryptolocker_How_to_avoid_getting_infected_and_what_to_do_if_you_are_?taxonomyId=125&pageNumber=3
Title: computerworld.com)

Search URL Search Domain Scan URL

URL: http://www.shadowexplorer.com/downloads.html
Title: free tool

Search URL Search Domain Scan URL

URL: http://www.google.com/search?q=site:www.softpanorama.org&hl=en&lr=&tbo=1&prmd=ivns&source=lnt&tbs=qdr:y&sa=X&ei=aML0TaHgO4fUgAedxtjzCw&ved=0CAsQpwUoBQ&biw=1256&bih=801&cad=cbv#q=site:www.softpanorama.org&hl=en&lr=&tbo=1&prmd=ivns&source=lnt&tbs=qdr:w&sa=X&ei=csL0TYHsI4LagAeKu7DPCw&ved=0CAwQpwUoAw&fp=fb58e14853731932&biw=1256&bih=801
Title: Past week

Search URL Search Domain Scan URL

URL: http://www.google.com/search?q=site:www.softpanorama.org&hl=en&lr=&tbo=1&prmd=ivns&source=lnt&tbs=qdr:m&sa=X&ei=IMD0TdjLHMXUgQe9t6zfCw&ved=0CA0QpwUoBA
Title: Past month

Search URL Search Domain Scan URL

URL: http://www.computerworld.com/s/author/9000163/Gregg+Keizer
Title: Gregg Keizer

Search URL Search Domain Scan URL

URL: http://www.computerworld.com/s/article/9248872/Massive_botnet_takedown_stops_spread_of_Cryptolocker_ransomware?pageNumber=2
Title: Computerworld

Search URL Search Domain Scan URL

URL: http://blogs.computerworld.com/cybercrime-and-hacking/23980/wham-bam-global-operation-tovar-whacks-cryptolocker-ransomware-gameover-zeus-botnet
Title: Computerworld Blogs

Search URL Search Domain Scan URL

URL: http://www.tomsguide.com/us/gameover-zeus-cryptolocker-bust,news-18883.html
Title: tomsguide.com

Search URL Search Domain Scan URL

URL: http://abcnews.go.com/Technology/fed-cyber-sleuths-stop-gameover-zeus-cryptolocker-crime/story?id=23964827
Title: ABC News

Search URL Search Domain Scan URL

URL: http://www.theguardian.com/technology/2014/jun/02/cryptolocker-virus-nca-malware-protection
Title: The Guardian

Search URL Search Domain Scan URL

URL: http://www.bleepingcomputer.com/forums/t/511780/dns-sinkhole-campaign-underway-for-cryptolocker/
Title: DNS Sinkhole campaign underway for CryptoLocker - News

Search URL Search Domain Scan URL

URL: http://blog.trendmicro.com/trendlabs-security-intelligence/cryptolocker-its-spam-and-zeuszbot-connection/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Anti-MalwareBlog+(Trendlabs+Security+Intelligence+Blog)
Title: CryptoLocker Its Spam and ZeuS-ZBOT Connection Security Intelligence Blog Trend Micro

Search URL Search Domain Scan URL

URL: http://www.computerworld.com/s/article/9243537/Cryptolocker_How_to_avoid_getting_infected_and_what_to_do_if_you_are_
Title: Cryptolocker How to avoid getting infected and what to do if you are - Computerworld

Search URL Search Domain Scan URL

URL: http://windowssecrets.com/
Title: Windows Secrets

Search URL Search Domain Scan URL

URL: http://www.reddit.com/r/sysadmin/comments/1mizfx/proper_care_feeding_of_your_cryptolocker/ccsicfg
Title: Maybe_Forged comments on Proper Care & Feeding of your CryptoLocker Infection A rundown on what we know.

Search URL Search Domain Scan URL

URL: http://www.kttc.com/link/658025/how-to-remove-crypto-locker
Title: KTTC Rochester, Austin, Mason City News, Weather and Sports

Search URL Search Domain Scan URL

URL: http://www.doit.wisc.edu/news/cryptolocker-ransomware-found-campus/
Title: Cryptolocker ransomware found on campus

Search URL Search Domain Scan URL

URL: http://nakedsecurity.sophos.com/2013/10/12/destructive-malware-cryptolocker-on-the-loose/
Title: Destructive malware "CryptoLocker" on the loose - here's what to do

Search URL Search Domain Scan URL

URL: http://nakedsecurity.sophos.com/
Title: nakedsecurity.sophos.com/

Search URL Search Domain Scan URL

URL: http://www.theregister.co.uk/2013/10/18/cryptolocker_ransmware/
Title: The Register

Search URL Search Domain Scan URL

URL: http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/page-5
Title: Cryptolocker Hijack program - Page 5 - General Security

Search URL Search Domain Scan URL

URL: http://www.ikugz.com/2013/09/26/cryptolocker-trojan/
Title: CryptoLocker Trojan

Search URL Search Domain Scan URL

URL: http://www.computerworld.com/s/article/9244176/Cryptolocker_The_evolution_of_extortion
Title: Cryptolocker

Search URL Search Domain Scan URL

URL: http://www.computerworld.com/s/article/9248755/U.S._foreign_agents_disrupt_Gamover_Zeus_botnet
Title: grabbed control

Search URL Search Domain Scan URL

URL: http://www.justice.gov/criminal/pr/speeches/2014/crm-speech-140602.html
Title: reported

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/File:FBI_Badge_&_gun.jpg
Title: Justice Department

Search URL Search Domain Scan URL

URL: http://www.justice.gov/opa/documents/dgzc/complaint.pdf
Title: http://www.justice.gov/opa/documents/dgzc/complaint.pdf

Search URL Search Domain Scan URL

URL: http://www.gchq.gov.uk/press_and_media/press_releases/Pages/new-platform-security-guidance.aspx
Title: http://www.gchq.gov.uk/press_and_media/press_releases/Pages/new-platform-security-guidance.aspx

Search URL Search Domain Scan URL

URL: http://www.ubuntu.com/desktop
Title: http://www.ubuntu.com/desktop

Search URL Search Domain Scan URL

URL: http://www.nationalcrimeagency.gov.uk/news/news-listings/386-two-week-opportunity-for-uk-to-reduce-threat-from-powerful-computer-attack
Title: the NCA's own announcement

Search URL Search Domain Scan URL

URL: http://twit.tv/show/security-now/427
Title: Security Now

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/CryptoLocker
Title: Cryptolocker

Search URL Search Domain Scan URL

URL: http://robpickering.com/wp-content/uploads/2013/10/CLWelcome.png
Title:

Search URL Search Domain Scan URL

URL: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
Title: BleepingComputer.com

Search URL Search Domain Scan URL

URL: http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/
Title: support forum

Search URL Search Domain Scan URL

URL: http://robpickering.com/wp-content/uploads/2013/10/CLCommand.png
Title:

Search URL Search Domain Scan URL

URL: http://linode.com/
Title: Linode

Search URL Search Domain Scan URL

URL: http://robpickering.com/2013/10/cryptolocker-an-executive-infection-1420
Title: ?

Search URL Search Domain Scan URL

URL: http://robpickering.com/wp-includes/images/smilies/icon_smile.gif
Title: http://robpickering.com/wp-includes/images/smilies/icon_smile.gif

Search URL Search Domain Scan URL

URL: http://robpickering.com/wp-content/uploads/2013/10/CLPayment.png
Title:

Search URL Search Domain Scan URL

URL: https://blockchain.info/address/1AXgfzpiimunqsrSFn2qgM8YgKGqqgPwU4
Title: 1AXgfzpiimunqsrSFn2qgM8YgKGqqgPwU4

Search URL Search Domain Scan URL

URL: https://www.moneypak.com/
Title: Green Dot MoneyPak

Search URL Search Domain Scan URL

URL: http://robpickering.com/wp-content/uploads/2013/10/CLMoneyPak.png
Title:

Search URL Search Domain Scan URL

URL: http://robpickering.com/wp-content/uploads/2013/10/CLPaymentActivation.png
Title:

Search URL Search Domain Scan URL

URL: http://robpickering.com/wp-content/uploads/2013/10/CLFileDecryption.png
Title:

Search URL Search Domain Scan URL

URL: http://robpickering.com/wp-content/uploads/2013/10/CLErrors.png
Title:

Search URL Search Domain Scan URL

URL: http://robpickering.com/wp-content/uploads/2013/10/CLDecryptComplete.png
Title:

Search URL Search Domain Scan URL

URL: https://blockchain.info/address/1KP72fBmh3XBRfuJDMn53APaqM6iMRspCh
Title: 1KP72fBmh3XBRfuJDMn53APaqM6iMRspCh

Search URL Search Domain Scan URL

URL: https://blockchain.info/address/18iEz617DoDp8CNQUyyrjCcC7XCGDf5SVb
Title: 18iEz617DoDp8CNQUyyrjCcC7XCGDf5SVb

Search URL Search Domain Scan URL

URL: http://www.imdb.com/title/tt0086567/
Title: W.O.P.R.

Search URL Search Domain Scan URL

URL: http://www.carbonite.com/
Title: Carbonite

Search URL Search Domain Scan URL

URL: http://www.crashplan.com/
Title: CrashPlan

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/DNS_sinkhole
Title: DNS sinkhole

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/Domain_generation_algorithm
Title: Domain Generation Algorithm

Search URL Search Domain Scan URL

URL: http://blog.trendmicro.com/trendlabs-security-intelligence/threat-refinement-ensues-with-crypto-locker-shotodor-backdoor/
Title: reported

Search URL Search Domain Scan URL

URL: http://cloudsecurity.trendmicro.com/us/technology-innovation/our-technology/smart-protection-network/
Title: Smart Protection Network

Search URL Search Domain Scan URL

URL: http://about-threats.trendmicro.com/us/malware/TROJ_UPATRE.VNA
Title: TROJ_UPATRE.VNA

Search URL Search Domain Scan URL

URL: http://about-threats.trendmicro.com/us/malware/TSPY_ZBOT.VNA
Title: TSPY_ZBOT.VNA

Search URL Search Domain Scan URL

URL: http://about-threats.trendmicro.com/us/malware/TROJ_CRILOCK.NS
Title: TROJ_CRILOCK.NS

Search URL Search Domain Scan URL

URL: http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/registry-editor-cryptolocker.jpg
Title:

Search URL Search Domain Scan URL

URL: http://windowssecrets.com/top-story/cryptolocker-a-particularly-pernicious-virus/
Title: CryptoLocker A particularly pernicious virus

Search URL Search Domain Scan URL

URL: http://blogs.technet.com/b/the_microsoft_excel_support_team_blog/archive/2013/09/07/quot-cannot-open-the-file-because-the-file-format-or-extension-is-invalid-quot-opening-office-files.aspx
Title: blog

Search URL Search Domain Scan URL

URL: https://windowssecrets.com/best-hardware/external-hard-drives-take-on-cloud-storage/
Title: article

Search URL Search Domain Scan URL

URL: http://www.smallbizserver.com/
Title: site

Search URL Search Domain Scan URL

URL: http://www.microsoft.com/en-us/server-cloud/products/windows-server-2012-r2-essentials/default.aspx#fbid=BnvBJKvxVfV
Title: site

Search URL Search Domain Scan URL

URL: http://www.marketwatch.com/story/wd-introduces-new-ultra-compact-network-storage-plus-servers-2013-10-10?reflink=MW_news_stmp
Title: announced

Search URL Search Domain Scan URL

URL: http://technet.microsoft.com/en-us/library/bb457006.aspx
Title: more info

Search URL Search Domain Scan URL

URL: http://windowssecrets.com/top-story/what-you-should-know-about-windows-event-viewer/
Title: Top Story

Search URL Search Domain Scan URL

URL: http://www.nsa.gov/ia/_files/os/win2k/Application_Whitelisting_Using_SRP.pdf
Title: document

Search URL Search Domain Scan URL

URL: http://www.reddit.com/r/sysadmin/comments/1mizfx/proper_care_feeding_of_your_cryptolocker/
Title:

Search URL Search Domain Scan URL

URL: http://www.reddit.com/user/Maybe_Forged
Title: Maybe_Forged

Search URL Search Domain Scan URL

URL: http://www.reddit.com/r/Bitcoin/comments/1o53hl/disturbing_bitcoin_virus_encrypts_instead_of/
Title: disturbing_bitcoin_virus_encrypts_instead_of/

Search URL Search Domain Scan URL

URL: http://www.reddit.com/user/Doctor_McKay
Title: Doctor_McKay

Search URL Search Domain Scan URL

URL: http://www.reddit.com/u/soulscore
Title: /u/soulscore

Search URL Search Domain Scan URL

URL: http://www.reddit.com/u/Spinal33
Title: /u/Spinal33

Search URL Search Domain Scan URL

URL: http://www.reddit.com/u/CANT_ARGUE_DAT_LOGIC
Title: /u/CANT_ARGUE_DAT_LOGIC

Search URL Search Domain Scan URL

URL: http://gktibioivpqbot.net/1002.exe
Title: http://gktibioivpqbot.net/1002.exe

Search URL Search Domain Scan URL

URL: http://chart.av-comparatives.org/chart1.php?chart=chart2&year=2013&month=8&sort=1&zoom=0
Title: AV Comparatives

Search URL Search Domain Scan URL

URL: http://www.reddit.com/u/Maybe_Forged
Title: /u/Maybe_Forged

Search URL Search Domain Scan URL

URL: http://www.reddit.com/u/zfs_balla
Title: /u/zfs_balla

Search URL Search Domain Scan URL

URL: http://imgur.com/q3XOuDz
Title: http://imgur.com/q3XOuDz

Search URL Search Domain Scan URL

URL: http://www.reddit.com/r/sysadmin/comments/1mizfx/proper_care_feeding_of_your_cryptolocker/ccsdgas
Title: permalink

Search URL Search Domain Scan URL

URL: http://www.geek.com/apps/disk-encryptiing-cryptolocker-malware-demands-300-to-decrypt-your-files-1570402/
Title: Geek.com

Search URL Search Domain Scan URL

URL: http://www.bleepingcomputer.com/forums/t/507035/crypto-locker-has-made-it-onto-network-share-drive/
Title: The infected PC no longer shows the dialog box to pay the ransom. The timer ran out and now it is gone. I can find no trace of it, but the files are still inaccessible.

Search URL Search Domain Scan URL

URL: http://www.bleepingcomputer.com/forums/t/507498/crypto-blocker-dllhostexe-overun/
Title: "Unfortunately this case is pretty much hopeless. Removal of the above infection is fairly easy but it won't decrypt encrypted files."

Search URL Search Domain Scan URL

URL: http://nerdanswer.com/answer.php?q=300642
Title: "I just came across the same issue! Nothing is removing it! Please help!!!!"

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/RSA_Factoring_Challenge
Title: http://en.wikipedia.org/wiki/RSA_Factoring_Challenge

Search URL Search Domain Scan URL

URL: http://www.wisc.edu/
Title: University of Wisconsin-Madison

Search URL Search Domain Scan URL

URL: http://nakedsecurity.sophos.com/2013/10/12/destructive-malware-CryptoLocker-on-the-loose/
Title: explains

Search URL Search Domain Scan URL

URL: http://www.bleepingcomputer.com/forums/t/446111/new-accdfisa-protection-center-ransomware-called-malware-protection/
Title: ACCDFISA

Search URL Search Domain Scan URL

URL: http://www.bleepingcomputer.com/forums/t/501540/ransomcrypt-dirtydecryptexe-uses-efs/
Title: DirtyDecrypt

Search URL Search Domain Scan URL

URL: http://support.kaspersky.com/viruses/rescuedisk#downloads
Title: http://support.kaspersky.com/viruses/rescuedisk#downloads

Search URL Search Domain Scan URL

URL: http://www.malwarebytes.org/
Title: http://www.malwarebytes.org/

Search URL Search Domain Scan URL

URL: http://i.imgur.com/hJxj2bv.jpg
Title: this Software Restriction Policy

Search URL Search Domain Scan URL

URL: http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/page-11#entry3155444
Title: here

Search URL Search Domain Scan URL

URL: http://forum.avast.com/index.php?topic=135066.0
Title: CryptoLocker

Search URL Search Domain Scan URL

URL: http://www.youtube.com/watch?v=Gz2kmmsMpMI
Title: Watch CryptoLocker in action - YouTube

Search URL Search Domain Scan URL

URL: http://www.youtube.com/watch?v=Uzl_h-Nc8Ps
Title: A very scary virus. CryptoLocker is here.

Search URL Search Domain Scan URL

URL: http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/page-26
Title: Cryptolocker Hijack program - Page 26 - General Security

Search URL Search Domain Scan URL

URL: http://blogs.technet.com/b/markrussinovich/archive/2013/01/07/3543763.aspx
Title: Hunting Down and Killing Ransomware - Mark's Blog - Site Home - TechNet Blogs

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/Cryptographic_API
Title: Microsoft CryptoAPI - Wikipedia, the free encyclopedia

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/Cryptovirology
Title: Cryptovirology - Wikipedia, the free encyclopedia

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/DNSBL
Title: DNSBL - Wikipedia, the free encyclopedia

Search URL Search Domain Scan URL

URL: https://developers.google.com/speed/public-dns/faq
Title: Frequently Asked Questions - Public DNS - Google Developers

Search URL Search Domain Scan URL

URL: http://www.elsevierdirect.com/companions/9781597491358/casestudies/DNS.pdf
Title: Chapter 10 DNS-Based Botnet Detection - ElsevierDirect

Search URL Search Domain Scan URL

URL: http://support.microsoft.com/kb/310791
Title: http://support.microsoft.com/kb/310791

Search URL Search Domain Scan URL

URL: http://blog.windowsnt.lv/2011/06/01/preventing-malware-with-srp-english/
Title: http://blog.windowsnt.lv/2011/06/01/preventing-malware-with-srp-english/

Search URL Search Domain Scan URL

URL: http://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx
Title: http://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx

Search URL Search Domain Scan URL

URL: http://support.microsoft.com/kb/324036
Title: The Microsoft KB article about the GPO

Search URL Search Domain Scan URL

URL: http://technet.microsoft.com/en-us/library/cc733026.aspx
Title: The Microsoft KB article describing Trusted Publishers

Search URL Search Domain Scan URL

URL: http://social.technet.microsoft.com/Forums/windows/en-US/28274afb-a9dc-4d7c-91e2-5a90e8e4a959/software-restriction-policy-iexploreexe-32bit-cant-start-7zip-picture-viewer-etc?forum=w7itprosecurity
Title: a technet post about how to handle programs that utilize registry redirection

Search URL Search Domain Scan URL

URL: https://malwr.com/analysis/NTlmZTE3ZDYzMmE2NDc4MWJlYjhmNTZjZGUzNjU3ZjE/
Title: Malwr - Malware Analysis by Cuckoo Sandbox

Search URL Search Domain Scan URL

URL: http://vms.drweb.com/virus/?i=3027927
Title: Trojan.Encoder.304

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Category:Botnets
Title: Botnets

Search URL Search Domain Scan URL

URL: http://www.theguardian.com/money/2013/oct/19/10-ways-beat-cryptolocker-protect-files
Title: 10 ways to beat CryptoLocker

Search URL Search Domain Scan URL

URL: http://www.cmitsolutions.com/corporate/blog/5-ways-keep-your-computer-safe-cryptolocker-ransomware-virus
Title: 5 Ways to Keep Your Computer Safe from CryptoLocker Ransomware Virus – QuickTip from CMIT Solutions CMIT Solutions

Search URL Search Domain Scan URL

URL: http://www.techrepublic.com/article/wannacrypt-makes-an-easy-case-for-linux/
Title: WannaCrypt makes an easy case for Linux - TechRepublic

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Bulletin/Sp2013_v25/bulletin25_12.shtml
Title: Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Skeptics/Political_skeptic/Bulletin/political_skeptic2013.shtml
Title: Political Skeptic Bulletin, 2013

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Skeptics/Financial_skeptic/Unemployment/Bulletin/unempoyment2010.shtml
Title: Unemployment Bulletin, 2010

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Bulletin/Sp2011_v23/bulletin23_10.shtml
Title: Vol 23, No.10 (October, 2011) An observation about corporate security departments

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml
Title: Slightly Skeptical Euromaydan Chronicles, June 2014

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Skeptics/Financial_skeptic/Casino_capitalism/12_Apostols_of_deregulation/Greenspan/Bulletin/greenspan_bulletin2008.shtml
Title: Greenspan legacy bulletin, 2008

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Skeptics/Financial_skeptic/Humor/Bulletin/financial_humor2010.shtml
Title: Financial Humor Bulletin, 2010

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Skeptics/Financial_skeptic/Inequality/Bulletin/inequality2009.shtml
Title: Inequality Bulletin, 2009

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Skeptics/Financial_skeptic/Humor/Bulletin/financial_humor2008.shtml
Title: Financial Humor Bulletin, 2008

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Copyright/Bulletin/copyleft_problems2004.shtml
Title: Copyleft Problems Bulletin, 2004

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Skeptics/Financial_skeptic/Humor/Bulletin/financial_humor2011.shtml
Title: Financial Humor Bulletin, 2011

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Skeptics/Financial_skeptic/Energy/Bulletin/energy_bulletin2010.shtml
Title: Energy Bulletin, 2010

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Malware/Bulletin/malware2010.shtml
Title: Malware Protection Bulletin, 2010

Search URL Search Domain Scan URL

URL: http://softpanorama.biz/Skeptics/Political_skeptic/Bulletin/political_skeptic2011.shtml
Title: Political Skeptic Bulletin, 2011

Search URL Search Domain Scan URL

URL: http://www.un.org/Depts/dhl/sflib/
Title: SDNP

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

http://cdn.blog.malwarebytes.org/wp-content/uploads/2013/10/assemcrypto.gif HTTP 301
http://blog.malwarebytes.com/wp-content/uploads/2013/10/assemcrypto.gif

Request Chain 11

http://blog.emsisoft.com/wp-content/uploads/2013/09/public_key1.png HTTP 301
https://blog.emsisoft.com/wp-content/uploads/2013/09/public_key1.png

Request Chain 12

http://blog.emsisoft.com/wp-content/uploads/2013/09/initial_request.png HTTP 301
https://blog.emsisoft.com/wp-content/uploads/2013/09/initial_request.png

Request Chain 13

http://blog.emsisoft.com/wp-content/uploads/2013/09/key_reply1-300x267.png HTTP 301
https://blog.emsisoft.com/wp-content/uploads/2013/09/key_reply1-300x267.png

Request Chain 14

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/pushdo-traffic-1.jpg HTTP 301
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/pushdo-traffic-1.jpg

Request Chain 15

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/CNC-Pushdo-2.jpg HTTP 301
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/CNC-Pushdo-2.jpg

Request Chain 16

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/generated-domains-PUSHDO.jpg HTTP 301
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/generated-domains-PUSHDO.jpg

Request Chain 17

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/wrs-query-trendmicro-screenshot.jpg HTTP 301
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/wrs-query-trendmicro-screenshot.jpg

Request Chain 22

http://robpickering.com/wp-content/uploads/2013/10/CLWelcome-300x233.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLWelcome-300x233.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLWelcome-300x233.png/ HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/clwelcome-300x233.png/

Request Chain 23

http://robpickering.com/wp-content/uploads/2013/10/CLCommand-300x190.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLCommand-300x190.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLCommand-300x190.png/ HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/clcommand-300x190.png/

Request Chain 24

http://robpickering.com/wp-content/uploads/2013/10/CLPayment-300x227.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLPayment-300x227.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLPayment-300x227.png/ HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/clpayment-300x227.png/

Request Chain 25

http://robpickering.com/wp-content/uploads/2013/10/CLMoneyPak-258x300.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLMoneyPak-258x300.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLMoneyPak-258x300.png/ HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/clmoneypak-258x300.png/

Request Chain 26

http://robpickering.com/wp-content/uploads/2013/10/CLPaymentActivation-300x236.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLPaymentActivation-300x236.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLPaymentActivation-300x236.png/ HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/clpaymentactivation-300x236.png/

Request Chain 27

http://robpickering.com/wp-content/uploads/2013/10/CLFileDecryption-300x234.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLFileDecryption-300x234.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLFileDecryption-300x234.png/ HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/clfiledecryption-300x234.png/

Request Chain 28

http://robpickering.com/wp-content/uploads/2013/10/CLErrors-300x236.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLErrors-300x236.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLErrors-300x236.png/ HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/clerrors-300x236.png/

Request Chain 29

http://robpickering.com/wp-content/uploads/2013/10/CLDecryptComplete-300x235.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLDecryptComplete-300x235.png HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/CLDecryptComplete-300x235.png/ HTTP 301
https://robpickering.com/wp-content/uploads/2013/10/cldecryptcomplete-300x235.png/

Request Chain 30

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/spam-sample-cryptolocker.jpg HTTP 307
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/spam-sample-cryptolocker.jpg

Request Chain 31

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/blog_cryptlock_edited.jpg HTTP 307
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/blog_cryptlock_edited.jpg

Request Chain 32

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/registry-editor-cryptolocker.jpg HTTP 307
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/registry-editor-cryptolocker.jpg

Request Chain 33

http://windowssecrets.com/wp-content/uploads/2013/10/W20131024-TS-CryptoLocker.png HTTP 302
https://www.askwoody.com/

Request Chain 34

http://windowssecrets.com/wp-content/uploads/2013/10/W20131024-TS-LocalSecurityPolicy.png HTTP 302
https://www.askwoody.com/

Request Chain 35

http://windowssecrets.com/wp-content/uploads/2013/10/W20131024-TS-NewPolicies.png HTTP 302
https://www.askwoody.com/

Request Chain 36

http://couleetechlink.com/new2/assets//images/crypto_locker.jpg HTTP 302
http://coulee.tech/ HTTP 301
https://coulee.tech/ HTTP 301
https://www.coulee.tech/

Request Chain 37

http://sophosnews.files.wordpress.com/2013/10/th-regedit-480.png?w=743&h=203 HTTP 301
https://sophosnews.files.wordpress.com/2013/10/th-regedit-480.png?w=743&h=203

Request Chain 38

http://sophosnews.files.wordpress.com/2013/10/th-domains-4801.png?w=743&h=128 HTTP 301
https://sophosnews.files.wordpress.com/2013/10/th-domains-4801.png?w=743&h=128

Request Chain 39

http://sophosnews.files.wordpress.com/2013/10/th-exts-480.png?w=743&h=266 HTTP 301
https://sophosnews.files.wordpress.com/2013/10/th-exts-480.png?w=743&h=266

Request Chain 40

http://sophosnews.files.wordpress.com/2013/10/th-paypage-4801.png?w=743&h=572 HTTP 301
https://sophosnews.files.wordpress.com/2013/10/th-paypage-4801.png?w=743&h=572

Request Chain 88

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPKOlqOhaRM6hWknu3LC33iCsanmEjmzc3umnE2Ln6N8LKQJs6GfYHr6CPo2YAE7HA9BSnTUxSqnSDQlqlyhQFFXCTsimX4&google_gid=CAESEGFDxvbi2rWIiM5XGd0Sz8k&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCK3Z04kGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBLT2xxT2hhUk02aFdrbnUzTEMzM2lDc2FubUVqbXpjM3VtbkUyTG42TjhMS1FKczZHZllIcjZDUG8yWUFFN0hBOUJTblRVeFNxblNEUWxxbHloUUZGWENUc2ltWDQ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwam5WQzNmWW1xN29LZm9MQTBPS3R2dDhQT0JQRnVyLXkxUmJqV3ZERlNGMA==&google_push

Request Chain 89

https://rtb.openx.net/sync/dds?google_gid=CAESEEihrivouz1Z4bZWpWPUpDI&google_cver=1&google_push=AYg5qPJ5_m5UYFxzzU9YIlzMPRaZex-6auUn_pbIYNN4KtXgPGj3SET_dxlg1S8UDdgXmTQWRUXkq_XpIwWhON4p43HFOz6D-Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJ5_m5UYFxzzU9YIlzMPRaZex-6auUn_pbIYNN4KtXgPGj3SET_dxlg1S8UDdgXmTQWRUXkq_XpIwWhON4p43HFOz6D-Q&google_hm=_EYb2iSWxFcw48x3cI9XYg==

Request Chain 90

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHH_53IOnc1MZYdDTtdsHBE&google_cver=1&google_push=AYg5qPI23M0mZTNCzmz7knQBAxH0wV1qaULBYVS62N3Br8DYyuo6e7cRTRHR9wHIKPDnhVkcI6ZGvnU93_CVi5pA_2fST7xnZA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1LnHZri-QWmpUa3NzV9Rvg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI23M0mZTNCzmz7knQBAxH0wV1qaULBYVS62N3Br8DYyuo6e7cRTRHR9wHIKPDnhVkcI6ZGvnU93_CVi5pA_2fST7xnZA

Request Chain 91

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENhb5b6DCpcu0npvpCdcHfU&google_cver=1&google_push=AYg5qPL8Ex5QZy_1CD6irHiAb8UVLAP63r9ts9zzfR6N3PKVqH_5TD7hdJM5A8Y60uJEhOnMZgxqmpzbnv8OFC2PNv5eOfZHMnU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q3RVpQVjQtMU8tR1o4WQ==&google_push=AYg5qPL8Ex5QZy_1CD6irHiAb8UVLAP63r9ts9zzfR6N3PKVqH_5TD7hdJM5A8Y60uJEhOnMZgxqmpzbnv8OFC2PNv5eOfZHMnU

Request Chain 92

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_cver=1&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc=

Request Chain 93

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESELZ3Jws33e04lfWn4NDUYZU&google_cver=1&google_push=AYg5qPLDDcYmHj_4J-3VptvmIrDd9JYpE18R-mBYIYDw-TRZIflgetYB0HnRSXoC1v64b4vj6yDRn6I9ayXVICE7t_Lqo3wh5wb7 HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLDDcYmHj_4J-3VptvmIrDd9JYpE18R-mBYIYDw-TRZIflgetYB0HnRSXoC1v64b4vj6yDRn6I9ayXVICE7t_Lqo3wh5wb7&google_hm=

Request Chain 97

https://rtb.openx.net/sync/dds?google_gid=CAESEESmqSg_gWcptEhkj7d2p1E&google_cver=1&google_push=AYg5qPJxM8lSydR6MSCH6jPfK6qSONXeeuJC-aMg7W31j4ODJhGWohomWGzg9UdxG2neNxcN5RtYRFhcxCUL2BApEO3gPgIPCiM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJxM8lSydR6MSCH6jPfK6qSONXeeuJC-aMg7W31j4ODJhGWohomWGzg9UdxG2neNxcN5RtYRFhcxCUL2BApEO3gPgIPCiM&google_hm=_EYb2iSWxFcw48x3cI9XYg==

Request Chain 98

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHJOmRO-Og2ccCeuvBh9e30&google_cver=1&google_push=AYg5qPJ8HBT54mM4C6YPq2GDg1PJsA4ctzfU90q0UelUbv95nXXqzZqeobPue8CsuNtjqLqm6h3jv0a0qkwvBkOfEoqYMLt2y78 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1LnHZri-QWmpUa3NzV9Rvg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ8HBT54mM4C6YPq2GDg1PJsA4ctzfU90q0UelUbv95nXXqzZqeobPue8CsuNtjqLqm6h3jv0a0qkwvBkOfEoqYMLt2y78

Request Chain 99

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPy0P7BAO3bg0A4Jw7-SDg8&google_cver=1&google_push=AYg5qPKbFEMV9nPbZEjZ5iuUHD91yJ18Bt_XjrQvUKm45kwYdTIR7clvROQJcIfBEBobBg70BB8DAPSR8mQY4zPYt4UVrovKP6s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q3RVpQVlItMTktODhKNw==&google_push=AYg5qPKbFEMV9nPbZEjZ5iuUHD91yJ18Bt_XjrQvUKm45kwYdTIR7clvROQJcIfBEBobBg70BB8DAPSR8mQY4zPYt4UVrovKP6s

Request Chain 100

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_cver=1&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc=

Request Chain 105

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 106

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 125

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEOZHmJzU4s61lZgPYRyurSA&google_cver=1&google_push=AYg5qPLnGEyDwFDLaxFPoxlu_iAxJgnNXkh8DjOIrVSmPgLdfynZE7MDRg55PaQe739fDC2_bI3M-chRwN3GXthcTNA_Gn6p9uI HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPLnGEyDwFDLaxFPoxlu_iAxJgnNXkh8DjOIrVSmPgLdfynZE7MDRg55PaQe739fDC2_bI3M-chRwN3GXthcTNA_Gn6p9uI&google_hm=1CMFKk_c2KVbiX2D1Gp9zg

Request Chain 126

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLerSzg6UyQ_uWbrw2qqx5xIGQJYm5yLeatOSEya419h4ZIvRKtO8lT6_tcVgbZMAUBrJzA0THFsHPCG-ewexQWnwsggg&google_gid=CAESEPkUI801R9rikqWEUztSaD8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVRUc3JnQUFCU0M5UVFKMw&google_push=AYg5qPLerSzg6UyQ_uWbrw2qqx5xIGQJYm5yLeatOSEya419h4ZIvRKtO8lT6_tcVgbZMAUBrJzA0THFsHPCG-ewexQWnwsggg

Request Chain 127

https://d.agkn.com/pixel/2175/?google_gid=CAESEGFl_0CbgevH_i41EdlFazk&google_cver=1&google_push=AYg5qPKOE_NumL-IMMcsKbGu_2JZ3Vvj1U89_Ct-dp6ycmJ3MfTio9qSyVtDhomrOY28DWCzxx1i4rPnWGuvzkl-v4UGnzM_i7s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKOE_NumL-IMMcsKbGu_2JZ3Vvj1U89_Ct-dp6ycmJ3MfTio9qSyVtDhomrOY28DWCzxx1i4rPnWGuvzkl-v4UGnzM_i7s&google_hm=Q0FFU0VHRmxfMENiZ2V2SF9pNDFFZGxGYXpr

Request Chain 129

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMXvHyaGK_npMpGgF-DhnxQ&google_cver=1&google_push=AYg5qPI0R9bM-N8NCKuyMWQHa4ImvZxamaXVP9cP0tk77GkUnsMQJzfqifMosf6ePiurlVrt1Q0U0IXXsYuwEcoZWxj27QW0Hxw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1LnHZri-QWmpUa3NzV9Rvg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI0R9bM-N8NCKuyMWQHa4ImvZxamaXVP9cP0tk77GkUnsMQJzfqifMosf6ePiurlVrt1Q0U0IXXsYuwEcoZWxj27QW0Hxw

Request Chain 130

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_cver=1&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc=

Request Chain 131

https://ag.innovid.com/trk?tid=11711&google_gid=CAESEEwBfIs8isv_TLoqisg6QF4&google_cver=1&google_push=AYg5qPLY_Esl22yB-es7AyuoOYg-hEYJeDkEpw5pT8MCBayOVFdNfO_NMN7tjFW0o1HHftBR4e1du3Me2SqP-18KJgJupnX_X-s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPLY_Esl22yB-es7AyuoOYg-hEYJeDkEpw5pT8MCBayOVFdNfO_NMN7tjFW0o1HHftBR4e1du3Me2SqP-18KJgJupnX_X-s&google_hm=ypD49bFxTbyQvoN5YrbZng

Request Chain 144

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

171 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request cryptolocker.shtml Show response
www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/ 286 KB
90 KB 482ms
92ms Document
text/html 184.170.146.10
FORTRESSITX

General

Check archive.org

Show headers Download Go to

Full URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: HTTP/1.1
Server: 184.170.146.10 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS: web301.coolhandle.com
Software: LiteSpeed /
Resource Hash: 788fa194fe038d0363f4b0df4cde25a38d3db365208142f89fdf97a411afc642

Request headers

Host: www.softpanorama.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Connection: Keep-Alive
Content-Type: text/html
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Sun, 05 Sep 2021 16:13:32 GMT
Server: LiteSpeed

GET
H/1.1 200
OK main.css
www.softpanorama.org/CSS/ 1 KB
747 B 183ms
90ms Stylesheet
text/css 184.170.146.10
FORTRESSITX

General

Check archive.org

Show headers Download Go to

Full URL: http://www.softpanorama.org/CSS/main.css
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: HTTP/1.1
Server: 184.170.146.10 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS: web301.coolhandle.com
Software: LiteSpeed /
Resource Hash: 2e4748a8a3f60fab0924964130bd63688a94a084bf5b403154e9d39edcef8dd1

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.softpanorama.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 05 Sep 2021 16:13:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 May 2013 15:51:02 GMT
Server: LiteSpeed
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 409
Expires: Sun, 12 Sep 2021 16:13:32 GMT

GET
H/1.1 200
OK splogo.gif
www.softpanorama.org/Images/ 352 B
644 B 183ms
90ms Image
image/gif 184.170.146.10
FORTRESSITX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.softpanorama.org/Images/splogo.gif
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: HTTP/1.1
Server: 184.170.146.10 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS: web301.coolhandle.com
Software: LiteSpeed /
Resource Hash: 5f095911e0aef1ae5ebba694da1de2b9f790cc5610319c9121d58fbc2ed08869

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.softpanorama.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 05 Sep 2021 16:13:32 GMT
Last-Modified: Tue, 09 May 2017 01:16:04 GMT
Server: LiteSpeed
Content-Type: image/gif
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 352
Expires: Sun, 12 Sep 2021 16:13:32 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
49 KB 63ms
61ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d42551b36f344c14cbab00492d682f78ff716f25436e56f2ec19605017f49071

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49509
x-xss-protection: 0
server: cafe
etag: 7468415767210843005
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 16:13:32 GMT

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
49 KB 35ms
26ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d42551b36f344c14cbab00492d682f78ff716f25436e56f2ec19605017f49071

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Sun, 05 Sep 2021 16:13:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 7468415767210843005
Vary: Accept-Encoding, Origin
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 49509
X-XSS-Protection: 0
Expires: Sun, 05 Sep 2021 16:13:32 GMT

GET
H/1.1 200
OK cryptolocker.png
www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/Images/ 363 KB
363 KB 186ms
92ms Image
image/png 184.170.146.10
FORTRESSITX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/Images/cryptolocker.png
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: HTTP/1.1
Server: 184.170.146.10 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS: web301.coolhandle.com
Software: LiteSpeed /
Resource Hash: 5b22508f97531135316ddf2bc95b0aeab015aedfa3d5aea5849aedbbddb44d41

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.softpanorama.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 05 Sep 2021 16:13:32 GMT
Last-Modified: Mon, 28 Oct 2013 15:37:44 GMT
Server: LiteSpeed
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 371600
Expires: Sun, 12 Sep 2021 16:13:32 GMT

GET
H/1.1 200
OK snake_oil.png
www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/Images/ 6 KB
6 KB 190ms
94ms Image
image/png 184.170.146.10
FORTRESSITX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/Images/snake_oil.png
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: HTTP/1.1
Server: 184.170.146.10 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS: web301.coolhandle.com
Software: LiteSpeed /
Resource Hash: b41280ac279abd6b98a8ebe19aee488b52faa996b703390b124d043092571f29

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.softpanorama.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 05 Sep 2021 16:13:32 GMT
Last-Modified: Mon, 28 Oct 2013 18:28:42 GMT
Server: LiteSpeed
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 5651
Expires: Sun, 12 Sep 2021 16:13:32 GMT

GET
H3-29 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/ Frame 9946 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210831/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.softpanorama.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: http://www.softpanorama.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 05 Sep 2021 16:02:37 GMT
expires: Sun, 19 Sep 2021 16:02:37 GMT
content-type: text/html; charset=UTF-8
etag: 13836150016441684253
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4591
x-xss-protection: 0
age: 655
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK warning_screen.png
www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/Images/ 22 KB
23 KB 171ms
90ms Image
image/png 184.170.146.10
FORTRESSITX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/Images/warning_screen.png
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: HTTP/1.1
Server: 184.170.146.10 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS: web301.coolhandle.com
Software: LiteSpeed /
Resource Hash: 52205fda7bf40b4b5f40fb3ac1e44dcdcee4ef8bc11c1aa68c84bd8293289920

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.softpanorama.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 05 Sep 2021 16:13:32 GMT
Last-Modified: Fri, 25 Oct 2013 02:34:52 GMT
Server: LiteSpeed
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 22943
Expires: Sun, 12 Sep 2021 16:13:32 GMT

GET
H/1.1 200
OK cryptolocker_decryption.png
www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/Images/ 249 KB
250 KB 172ms
91ms Image
image/png 184.170.146.10
FORTRESSITX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/Images/cryptolocker_decryption.png
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: HTTP/1.1
Server: 184.170.146.10 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS: web301.coolhandle.com
Software: LiteSpeed /
Resource Hash: 4d2b16263fbce949f06125bb273afa6069d242ce3ca077f8e8d9b573adb1f07e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.softpanorama.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 05 Sep 2021 16:13:33 GMT
Last-Modified: Fri, 25 Oct 2013 02:31:56 GMT
Server: LiteSpeed
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 255349
Expires: Sun, 12 Sep 2021 16:13:33 GMT

GET
H/1.1 200
OK cryptolocker_spam.png
1.bp.blogspot.com/-LKYlrwRO1TM/Ul-t_4LJ2TI/AAAAAAAAFnc/WhXJOI-i7G8/s640/ 43 KB
43 KB 337ms
329ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://1.bp.blogspot.com/-LKYlrwRO1TM/Ul-t_4LJ2TI/AAAAAAAAFnc/WhXJOI-i7G8/s640/cryptolocker_spam.png

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

HTTP/1.1

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e7ef63c6b2ce5729befed5b85e69866abb66b7aae0622d95e610142707e33527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 05 Sep 2021 16:13:33 GMT
X-Content-Type-Options: nosniff
Server: fife
ETag: "v1678"
Vary: Origin
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="cryptolocker_spam.png"
Timing-Allow-Origin: *
Content-Length: 43667
X-XSS-Protection: 0
Expires: Mon, 06 Sep 2021 16:13:33 GMT

GET
H/1.1

200
OK

assemcrypto.gif
blog.malwarebytes.com/wp-content/uploads/2013/10/
Redirect Chain

http://cdn.blog.malwarebytes.org/wp-content/uploads/2013/10/assemcrypto.gif
http://blog.malwarebytes.com/wp-content/uploads/2013/10/assemcrypto.gif

18 KB
19 KB

236ms
118ms

Image
image/gif

130.211.198.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://blog.malwarebytes.com/wp-content/uploads/2013/10/assemcrypto.gif
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: HTTP/1.1
Server: 130.211.198.3 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 21d0d6d172e6d229ce8198ddb1890e7aad43945546da27798c19119e1336df24

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 05 Sep 2021 16:13:33 GMT
Last-Modified: Thu, 26 Jan 2017 03:06:52 GMT
Server: nginx
ETag: "588967cc-48de"
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=20
Content-Length: 18654

Redirect headers

Location: http://blog.malwarebytes.com/wp-content/uploads/2013/10/assemcrypto.gif
Date: Sun, 05 Sep 2021 16:13:33 GMT
Server: NetDNA-cache/2.2
Connection: keep-alive
Content-Length: 162
X-Cache: MISS
Content-Type: text/html

GET
H2

200

public_key1.png
blog.emsisoft.com/wp-content/uploads/2013/09/
Redirect Chain

http://blog.emsisoft.com/wp-content/uploads/2013/09/public_key1.png
https://blog.emsisoft.com/wp-content/uploads/2013/09/public_key1.png

8 KB
8 KB

198ms
144ms

Image
image/png

104.20.207.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.emsisoft.com/wp-content/uploads/2013/09/public_key1.png

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.207.62 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f7ce13ec1b5700535b33cd6b7e78323a4f6737152d95df209d33a871a5c01f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: public
date: Sun, 05 Sep 2021 16:13:33 GMT
cf-cache-status: MISS
last-modified: Sun, 02 Apr 2017 09:53:19 GMT
server: cloudflare
etag: "58e0ca0f-21a2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
strict-transport-security: max-age=0
accept-ranges: bytes
cf-ray: 68a0bed96fe36586-LHR
content-length: 8610
expires: Thu, 31 Dec 2037 23:55:55 GMT

Redirect headers

Date: Sun, 05 Sep 2021 16:13:32 GMT
Server: cloudflare
Vary: Accept-Encoding
Location: https://blog.emsisoft.com/wp-content/uploads/2013/09/public_key1.png
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 68a0bed8de9265b8-LHR
Expires: Sun, 05 Sep 2021 17:13:32 GMT

GET
H2

200

initial_request.png
blog.emsisoft.com/wp-content/uploads/2013/09/
Redirect Chain

http://blog.emsisoft.com/wp-content/uploads/2013/09/initial_request.png
https://blog.emsisoft.com/wp-content/uploads/2013/09/initial_request.png

1 KB
1 KB

189ms
142ms

Image
image/png

104.20.207.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.emsisoft.com/wp-content/uploads/2013/09/initial_request.png

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.207.62 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

345c29f0f9be540b0f3bfe9e80ed8102250199dd71ac9322e2284e35ebd929f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: public
date: Sun, 05 Sep 2021 16:13:33 GMT
cf-cache-status: MISS
last-modified: Sun, 02 Apr 2017 09:53:19 GMT
server: cloudflare
etag: "58e0ca0f-448"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
strict-transport-security: max-age=0
accept-ranges: bytes
cf-ray: 68a0bed96fe66586-LHR
content-length: 1096
expires: Thu, 31 Dec 2037 23:55:55 GMT

Redirect headers

Date: Sun, 05 Sep 2021 16:13:32 GMT
Server: cloudflare
Vary: Accept-Encoding
Location: https://blog.emsisoft.com/wp-content/uploads/2013/09/initial_request.png
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 68a0bed8dcaedbff-LHR
Expires: Sun, 05 Sep 2021 17:13:32 GMT

GET
H2

404

key_reply1-300x267.png
blog.emsisoft.com/wp-content/uploads/2013/09/
Redirect Chain

http://blog.emsisoft.com/wp-content/uploads/2013/09/key_reply1-300x267.png
https://blog.emsisoft.com/wp-content/uploads/2013/09/key_reply1-300x267.png

0
0

197ms
143ms

Image
text/html

104.20.207.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.emsisoft.com/wp-content/uploads/2013/09/key_reply1-300x267.png
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.207.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

Date: Sun, 05 Sep 2021 16:13:32 GMT
Server: cloudflare
Vary: Accept-Encoding
Location: https://blog.emsisoft.com/wp-content/uploads/2013/09/key_reply1-300x267.png
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 68a0bed8db3be620-LHR
Expires: Sun, 05 Sep 2021 17:13:32 GMT

GET
H/1.1

200
OK

pushdo-traffic-1.jpg
blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/
Redirect Chain

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/pushdo-traffic-1.jpg
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/pushdo-traffic-1.jpg

110 KB
111 KB

195ms
85ms

Image
image/jpeg

104.111.231.15
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/pushdo-traffic-1.jpg

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.231.15 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-231-15.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

16585362dcad3ff0dfb0ce3808e006d220ed72577756d82c312f2113eb24fe92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 20 Jun 2013 19:39:42 GMT
Server: nginx
ETag: "990e73248c204284ad6cc8107348e894"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sun, 05 Sep 2021 16:13:33 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 113078
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 2

Redirect headers

Location: https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/pushdo-traffic-1.jpg
Date: Sun, 05 Sep 2021 16:13:33 GMT
Server: nginx
Connection: keep-alive
Content-Length: 178
Content-Type: text/html

GET
H/1.1

200
OK

CNC-Pushdo-2.jpg
blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/
Redirect Chain

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/CNC-Pushdo-2.jpg
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/CNC-Pushdo-2.jpg

98 KB
98 KB

169ms
63ms

Image
image/jpeg

104.111.231.15
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/CNC-Pushdo-2.jpg

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.231.15 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-231-15.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

14176f356319e0ae6968163c7d39f9c4acc4ac60110a214df3890beb36ceb38b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 20 Jun 2013 19:42:16 GMT
Server: nginx
ETag: "d9ea41ccc693bf0018ce6fda607d664c"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sun, 05 Sep 2021 16:13:33 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 100358
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

Redirect headers

Location: https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/CNC-Pushdo-2.jpg
Date: Sun, 05 Sep 2021 16:13:33 GMT
X-N: S
Server: nginx
Connection: keep-alive
Content-Length: 178
Content-Type: text/html

GET
H/1.1

200
OK

generated-domains-PUSHDO.jpg
blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/
Redirect Chain

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/generated-domains-PUSHDO.jpg
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/generated-domains-PUSHDO.jpg

105 KB
105 KB

119ms
43ms

Image
image/jpeg

104.111.231.15
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/generated-domains-PUSHDO.jpg

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.231.15 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-231-15.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a5c7cc72a0ae78f518b02578a2be7f868dad24f4a50dc8d3b69f217449b7c60f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 20 Jun 2013 19:45:52 GMT
Server: nginx
ETag: "e26e0fcf39386a3c303278b8dd43a04c"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sun, 05 Sep 2021 16:13:33 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 107236
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

Redirect headers

Location: https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/generated-domains-PUSHDO.jpg
Date: Sun, 05 Sep 2021 16:13:33 GMT
Server: nginx
Connection: keep-alive
Content-Length: 178
Content-Type: text/html

GET
H/1.1

200
OK

wrs-query-trendmicro-screenshot.jpg
blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/
Redirect Chain

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/wrs-query-trendmicro-screenshot.jpg
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/wrs-query-trendmicro-screenshot.jpg

135 KB
135 KB

136ms
59ms

Image
image/jpeg

104.111.231.15
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/wrs-query-trendmicro-screenshot.jpg

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.231.15 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-231-15.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

b8ed444af21607e85bb82a561eb07d176c54d2ff79c3d4f069f1c787356c9791

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 20 Jun 2013 19:47:54 GMT
Server: nginx
ETag: "265d1da7e844402dff442850719864f4"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sun, 05 Sep 2021 16:13:33 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 138184
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

Redirect headers

Location: https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/06/wrs-query-trendmicro-screenshot.jpg
Date: Sun, 05 Sep 2021 16:13:33 GMT
Server: nginx
Connection: keep-alive
Content-Length: 178
Content-Type: text/html

GET
H/1.1 200
OK firewall_port445.png
www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/Images/ 61 KB
61 KB 91ms
90ms Image
image/png 184.170.146.10
FORTRESSITX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/Images/firewall_port445.png
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: HTTP/1.1
Server: 184.170.146.10 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS: web301.coolhandle.com
Software: LiteSpeed /
Resource Hash: 4e9faf4a2194d387bfd620017cb0094db78d3d29a4d7b23361e064131fbc23a6

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.softpanorama.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 05 Sep 2021 16:13:33 GMT
Last-Modified: Wed, 17 May 2017 19:03:10 GMT
Server: LiteSpeed
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 62130
Expires: Sun, 12 Sep 2021 16:13:33 GMT

GET
H/1.1 200
OK up.png
www.softpanorama.org/Images/ 736 B
1 KB 95ms
94ms Image
image/png 184.170.146.10
FORTRESSITX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.softpanorama.org/Images/up.png
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: HTTP/1.1
Server: 184.170.146.10 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS: web301.coolhandle.com
Software: LiteSpeed /
Resource Hash: 91e17e54c594f7a60193a595d27bf89b204317b923c2bfafc5be8b43535c8408

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.softpanorama.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 05 Sep 2021 16:13:33 GMT
Last-Modified: Tue, 06 Aug 2013 19:12:56 GMT
Server: LiteSpeed
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 736
Expires: Sun, 12 Sep 2021 16:13:33 GMT

GET
H/1.1 200
OK home.gif
www.softpanorama.org/Images/ 136 B
428 B 92ms
91ms Image
image/gif 184.170.146.10
FORTRESSITX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.softpanorama.org/Images/home.gif
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: HTTP/1.1
Server: 184.170.146.10 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS: web301.coolhandle.com
Software: LiteSpeed /
Resource Hash: a9fba6b582499fe4176b9d4e9ed2d4836833e51ed3307aae5ea745c3a87948fa

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.softpanorama.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 05 Sep 2021 16:13:33 GMT
Last-Modified: Sun, 19 Jan 2014 20:08:50 GMT
Server: LiteSpeed
Content-Type: image/gif
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 136
Expires: Sun, 12 Sep 2021 16:13:33 GMT

GET
H/1.1 200
OK down.png
www.softpanorama.org/Images/ 766 B
1 KB 94ms
94ms Image
image/png 184.170.146.10
FORTRESSITX

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.softpanorama.org/Images/down.png
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: HTTP/1.1
Server: 184.170.146.10 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS: web301.coolhandle.com
Software: LiteSpeed /
Resource Hash: ef10bc1207c919d55e8741265dc81772b0ddb86244a052b2f40b1dfaa2c617e5

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.softpanorama.org
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Connection: keep-alive
Cache-Control: no-cache
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 05 Sep 2021 16:13:33 GMT
Last-Modified: Tue, 06 Aug 2013 19:16:14 GMT
Server: LiteSpeed
Content-Type: image/png
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 766
Expires: Sun, 12 Sep 2021 16:13:33 GMT

GET
H2

404

/
robpickering.com/wp-content/uploads/2013/10/clwelcome-300x233.png/
Redirect Chain

http://robpickering.com/wp-content/uploads/2013/10/CLWelcome-300x233.png
https://robpickering.com/wp-content/uploads/2013/10/CLWelcome-300x233.png
https://robpickering.com/wp-content/uploads/2013/10/CLWelcome-300x233.png/
https://robpickering.com/wp-content/uploads/2013/10/clwelcome-300x233.png/

0
0

29ms
27ms

Image
text/html

2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://robpickering.com/wp-content/uploads/2013/10/clwelcome-300x233.png/
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

ghost-age: 0
date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 varnish, 1.1 varnish
age: 1115730
x-cache: HIT, MISS
status: 301 Moved Permanently
content-length: 84
ghost-fastly: true
x-request-id: 1f0db8700d0b31bedb77126dd281052c, 1f0db8700d0b31bedb77126dd281052c
x-served-by: cache-ams12757-AMS, cache-fra19161-FRA
accept-ranges: bytes
server: openresty
x-timer: S1630858413.412497,VS0,VE9
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /wp-content/uploads/2013/10/clwelcome-300x233.png/
cache-control: public, max-age=31536000
ghost-cache: MISS
x-cache-hits: 1, 0

GET
H2

404

/
robpickering.com/wp-content/uploads/2013/10/clcommand-300x190.png/
Redirect Chain

http://robpickering.com/wp-content/uploads/2013/10/CLCommand-300x190.png
https://robpickering.com/wp-content/uploads/2013/10/CLCommand-300x190.png
https://robpickering.com/wp-content/uploads/2013/10/CLCommand-300x190.png/
https://robpickering.com/wp-content/uploads/2013/10/clcommand-300x190.png/

0
0

19ms
18ms

Image
text/html

2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://robpickering.com/wp-content/uploads/2013/10/clcommand-300x190.png/
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

ghost-age: 0
date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 varnish, 1.1 varnish
age: 104189
x-cache: HIT, MISS
status: 301 Moved Permanently
content-length: 84
ghost-fastly: true
x-request-id: e50c54b64619564c33b54dcf3dcf8bf9, e50c54b64619564c33b54dcf3dcf8bf9
x-served-by: cache-ams12725-AMS, cache-fra19161-FRA
accept-ranges: bytes
server: openresty
x-timer: S1630858413.393333,VS0,VE9
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /wp-content/uploads/2013/10/clcommand-300x190.png/
cache-control: public, max-age=31536000
ghost-cache: MISS
x-cache-hits: 1, 0

GET
H2

404

/
robpickering.com/wp-content/uploads/2013/10/clpayment-300x227.png/
Redirect Chain

http://robpickering.com/wp-content/uploads/2013/10/CLPayment-300x227.png
https://robpickering.com/wp-content/uploads/2013/10/CLPayment-300x227.png
https://robpickering.com/wp-content/uploads/2013/10/CLPayment-300x227.png/
https://robpickering.com/wp-content/uploads/2013/10/clpayment-300x227.png/

0
0

29ms
28ms

Image
text/html

2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://robpickering.com/wp-content/uploads/2013/10/clpayment-300x227.png/
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

ghost-age: 0
date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 varnish, 1.1 varnish
age: 104188
x-cache: HIT, MISS
status: 301 Moved Permanently
content-length: 84
ghost-fastly: true
x-request-id: a400af061a031e73b0a2355979fd7fce, a400af061a031e73b0a2355979fd7fce
x-served-by: cache-ams21034-AMS, cache-fra19161-FRA
accept-ranges: bytes
server: openresty
x-timer: S1630858413.402868,VS0,VE9
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /wp-content/uploads/2013/10/clpayment-300x227.png/
cache-control: public, max-age=31536000
ghost-cache: MISS
x-cache-hits: 1, 0

GET
H2

404

/
robpickering.com/wp-content/uploads/2013/10/clmoneypak-258x300.png/
Redirect Chain

http://robpickering.com/wp-content/uploads/2013/10/CLMoneyPak-258x300.png
https://robpickering.com/wp-content/uploads/2013/10/CLMoneyPak-258x300.png
https://robpickering.com/wp-content/uploads/2013/10/CLMoneyPak-258x300.png/
https://robpickering.com/wp-content/uploads/2013/10/clmoneypak-258x300.png/

0
0

22ms
21ms

Image
text/html

2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://robpickering.com/wp-content/uploads/2013/10/clmoneypak-258x300.png/
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

ghost-age: 0
date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 varnish, 1.1 varnish
age: 1115729
x-cache: HIT, MISS
status: 301 Moved Permanently
content-length: 85
ghost-fastly: true
x-request-id: 29307099820e8dc9d3e81a3ec05b81c9, 29307099820e8dc9d3e81a3ec05b81c9
x-served-by: cache-ams21032-AMS, cache-fra19161-FRA
accept-ranges: bytes
server: openresty
x-timer: S1630858413.445572,VS0,VE63
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /wp-content/uploads/2013/10/clmoneypak-258x300.png/
cache-control: public, max-age=31536000
ghost-cache: MISS
x-cache-hits: 1, 0

GET
H2

404

/
robpickering.com/wp-content/uploads/2013/10/clpaymentactivation-300x236.png/
Redirect Chain

http://robpickering.com/wp-content/uploads/2013/10/CLPaymentActivation-300x236.png
https://robpickering.com/wp-content/uploads/2013/10/CLPaymentActivation-300x236.png
https://robpickering.com/wp-content/uploads/2013/10/CLPaymentActivation-300x236.png/
https://robpickering.com/wp-content/uploads/2013/10/clpaymentactivation-300x236.png/

0
0

18ms
18ms

Image
text/html

2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://robpickering.com/wp-content/uploads/2013/10/clpaymentactivation-300x236.png/
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

ghost-age: 0
date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 varnish, 1.1 varnish
age: 1115729
x-cache: HIT, MISS
status: 301 Moved Permanently
content-length: 94
ghost-fastly: true
x-request-id: 1a05ab78f31257764503bfe6102b00bc, 1a05ab78f31257764503bfe6102b00bc
x-served-by: cache-ams12766-AMS, cache-fra19161-FRA
accept-ranges: bytes
server: openresty
x-timer: S1630858413.478435,VS0,VE9
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /wp-content/uploads/2013/10/clpaymentactivation-300x236.png/
cache-control: public, max-age=31536000
ghost-cache: MISS
x-cache-hits: 1, 0

GET
H2

404

/
robpickering.com/wp-content/uploads/2013/10/clfiledecryption-300x234.png/
Redirect Chain

http://robpickering.com/wp-content/uploads/2013/10/CLFileDecryption-300x234.png
https://robpickering.com/wp-content/uploads/2013/10/CLFileDecryption-300x234.png
https://robpickering.com/wp-content/uploads/2013/10/CLFileDecryption-300x234.png/
https://robpickering.com/wp-content/uploads/2013/10/clfiledecryption-300x234.png/

0
0

19ms
18ms

Image
text/html

2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://robpickering.com/wp-content/uploads/2013/10/clfiledecryption-300x234.png/
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

ghost-age: 209755
date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 varnish, 1.1 varnish
age: 1115729
x-cache: HIT, MISS
status: 301 Moved Permanently
content-length: 91
ghost-fastly: true
x-request-id: 5e258c8539daec6c5f549aa4b7887eb3, 9e0b799a961579a63922ad917ee041e2
x-served-by: cache-ams21034-AMS, cache-fra19161-FRA
accept-ranges: bytes
server: openresty
x-timer: S1630858413.477689,VS0,VE10
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /wp-content/uploads/2013/10/clfiledecryption-300x234.png/
cache-control: public, max-age=31536000
ghost-cache: HIT
x-cache-hits: 1, 0

GET
H2

404

/
robpickering.com/wp-content/uploads/2013/10/clerrors-300x236.png/
Redirect Chain

http://robpickering.com/wp-content/uploads/2013/10/CLErrors-300x236.png
https://robpickering.com/wp-content/uploads/2013/10/CLErrors-300x236.png
https://robpickering.com/wp-content/uploads/2013/10/CLErrors-300x236.png/
https://robpickering.com/wp-content/uploads/2013/10/clerrors-300x236.png/

0
0

19ms
19ms

Image
text/html

2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://robpickering.com/wp-content/uploads/2013/10/clerrors-300x236.png/
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

ghost-age: 0
date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 varnish, 1.1 varnish
age: 1115729
x-cache: HIT, MISS
status: 301 Moved Permanently
content-length: 83
ghost-fastly: true
x-request-id: 5238619542b0a2d4a8be7048598b6aa9, 5238619542b0a2d4a8be7048598b6aa9
x-served-by: cache-ams21063-AMS, cache-fra19161-FRA
accept-ranges: bytes
server: openresty
x-timer: S1630858413.478214,VS0,VE9
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /wp-content/uploads/2013/10/clerrors-300x236.png/
cache-control: public, max-age=31536000
ghost-cache: MISS
x-cache-hits: 1, 0

GET
H2

404

/
robpickering.com/wp-content/uploads/2013/10/cldecryptcomplete-300x235.png/
Redirect Chain

http://robpickering.com/wp-content/uploads/2013/10/CLDecryptComplete-300x235.png
https://robpickering.com/wp-content/uploads/2013/10/CLDecryptComplete-300x235.png
https://robpickering.com/wp-content/uploads/2013/10/CLDecryptComplete-300x235.png/
https://robpickering.com/wp-content/uploads/2013/10/cldecryptcomplete-300x235.png/

0
0

30ms
29ms

Image
text/html

2a04:4e42:600::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://robpickering.com/wp-content/uploads/2013/10/cldecryptcomplete-300x235.png/
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

ghost-age: 0
date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 varnish, 1.1 varnish
age: 104187
x-cache: HIT, MISS
status: 301 Moved Permanently
content-length: 92
ghost-fastly: true
x-request-id: 3e822930f4684b026f228f9f3032292e, 3e822930f4684b026f228f9f3032292e
x-served-by: cache-ams21022-AMS, cache-fra19161-FRA
accept-ranges: bytes
server: openresty
x-timer: S1630858413.497993,VS0,VE8
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
location: /wp-content/uploads/2013/10/cldecryptcomplete-300x235.png/
cache-control: public, max-age=31536000
ghost-cache: MISS
x-cache-hits: 1, 0

GET
H/1.1

200
OK

spam-sample-cryptolocker.jpg
blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/
Redirect Chain

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/spam-sample-cryptolocker.jpg
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/spam-sample-cryptolocker.jpg

118 KB
119 KB

66ms
65ms

Image
image/jpeg

104.111.231.15
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/spam-sample-cryptolocker.jpg

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.231.15 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-231-15.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5bcf1ba5031a47d84faf5815eac5570cfbd76734fa1cebf23ce2d33cabe9d1bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Fri, 18 Oct 2013 18:40:57 GMT
Server: nginx
ETag: "03a07c762aa1892ac673bf0a1bf3720b"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sun, 05 Sep 2021 16:13:33 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 121061
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 1

Redirect headers

Location: https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/spam-sample-cryptolocker.jpg
Non-Authoritative-Reason: HSTS

GET
H/1.1

200
OK

blog_cryptlock_edited.jpg
blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/
Redirect Chain

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/blog_cryptlock_edited.jpg
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/blog_cryptlock_edited.jpg

32 KB
32 KB

66ms
65ms

Image
image/jpeg

104.111.231.15
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/blog_cryptlock_edited.jpg

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.231.15 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-231-15.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

8524c7006487f6bf007d69a7935f8aa610d375eed28b0e290cdb64201ed939cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Sun, 20 Oct 2013 04:24:49 GMT
Server: nginx
ETag: "4760436025fbd6d374d05aaa1e7e616e"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sun, 05 Sep 2021 16:13:33 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 32740
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

Redirect headers

Location: https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/blog_cryptlock_edited.jpg
Non-Authoritative-Reason: HSTS

GET
H/1.1

200
OK

registry-editor-cryptolocker.jpg
blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/
Redirect Chain

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/registry-editor-cryptolocker.jpg
https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/registry-editor-cryptolocker.jpg

87 KB
88 KB

65ms
65ms

Image
image/jpeg

104.111.231.15
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/registry-editor-cryptolocker.jpg

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.231.15 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-231-15.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

b93c09769e648f351cd315679b487d5c1a556cef36cfec77a92f5f96dff94252

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Fri, 18 Oct 2013 20:00:13 GMT
Server: nginx
ETag: "15652cd79b1604094c5cd4fe4c3610aa"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sun, 05 Sep 2021 16:13:33 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 89149
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

Redirect headers

Location: https://blog.trendmicro.com/trendlabs-security-intelligence/files/2013/10/registry-editor-cryptolocker.jpg
Non-Authoritative-Reason: HSTS

GET
H2

200

/
www.askwoody.com/
Redirect Chain

http://windowssecrets.com/wp-content/uploads/2013/10/W20131024-TS-CryptoLocker.png
https://www.askwoody.com/

0
0

1357ms
1157ms

Image
text/html

167.71.243.126
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.askwoody.com/
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.71.243.126 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: askwoody.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

Location: https://www.askwoody.com
Date: Sun, 05 Sep 2021 16:13:33 GMT
Server: nginx
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 47
X-Served-By: Namecheap URL Forward

GET
H2

200

/
www.askwoody.com/
Redirect Chain

http://windowssecrets.com/wp-content/uploads/2013/10/W20131024-TS-LocalSecurityPolicy.png
https://www.askwoody.com/

0
0

1154ms
954ms

Image
text/html

167.71.243.126
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.askwoody.com/
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.71.243.126 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: askwoody.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

Location: https://www.askwoody.com
Date: Sun, 05 Sep 2021 16:13:33 GMT
Server: nginx
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 47
X-Served-By: Namecheap URL Forward

GET
H2

200

/
www.askwoody.com/
Redirect Chain

http://windowssecrets.com/wp-content/uploads/2013/10/W20131024-TS-NewPolicies.png
https://www.askwoody.com/

0
0

1448ms
1249ms

Image
text/html

167.71.243.126
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.askwoody.com/
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.71.243.126 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: askwoody.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

Location: https://www.askwoody.com
Date: Sun, 05 Sep 2021 16:13:33 GMT
Server: nginx
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 47
X-Served-By: Namecheap URL Forward

GET
H2

200

/
www.coulee.tech/
Redirect Chain

http://couleetechlink.com/new2/assets//images/crypto_locker.jpg
http://coulee.tech/
https://coulee.tech/
https://www.coulee.tech/

0
0

565ms
399ms

Image
text/html

52.35.104.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.coulee.tech/
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.35.104.127 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-35-104-127.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

date: Sun, 05 Sep 2021 16:13:34 GMT
referrer-policy: strict-origin-when-cross-origin
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://www.coulee.tech/
x-xss-protection: 1; mode=block
cache-control: max-age=86400
strict-transport-security: max-age=15780000;
x-content-type-options: nosniff

GET
H2

403

th-regedit-480.png
sophosnews.files.wordpress.com/2013/10/
Redirect Chain

http://sophosnews.files.wordpress.com/2013/10/th-regedit-480.png?w=743&h=203
https://sophosnews.files.wordpress.com/2013/10/th-regedit-480.png?w=743&h=203

0
0

219ms
127ms

Image
text/html

192.0.72.27
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sophosnews.files.wordpress.com/2013/10/th-regedit-480.png?w=743&h=203
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.72.27 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

Location: https://sophosnews.files.wordpress.com/2013/10/th-regedit-480.png?w=743&h=203
Date: Sun, 05 Sep 2021 16:13:33 GMT
Server: nginx
Connection: keep-alive
Content-Length: 162
Content-Type: text/html

GET
H2

403

th-domains-4801.png
sophosnews.files.wordpress.com/2013/10/
Redirect Chain

http://sophosnews.files.wordpress.com/2013/10/th-domains-4801.png?w=743&h=128
https://sophosnews.files.wordpress.com/2013/10/th-domains-4801.png?w=743&h=128

0
0

206ms
118ms

Image
text/html

192.0.72.27
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sophosnews.files.wordpress.com/2013/10/th-domains-4801.png?w=743&h=128
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.72.27 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

Location: https://sophosnews.files.wordpress.com/2013/10/th-domains-4801.png?w=743&h=128
Date: Sun, 05 Sep 2021 16:13:33 GMT
Server: nginx
Connection: keep-alive
Content-Length: 162
Content-Type: text/html

GET
H2

403

th-exts-480.png
sophosnews.files.wordpress.com/2013/10/
Redirect Chain

http://sophosnews.files.wordpress.com/2013/10/th-exts-480.png?w=743&h=266
https://sophosnews.files.wordpress.com/2013/10/th-exts-480.png?w=743&h=266

0
0

391ms
310ms

Image
text/html

192.0.72.27
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sophosnews.files.wordpress.com/2013/10/th-exts-480.png?w=743&h=266
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.72.27 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

Location: https://sophosnews.files.wordpress.com/2013/10/th-exts-480.png?w=743&h=266
Date: Sun, 05 Sep 2021 16:13:33 GMT
Server: nginx
Connection: keep-alive
Content-Length: 162
Content-Type: text/html

GET
H2

403

th-paypage-4801.png
sophosnews.files.wordpress.com/2013/10/
Redirect Chain

http://sophosnews.files.wordpress.com/2013/10/th-paypage-4801.png?w=743&h=572
https://sophosnews.files.wordpress.com/2013/10/th-paypage-4801.png?w=743&h=572

0
0

384ms
311ms

Image
text/html

192.0.72.27
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sophosnews.files.wordpress.com/2013/10/th-paypage-4801.png?w=743&h=572
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.72.27 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

Location: https://sophosnews.files.wordpress.com/2013/10/th-paypage-4801.png?w=743&h=572
Date: Sun, 05 Sep 2021 16:13:33 GMT
Server: nginx
Connection: keep-alive
Content-Length: 162
Content-Type: text/html

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/ 250 KB
93 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4031247137266443&plah=www.softpanorama.org

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb658d8af264091d320d32e952cb1756ea0145c2f6497b182a39e7ce4e466653

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95178
x-xss-protection: 0
server: cafe
etag: 9330497266985682447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 16:13:33 GMT

GET
H/1.1 200
OK topupdates.shtml Show response
www.softpanorama.org/ Frame 1458 9 KB
3 KB 95ms
95ms Document
text/html 184.170.146.10
FORTRESSITX

General

Check archive.org

Show headers Download Go to

Full URL: http://www.softpanorama.org/topupdates.shtml
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: HTTP/1.1
Server: 184.170.146.10 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS: web301.coolhandle.com
Software: LiteSpeed /
Resource Hash: ce3c593d93d7aac931bd00a88f415f05ca0d4d03a44b51f228b2c1d107ba651e

Request headers

Host: www.softpanorama.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Response headers

Connection: Keep-Alive
Content-Type: text/html
Content-Length: 2468
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Sun, 05 Sep 2021 16:13:33 GMT
Server: LiteSpeed

GET
H2 200 btn_donateCC_LG.gif
www.paypalobjects.com/en_US/i/btn/ 3 KB
3 KB 157ms
26ms Image
image/gif 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ee1c4cfd1b1818743cf6930452dee0e56aa4709359e06ded6052d1e7abb14474

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT, HIT
fastly-io-info: ifsz=3099 idim=147x47 ifmt=gif ofsz=3098 odim=147x47 ofmt=gif
paypal-debug-id: 4968af7b330f9
fastly-stats: io=1
dc: phx-origin-www-3.paypal.com
content-length: 3098
x-served-by: cache-sjc10062-SJC, cache-fra19182-FRA
x-timer: S1630858414.700454,VS0,VE0
etag: "W+Pu/C7SAaVROD4yxJfYhtmfI4zA8n2pGKd1zdw5nBA"
strict-transport-security: max-age=31557600
content-type: image/gif
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 7280, 13

GET
H2 200 pixel.gif
www.paypalobjects.com/en_US/i/scr/ 42 B
232 B 88ms
26ms Image
image/gif 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/scr/pixel.gif

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0c1ce4dd3afaa97d8627ecebc2e255fe5c1b3c2038f6961a86d10f0381056cc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT, HIT
fastly-io-info: ifsz=43 idim=1x1 ifmt=gif ofsz=42 odim=1x1 ofmt=gif
paypal-debug-id: d8870c17ecb99
fastly-stats: io=1
dc: phx-origin-www-3.paypal.com
content-length: 42
x-served-by: cache-sjc10045-SJC, cache-fra19182-FRA
x-timer: S1630858414.700624,VS0,VE0
etag: "dNSbNMYiK1Q98dwxkre+GOK5+qX2pefyT9A/BaBsoeM"
strict-transport-security: max-age=31557600
content-type: image/gif
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 24306, 8

GET
H3-29 200 cookie.js Show response
partner.googleadservices.com/gampad/ 206 B
219 B 66ms
33ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.softpanorama.org&callback=_gfp_s_&client=ca-pub-4031247137266443

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4031247137266443&plah=www.softpanorama.org

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

5db2c6cfa229a270f142696b0be09b29566b3ac2265176a8d2a467044e38d590

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
313 B 15ms
14ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.softpanorama.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 05 Sep 2021 16:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
313 B 15ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.softpanorama.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 05 Sep 2021 16:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0BF2 86 KB
29 KB 671ms
671ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c4b0b8d34b2baf58a54f7b96e09126edb5264b0eb2798d33e2ceb9562f85960

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.softpanorama.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: http://www.softpanorama.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 05 Sep 2021 16:13:33 GMT
server: cafe
content-length: 29555
x-xss-protection: 0
set-cookie: IDE=AHWqTUkZq5lcBqMtUIEwjCZsjDcHYMy2IReIdDnLUtBryRiXVeC2km0iqPqiZX69TSU; expires=Fri, 30-Sep-2022 16:13:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 05 Sep 2021 16:13:33 GMT
cache-control: private

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 40ms
26ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:33 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496339498273"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27562
x-xss-protection: 0
expires: Sun, 05 Sep 2021 16:13:33 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 880C 0
20 B 90ms
88ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&adk=1812271804&adf=3025194257&lmt=1630858413&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&ea=0&flash=0&pra=7&wgl=1&dt=1630858413240&bpp=2&bdt=460&idt=3&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=5&uci=a!5&fsb=1&dtd=10

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-4031247137266443&output=html&adk=1812271804&adf=3025194257&lmt=1630858413&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&ea=0&flash=0&pra=7&wgl=1&dt=1630858413240&bpp=2&bdt=460&idt=3&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=5&uci=a!5&fsb=1&dtd=10
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.softpanorama.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: http://www.softpanorama.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 05 Sep 2021 16:13:33 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: IDE=AHWqTUnZUkOOApt5y3ph1z6ANWJxcr_dU0jKbURgE8mjrDifWhnNSiYgQ3pE0pMX25k; expires=Fri, 30-Sep-2022 16:13:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 05 Sep 2021 16:13:33 GMT
cache-control: private

GET
H/1.1 200
OK show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 1458 99 KB
35 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/topupdates.shtml

Protocol

HTTP/1.1

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f38b8c2336c96e72481aae984bb3af88e05e786b06e056c51f610ba93293d702

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Sun, 05 Sep 2021 16:13:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 8783041051664089655
Vary: Accept-Encoding
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 35542
X-XSS-Protection: 0
Expires: Sun, 05 Sep 2021 16:13:33 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1B4D 71 KB
27 KB 370ms
370ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=600&slotname=0371843916&adk=855761454&adf=2722944954&pi=t.ma~as.0371843916&w=160&lmt=1630858413&psa=0&format=160x600&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413011&bpp=1&bdt=232&idt=254&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1420&ady=1263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=u19Q61eRO2&p=http%3A//www.softpanorama.org&dtd=258

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6bb706c8fdff0e9d887136c73669e65be179470ecf7d83c7b68674ee52c3075a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-4031247137266443&output=html&h=600&slotname=0371843916&adk=855761454&adf=2722944954&pi=t.ma~as.0371843916&w=160&lmt=1630858413&psa=0&format=160x600&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413011&bpp=1&bdt=232&idt=254&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1420&ady=1263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=u19Q61eRO2&p=http%3A//www.softpanorama.org&dtd=258
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.softpanorama.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: http://www.softpanorama.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 05 Sep 2021 16:13:33 GMT
server: cafe
content-length: 27839
x-xss-protection: 0
set-cookie: IDE=AHWqTUluOL1i89BNXU-azzsgprIDLVb4aFuZjXkchq_XVN3nWKO5_d8JR4hAps2mS3s; expires=Fri, 30-Sep-2022 16:13:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 05 Sep 2021 16:13:33 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 086C 90 KB
30 KB 317ms
316ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3274064497&adk=3776831882&adf=4261137787&pi=t.ma~as.3274064497&w=336&lmt=1630858413&psa=0&format=336x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413013&bpp=1&bdt=233&idt=262&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0%2C160x600&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=26&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nEXGjeOB4A&p=http%3A//www.softpanorama.org&dtd=266

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd94a9dd7cdf81a371a340dfbfdddb3b27e860e973bd5bcda13d28bee646fb04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3274064497&adk=3776831882&adf=4261137787&pi=t.ma~as.3274064497&w=336&lmt=1630858413&psa=0&format=336x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413013&bpp=1&bdt=233&idt=262&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0%2C160x600&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=26&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nEXGjeOB4A&p=http%3A//www.softpanorama.org&dtd=266
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.softpanorama.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: http://www.softpanorama.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 05 Sep 2021 16:13:33 GMT
server: cafe
content-length: 30810
x-xss-protection: 0
set-cookie: IDE=AHWqTUmc2APf6IpYut5m0ZViNr8b1Ci3LI-N9bYdRL3zOpEdX-QncVPFiwoFJ-LzgwQ; expires=Fri, 30-Sep-2022 16:13:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 05 Sep 2021 16:13:33 GMT
cache-control: private

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/ Frame 1458 250 KB
93 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4031247137266443&plah=www.softpanorama.org

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb658d8af264091d320d32e952cb1756ea0145c2f6497b182a39e7ce4e466653

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95178
x-xss-protection: 0
server: cafe
etag: 9330497266985682447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 05 Sep 2021 16:13:33 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 1458 206 B
661 B 95ms
34ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.softpanorama.org&callback=_gfp_s_&client=ca-pub-4031247137266443

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

d4bf5fc456c0b3524fbc4a601e387619fa569b874190eaaa804f02ca2e4573ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 195
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ Frame 1458 107 B
122 B 30ms
16ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.softpanorama.org

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 05 Sep 2021 16:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1458 107 B
122 B 31ms
16ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.softpanorama.org

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 05 Sep 2021 16:13:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6358 104 KB
37 KB 747ms
747ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=90&slotname=2589461422&adk=3812213861&adf=3408173157&pi=t.ma~as.2589461422&w=728&lmt=1630858413&url=http%3A%2F%2Fwww.softpanorama.org%2Ftopupdates.shtml&flash=0&wgl=1&dt=1630858413304&bpp=14&bdt=145&idt=72&shv=r20210831&mjsv=m202109010101&ptt=5&saldr=sa&correlator=5731227515698&frm=21&ife=1&pv=1&ga_vid=1666206666.1630858413&ga_sid=1630858413&ga_hid=1067035641&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=389&ady=21344&biw=1600&bih=1200&isw=1480&ish=320&ifk=352169860&scr_x=0&scr_y=0&eid=21065725%2C21067665%2C31062297&oid=3&pvsid=3551126409740499&top=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1480%2C320&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.gy6htlngvnjo&btvi=1&fsb=1&xpc=H65P0wtxh5&p=http%3A//www.softpanorama.org&dtd=80

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

429a6497455fa05a4d250b9f4f683290e4b77cb7611dc948127d4de5ef44ef73

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNPZo4Od6PICFcPFuwgdfB0I0g&gqi=rew0YYqLGNfH7_UP0dKeqAE&layout=/sadbundle/%24csp%253Der3%24/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-4031247137266443&output=html&h=90&slotname=2589461422&adk=3812213861&adf=3408173157&pi=t.ma~as.2589461422&w=728&lmt=1630858413&url=http%3A%2F%2Fwww.softpanorama.org%2Ftopupdates.shtml&flash=0&wgl=1&dt=1630858413304&bpp=14&bdt=145&idt=72&shv=r20210831&mjsv=m202109010101&ptt=5&saldr=sa&correlator=5731227515698&frm=21&ife=1&pv=1&ga_vid=1666206666.1630858413&ga_sid=1630858413&ga_hid=1067035641&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=389&ady=21344&biw=1600&bih=1200&isw=1480&ish=320&ifk=352169860&scr_x=0&scr_y=0&eid=21065725%2C21067665%2C31062297&oid=3&pvsid=3551126409740499&top=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1480%2C320&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.gy6htlngvnjo&btvi=1&fsb=1&xpc=H65P0wtxh5&p=http%3A//www.softpanorama.org&dtd=80
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.softpanorama.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnZUkOOApt5y3ph1z6ANWJxcr_dU0jKbURgE8mjrDifWhnNSiYgQ3pE0pMX25k
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: http://www.softpanorama.org/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNPZo4Od6PICFcPFuwgdfB0I0g&gqi=rew0YYqLGNfH7_UP0dKeqAE&layout=/sadbundle/%24csp%253Der3%24/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 05 Sep 2021 16:13:34 GMT
server: cafe
content-length: 37719
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1458 72 KB
27 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:33 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496339498273"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27562
x-xss-protection: 0
expires: Sun, 05 Sep 2021 16:13:33 GMT

GET
H2 200 e97fc1f500c2ba07d7ae78e11e245b27.js Show response
www.gstatic.com/mysidia/ Frame 086C 7 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e97fc1f500c2ba07d7ae78e11e245b27.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3274064497&adk=3776831882&adf=4261137787&pi=t.ma~as.3274064497&w=336&lmt=1630858413&psa=0&format=336x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413013&bpp=1&bdt=233&idt=262&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0%2C160x600&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=26&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nEXGjeOB4A&p=http%3A//www.softpanorama.org&dtd=266

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8f8cdb5aeedf4b9737a05e36cdff6236915390471280befa4ead41179bdd408

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 23:35:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 319056
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3150
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 06:59:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 30 Nov 2021 23:35:57 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 086C 3 KB
674 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 05 Sep 2021 15:32:17 GMT
server: ESF
date: Sun, 05 Sep 2021 16:13:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 05 Sep 2021 16:13:33 GMT

GET
H2 200 6df559380d971ec13fbe12ea1840b051.js Show response
www.gstatic.com/mysidia/ Frame 086C 10 KB
5 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6df559380d971ec13fbe12ea1840b051.js?tag=pingback

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

984f121c26aabc32904efa063bac24ac3e521798075eb60b05e6a484e9420810

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 06:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208677
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4632
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 06:59:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 02 Dec 2021 06:15:36 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 086C 1 KB
936 B 16ms
14ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:12:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
server: cafe
etag: 3558876194914413708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:12:05 GMT

GET
H2 200 e84841f36354480a0ca8050dc9f70b33.js Show response
www.gstatic.com/mysidia/ Frame 086C 6 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e84841f36354480a0ca8050dc9f70b33.js?tag=analytics_pingback_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ffe7f7d14a829cae1f0f152654eb50be84ecc4aafce1dc3010db1ee75065e7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 16:27:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171950
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2463
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 17:32:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 02 Dec 2021 16:27:43 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame 086C 18 KB
8 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 156
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:10:57 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 086C 2 KB
1 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 440
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:06:13 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 086C 122 KB
37 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:33 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sun, 05 Sep 2021 16:13:33 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 086C 14 KB
6 KB 30ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 156
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:10:57 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 086C 0
0 17ms
16ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTE6h_lUfXKYopNIRo5Fgnk0xCGAr67D-9Pwi221XvgxVe8oVTY_OlMIE2VtcVVLkGrZh5Hhbk3Pl3bZETq6BDoMaezcw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3274064497&adk=3776831882&adf=4261137787&pi=t.ma~as.3274064497&w=336&lmt=1630858413&psa=0&format=336x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413013&bpp=1&bdt=233&idt=262&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0%2C160x600&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=26&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nEXGjeOB4A&p=http%3A//www.softpanorama.org&dtd=266
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 550517e8bc13b6c9510094b6b7001d9c.js Show response
www.gstatic.com/mysidia/ Frame 086C 26 KB
11 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/550517e8bc13b6c9510094b6b7001d9c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5469740595a44003b8884f40783d63ac3c9b57e1a00ad6f29c4fff55153717de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 11:21:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 190344
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10776
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 17:32:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 02 Dec 2021 11:21:09 GMT

GET
H2 200 6710423135546490477
tpc.googlesyndication.com/daca_images/simgad/ Frame 1B4D 44 KB
44 KB 36ms
15ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/6710423135546490477

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=600&slotname=0371843916&adk=855761454&adf=2722944954&pi=t.ma~as.0371843916&w=160&lmt=1630858413&psa=0&format=160x600&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413011&bpp=1&bdt=232&idt=254&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1420&ady=1263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=u19Q61eRO2&p=http%3A//www.softpanorama.org&dtd=258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f9e3556749628840e188ef76b6b2391f515c52d7c9050899de820b96e8084ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 03:24:59 GMT
x-content-type-options: nosniff
age: 218914
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45198
x-xss-protection: 0
last-modified: Thu, 26 Aug 2021 07:15:38 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 03:24:59 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame 1B4D 18 KB
8 KB 29ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 156
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:10:57 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 1B4D 2 KB
1 KB 28ms
13ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 440
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:06:13 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1B4D 122 KB
37 KB 60ms
58ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:33 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sun, 05 Sep 2021 16:13:33 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 1B4D 14 KB
6 KB 27ms
12ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 156
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:10:57 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 1B4D 0
0 16ms
14ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSX-dLmej6dy7tvLW5SgQXqXk0KG8H-CdM1USwMkcoVU5dpBFL8zaeloe2vVIuDzOqoecp1KnF8PghTXdEahtH9ojN5fQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=600&slotname=0371843916&adk=855761454&adf=2722944954&pi=t.ma~as.0371843916&w=160&lmt=1630858413&psa=0&format=160x600&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413011&bpp=1&bdt=232&idt=254&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1420&ady=1263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=u19Q61eRO2&p=http%3A//www.softpanorama.org&dtd=258
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 1B4D 26 KB
11 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

331c8dbc087f677d4eca8035d19626c0662a712b95d0d78bbeba05b7c3bbe7dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 21:15:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10845
x-xss-protection: 0
server: cafe
etag: 14737611871312058204
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 18 Sep 2021 21:15:48 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1B4D 0
0 30ms
29ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CVuzOrew0YZTLEaqe7_UP15Ce6AaF9YDuZPTj2KnoDtrZHhABINCzkQJglQKgAZaBn9UByAECqQId9prUDEWBPqgDAcgDyQSqBLsCT9D7hK54yP9OOS8cb4_yvFfCu-51YcMNVTSB-5DY4KP0RQFbcBbjc9xbyXrtknI8m_6zg8KD7aLJik6dVLz5YOH6_usI4EYp7g3P-u8lbjsriO1Y_au5baiQEknVhEI7kvQbRHoVhYfRykUstOb35djjBISDkuY5wvvKJOYjcZ26U4D68R2k253ExgNkbETLLJ70-hvH6mP_UfKGHXDensg8nO5VFtHmJsGtGZr0Ctod2ov0KoUcK_lid6Q3KC0so_cRcMqOOAKk7GObHSvcfElpXxSTbZwohEaemc5ta8MH9nu8xUSwrC4WO866zxVZaBPGfH46UJdQgkXgdXHNVL6UwxCkJJaGPv4g3UNjebIfWsRtJo7YxAm4eflfjINUxEZ7m_oWe1gGUvWiE36yL_Zyf0u8anNymlrewASQwf602AOSBQQIBBgBkgUECAUYBKAGAoAH6M68qwKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4b2AcB8gcEEMKxB9IICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi00MDMxMjQ3MTM3MjY2NDQzGAA&sigh=xNNaz3CHgLk&uach_m=[UACH]

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=600&slotname=0371843916&adk=855761454&adf=2722944954&pi=t.ma~as.0371843916&w=160&lmt=1630858413&psa=0&format=160x600&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413011&bpp=1&bdt=232&idt=254&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1420&ady=1263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=u19Q61eRO2&p=http%3A//www.softpanorama.org&dtd=258
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 05 Sep 2021 16:13:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 086C 0
0 30ms
29ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Czf1Arew0YbqNEpfP7_UP542gwAups5P2ZL6m1p7yDYnkycTYJBABINCzkQJglQKgAcPImZ0CyAEBqQJVV1a3bASpPqgDAcgDwwSqBLICT9A4XhL9q6SMOtfyMDCSK1_fDCEb5J2g0I8-NeWl8tXMxcZY9KPwNarZJlEKtzUb7wVkrMZhLc2Qas1H_tcklitX3-_uYJuGpCIB5YD5DGCaF3rTtLvYREPmWWqL7V4SDT4fCv38ttmBo225bZ09kfy97Ww2GjK3xJgWRj8rYrYe2HAY7trxrrYYZBPV6Zd2_te6tyQSL7OxJ9uagNT0lkd3yhDGqxEI2VNS5N_0TRKrdBeSU8VoLo7srJwkGyMA9cca3nNjS6lNszi96GwbXD3wn9m3L-7ECQz3GtzGGbBEH9K24kuSkPMr1V2fUYKwBG4qRptO4M4Nx3VmJqBtWKvDnExSdJEh3439yiI88Sp6_tB386ZtrFTWOSznLbWMukpoO-fgrx6IfreA0De5WtWWwASZxNrd0gOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGZoAHpbfm4gGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4b2AcB8gcEEM_mDtIICQiA4YAQEAEYH4AKAcgLAdgTDYgUB9AVAZgWAYAXAbIXHAoaCAASFHB1Yi00MDMxMjQ3MTM3MjY2NDQzGAA&sigh=IDXN2vneSiU

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3274064497&adk=3776831882&adf=4261137787&pi=t.ma~as.3274064497&w=336&lmt=1630858413&psa=0&format=336x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413013&bpp=1&bdt=233&idt=262&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0%2C160x600&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=26&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nEXGjeOB4A&p=http%3A//www.softpanorama.org&dtd=266
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 05 Sep 2021 16:13:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C9D0 143 B
163 B 7ms
5ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=600&slotname=0371843916&adk=855761454&adf=2722944954&pi=t.ma~as.0371843916&w=160&lmt=1630858413&psa=0&format=160x600&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413011&bpp=1&bdt=232&idt=254&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1420&ady=1263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=u19Q61eRO2&p=http%3A//www.softpanorama.org&dtd=258
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUluOL1i89BNXU-azzsgprIDLVb4aFuZjXkchq_XVN3nWKO5_d8JR4hAps2mS3s
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=600&slotname=0371843916&adk=855761454&adf=2722944954&pi=t.ma~as.0371843916&w=160&lmt=1630858413&psa=0&format=160x600&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413011&bpp=1&bdt=232&idt=254&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1420&ady=1263&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=u19Q61eRO2&p=http%3A//www.softpanorama.org&dtd=258

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 05 Sep 2021 15:52:36 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1257
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3FD0 1 KB
749 B 8ms
6ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 05 Sep 2021 12:12:35 GMT
expires: Mon, 06 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 14458
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 186F 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3274064497&adk=3776831882&adf=4261137787&pi=t.ma~as.3274064497&w=336&lmt=1630858413&psa=0&format=336x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413013&bpp=1&bdt=233&idt=262&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0%2C160x600&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=26&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nEXGjeOB4A&p=http%3A//www.softpanorama.org&dtd=266
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUluOL1i89BNXU-azzsgprIDLVb4aFuZjXkchq_XVN3nWKO5_d8JR4hAps2mS3s
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3274064497&adk=3776831882&adf=4261137787&pi=t.ma~as.3274064497&w=336&lmt=1630858413&psa=0&format=336x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413013&bpp=1&bdt=233&idt=262&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0%2C160x600&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=26&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nEXGjeOB4A&p=http%3A//www.softpanorama.org&dtd=266

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 05 Sep 2021 15:52:36 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1257
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5795 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 05 Sep 2021 12:12:35 GMT
expires: Mon, 06 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 14458
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 086C 221 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8fe8caef096c6690aba7954df80c1f08a6699d1849cc0122755d152b27248433

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1B4D 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 038464eb913b8af9ea073596f161f7e3d7648a7f98d3b74135245192c5682698

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

POST
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 086C 0
20 B 38ms
38ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=ChYIASoSc3F1YXJlLWV0YS12YW5pbGxhCgoIAioGc2VydmVyChoIBCoWbXlzaWRpYV9hbmFseXRpY3NfZXhwMgoHCAYqAzEwMAoNECshAAAAAACAUEAwBAoNEAMhAAAAnJkxfkAwBAoNEAohAAAAAGdmEkAwBAoNEA0hAAAAAAAAAAAwBAoNEB4qBzMzNngyODAwBAoNEBkqBzMzNngyODAwBAoNEA4hAAAAAAAAAAAwBAoNEAQhAAAA0MyMfkAwBAoNEA8hAAAAAAAAAAAwBAoNECshAAAAAACAUkAwBAoNEAUhAAAAAACQfkAwBAoNEBAhAAAAAEAd3kAwBAoNEBEhAAAAAAA1zEAwBAoNEBIhAAAAAAAAFEAwBAoNEBMhAAAAAAAACEAwBAoNEBchAAAAaGY6gUAwBBIaQ1BxWG5ZT2Q2UElDRlpmbnV3Z2Q1d1lJdUEiEHRleHQvdmFuaWxsYV9yZGEoAw==

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/6df559380d971ec13fbe12ea1840b051.js?tag=pingback

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 3FD0 35 B
463 B 18ms
8ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKsGBkD-RFxoJTCmxGPlwJs&google_cver=1&google_push=AYg5qPIikIWH3gJOunEIG_aSyHJQrUVOSPliiDW9SfnlHPOxzFoPHQejMNt62tVGXyrF-Yply__fg-uhjEiAFdlJW7aov8Omagw

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:33 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3FD0
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPKOlqOhaRM6hWknu3LC33iCsanmEjmzc3umnE2Ln6N8LKQJs6GfYHr6CPo2YAE7HA9BSnTUxSqnSDQlqlyhQFFXCTsimX4&google_gid=CAESEGFDxvbi2rWIiM5XGd0Sz8k&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCK3Z04kGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBLT2xxT2hhUk02aFdrbnUzTEMzM2lDc2FubUVqbXpjM3VtbkUyTG42TjhMS1FKczZHZllIcjZDUG8yWUFFN0hBOUJTblRVeFNxblNEUWxxbH...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwam5WQzNmWW1xN29LZm9MQTBPS3R2dDhQT0JQRnVyLXkxUmJqV3ZERlNGMA==&google_push

170 B
188 B

35ms
34ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwam5WQzNmWW1xN29LZm9MQTBPS3R2dDhQT0JQRnVyLXkxUmJqV3ZERlNGMA==&google_push

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwam5WQzNmWW1xN29LZm9MQTBPS3R2dDhQT0JQRnVyLXkxUmJqV3ZERlNGMA==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3FD0
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEEihrivouz1Z4bZWpWPUpDI&google_cver=1&google_push=AYg5qPJ5_m5UYFxzzU9YIlzMPRaZex-6auUn_pbIYNN4KtXgPGj3SET_dxlg1S8UDdgXmTQWRUXkq_XpIwWhON4p43HFOz6D-Q
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJ5_m5UYFxzzU9YIlzMPRaZex-6auUn_pbIYNN4KtXgPGj3SET_dxlg1S8UDdgXmTQWRUXkq_XpIwWhON4p43HFOz6D-Q&google_hm=_EYb2iSWxFcw48x3cI9XYg==

170 B
188 B

34ms
34ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJ5_m5UYFxzzU9YIlzMPRaZex-6auUn_pbIYNN4KtXgPGj3SET_dxlg1S8UDdgXmTQWRUXkq_XpIwWhON4p43HFOz6D-Q&google_hm=_EYb2iSWxFcw48x3cI9XYg==

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJ5_m5UYFxzzU9YIlzMPRaZex-6auUn_pbIYNN4KtXgPGj3SET_dxlg1S8UDdgXmTQWRUXkq_XpIwWhON4p43HFOz6D-Q&google_hm=_EYb2iSWxFcw48x3cI9XYg==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: gg99f34t4ddas76v7615qa29gflctstn

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3FD0
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1LnHZri-QWmpUa3NzV9Rvg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

46ms
37ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1LnHZri-QWmpUa3NzV9Rvg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI23M0mZTNCzmz7knQBAxH0wV1qaULBYVS62N3Br8DYyuo6e7cRTRHR9wHIKPDnhVkcI6ZGvnU93_CVi5pA_2fST7xnZA

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1LnHZri-QWmpUa3NzV9Rvg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI23M0mZTNCzmz7knQBAxH0wV1qaULBYVS62N3Br8DYyuo6e7cRTRHR9wHIKPDnhVkcI6ZGvnU93_CVi5pA_2fST7xnZA
date: Sun, 05 Sep 2021 16:13:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3FD0
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENhb5b6DCpcu0npvpCdcHfU&google_cver=1&google_push=AYg5qPL8Ex5QZy_1CD6irHiAb8UVLAP63r9ts9zzfR6N3PKVqH_5TD7hdJM5A8Y60uJEhOnMZgx...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q3RVpQVjQtMU8tR1o4WQ==&google_push=AYg5qPL8Ex5QZy_1CD6irHiAb8UVLAP63r9ts9zzfR6N3PKVqH_5TD7hdJM5A8Y60uJEhOnMZgxqmpzbnv8OFC2PNv5eOfZHMnU

170 B
188 B

35ms
35ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q3RVpQVjQtMU8tR1o4WQ==&google_push=AYg5qPL8Ex5QZy_1CD6irHiAb8UVLAP63r9ts9zzfR6N3PKVqH_5TD7hdJM5A8Y60uJEhOnMZgxqmpzbnv8OFC2PNv5eOfZHMnU

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q3RVpQVjQtMU8tR1o4WQ==&google_push=AYg5qPL8Ex5QZy_1CD6irHiAb8UVLAP63r9ts9zzfR6N3PKVqH_5TD7hdJM5A8Y60uJEhOnMZgxqmpzbnv8OFC2PNv5eOfZHMnU
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 3FD0
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022q...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 3FD0
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESELZ3Jws33e04lfWn4NDUYZU&google_cver=1&google_push=AYg5qPLDDcYmHj_4J-3Vptvm...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLDDcYmHj_4J-3VptvmIrDd9JYpE18R-mBYIYDw-TRZIflgetYB0HnRSXoC1v64b4vj6yDRn6I9ayXVICE7t_Lqo3wh5wb7&google_hm=

170 B
188 B

35ms
34ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLDDcYmHj_4J-3VptvmIrDd9JYpE18R-mBYIYDw-TRZIflgetYB0HnRSXoC1v64b4vj6yDRn6I9ayXVICE7t_Lqo3wh5wb7&google_hm=

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLDDcYmHj_4J-3VptvmIrDd9JYpE18R-mBYIYDw-TRZIflgetYB0HnRSXoC1v64b4vj6yDRn6I9ayXVICE7t_Lqo3wh5wb7&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Sat, 04 Sep 2021 16:13:34 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 3FD0 0
59 B 36ms
30ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LXIOErSkDEs8Llw7aExgTvsp9GajYx3ob6XbBUZKzMioa4cKJtUb9yFqcdr1DvFzYQMHKG4w

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 5795 35 B
463 B 10ms
7ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELks0VI94sTxA6CnSpFF7JA&google_cver=1&google_push=AYg5qPKN8Ka0_-9Ckjfxm2I7sRwU3p4CjPJpHhyeggXyZFGqwxuC6eOzL22lH48L99A6SYgQVRAFAbxLMBJalhm3dRxh9c-9WlU

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:33 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 466606.gif
id.rlcdn.com/ Frame 5795 42 B
189 B 28ms
26ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLXSkVf8dAr_-MOZCjJ4Z0BWeZynDuXifKQlj6CEDegLE_heS8lYcsqysQuKShgwY-kbHZG7exkC4jQdKz79aHCQRG_dcA&google_gid=CAESEPz9vflNdpvK70MH2_GB07I&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3274064497&adk=3776831882&adf=4261137787&pi=t.ma~as.3274064497&w=336&lmt=1630858413&psa=0&format=336x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413013&bpp=1&bdt=233&idt=262&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0%2C160x600&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=26&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nEXGjeOB4A&p=http%3A//www.softpanorama.org&dtd=266
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5795
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEESmqSg_gWcptEhkj7d2p1E&google_cver=1&google_push=AYg5qPJxM8lSydR6MSCH6jPfK6qSONXeeuJC-aMg7W31j4ODJhGWohomWGzg9UdxG2neNxcN5RtYRFhcxCUL2BApEO3gPgIPCiM
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJxM8lSydR6MSCH6jPfK6qSONXeeuJC-aMg7W31j4ODJhGWohomWGzg9UdxG2neNxcN5RtYRFhcxCUL2BApEO3gPgIPCiM&google_hm=_EYb2iSWxFcw48x3cI9XYg==

170 B
188 B

35ms
34ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJxM8lSydR6MSCH6jPfK6qSONXeeuJC-aMg7W31j4ODJhGWohomWGzg9UdxG2neNxcN5RtYRFhcxCUL2BApEO3gPgIPCiM&google_hm=_EYb2iSWxFcw48x3cI9XYg==

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:33 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJxM8lSydR6MSCH6jPfK6qSONXeeuJC-aMg7W31j4ODJhGWohomWGzg9UdxG2neNxcN5RtYRFhcxCUL2BApEO3gPgIPCiM&google_hm=_EYb2iSWxFcw48x3cI9XYg==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: ucbs4u6ffdk64qj5bgoed8r7ps8g4f87

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5795
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1LnHZri-QWmpUa3NzV9Rvg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

45ms
36ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1LnHZri-QWmpUa3NzV9Rvg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ8HBT54mM4C6YPq2GDg1PJsA4ctzfU90q0UelUbv95nXXqzZqeobPue8CsuNtjqLqm6h3jv0a0qkwvBkOfEoqYMLt2y78

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1LnHZri-QWmpUa3NzV9Rvg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ8HBT54mM4C6YPq2GDg1PJsA4ctzfU90q0UelUbv95nXXqzZqeobPue8CsuNtjqLqm6h3jv0a0qkwvBkOfEoqYMLt2y78
date: Sun, 05 Sep 2021 16:13:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5795
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPy0P7BAO3bg0A4Jw7-SDg8&google_cver=1&google_push=AYg5qPKbFEMV9nPbZEjZ5iuUHD91yJ18Bt_XjrQvUKm45kwYdTIR7clvROQJcIfBEBobBg70BB8...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q3RVpQVlItMTktODhKNw==&google_push=AYg5qPKbFEMV9nPbZEjZ5iuUHD91yJ18Bt_XjrQvUKm45kwYdTIR7clvROQJcIfBEBobBg70BB8DAPSR8mQY4zPYt4UVrovKP6s

170 B
188 B

34ms
34ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q3RVpQVlItMTktODhKNw==&google_push=AYg5qPKbFEMV9nPbZEjZ5iuUHD91yJ18Bt_XjrQvUKm45kwYdTIR7clvROQJcIfBEBobBg70BB8DAPSR8mQY4zPYt4UVrovKP6s

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Q3RVpQVlItMTktODhKNw==&google_push=AYg5qPKbFEMV9nPbZEjZ5iuUHD91yJ18Bt_XjrQvUKm45kwYdTIR7clvROQJcIfBEBobBg70BB8DAPSR8mQY4zPYt4UVrovKP6s
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 5795
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MD...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 5795 43 B
297 B 72ms
21ms Image
image/gif 2a05:d01c:1d8:8101:8678:af0d:fda8:5a84
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEAb6q3PXJbtK8ssb-d_Qy20&google_cver=1&google_push=AYg5qPI9amFo5YzqCdQsOhI-NsnQMQi23mvRrY81sW-eB8JefN2ul0NPgt9aFYbUgRBj1IAKDoWeg8eKdC-UK-UpfMYhZ9iLcA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3274064497&adk=3776831882&adf=4261137787&pi=t.ma~as.3274064497&w=336&lmt=1630858413&psa=0&format=336x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&wgl=1&dt=1630858413013&bpp=1&bdt=233&idt=262&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C0x0%2C160x600&nras=1&correlator=5731227515698&frm=20&pv=1&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=26&ady=1266&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nEXGjeOB4A&p=http%3A//www.softpanorama.org&dtd=266
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8101:8678:af0d:fda8:5a84 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:33 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 5795 0
49 B 34ms
33ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JYyN_YwiJiKXR7DB49yXiU3xlcTOSFefu4b91eXk2iTgPYtWXwxnkJkAvf1_biVZ3-XTvv

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:33 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 086C 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 18:10:03 GMT
x-content-type-options: nosniff
age: 338610
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 18:10:03 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 086C 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 18:10:03 GMT
x-content-type-options: nosniff
age: 338610
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 18:10:03 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C9D0
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

24ms
23ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZq5lcBqMtUIEwjCZsjDcHYMy2IReIdDnLUtBryRiXVeC2km0iqPqiZX69TSU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 05 Sep 2021 16:13:33 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 05-Sep-2021 17:13:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 05 Sep 2021 16:13:33 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 05 Sep 2021 16:13:33 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 186F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

19ms
18ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZq5lcBqMtUIEwjCZsjDcHYMy2IReIdDnLUtBryRiXVeC2km0iqPqiZX69TSU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 05 Sep 2021 16:13:33 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 05-Sep-2021 17:13:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 05 Sep 2021 16:13:33 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 05 Sep 2021 16:13:33 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js Show response
pagead2.googlesyndication.com/bg/ Frame 468C 35 KB
13 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b23e7d8882806a2f0d3ac78e8afeafde83c77e229c62720251fb59dcc6866a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 14:08:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13351
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 05 Sep 2022 14:08:57 GMT

GET
H3-29 200 WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js Show response
pagead2.googlesyndication.com/bg/ Frame 6649 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b23e7d8882806a2f0d3ac78e8afeafde83c77e229c62720251fb59dcc6866a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 14:08:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13351
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 05 Sep 2022 14:08:57 GMT

POST
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 086C 0
20 B 43ms
42ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=ChYIASoSc3F1YXJlLWV0YS12YW5pbGxhCgoIAioGc2VydmVyChoIBCoWbXlzaWRpYV9hbmFseXRpY3NfZXhwMgoHCAYqAzEwMAoNEBQhAAAAAEDz0UAwBAoNEBUhAAAAAAAALEAwBAoNEBYhAAAAAAAAGEAwBAoNEBghAAAAAADIg0AwBBIaQ1BxWG5ZT2Q2UElDRlpmbnV3Z2Q1d1lJdUEiEHRleHQvdmFuaWxsYV9yZGEoAw==

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/6df559380d971ec13fbe12ea1840b051.js?tag=pingback

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 0BF2 6 KB
669 B 33ms
24ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 05 Sep 2021 15:01:55 GMT
server: ESF
date: Sun, 05 Sep 2021 16:13:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 05 Sep 2021 16:13:33 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 0BF2 1 KB
857 B 35ms
13ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:12:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
server: cafe
etag: 3558876194914413708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:12:05 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame 0BF2 18 KB
7 KB 24ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 156
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:10:57 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 0BF2 2 KB
1 KB 24ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:12:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:12:32 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0BF2 122 KB
37 KB 29ms
27ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:33 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sun, 05 Sep 2021 16:13:33 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 0BF2 14 KB
6 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 156
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:10:57 GMT

GET
H3-29 200 550517e8bc13b6c9510094b6b7001d9c.js Show response
www.gstatic.com/mysidia/ Frame 0BF2 26 KB
11 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/550517e8bc13b6c9510094b6b7001d9c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5469740595a44003b8884f40783d63ac3c9b57e1a00ad6f29c4fff55153717de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 11:21:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 190344
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10776
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 17:32:58 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 02 Dec 2021 11:21:09 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0BF2 0
0 34ms
33ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cuv7brew0YbWjD6S5lQeFxpzABJHy-7Bk49rdpYAOsJAfEAEg0LORAmCVAqAB-sDUzgPIAQmpArfO9ogf7rM-qAMByAPLBKoEuQJP0LM8gwwNGAydld4OWizerFmBx1Ykofcazp_NjYkCnrjiGdkvQrOAMNSKcFoXPVkWQT_76i6JF6Tx4XUQqAQO32Qw8g3IpasQFp3qEDHA8sujdMGfvEVbDzWThqPCsmejDxDQVUVDKEmwqMnN-Kqr2-Ft1YYhJ_uouf0bvB3xx7aK17Fy0VfBZrdCKXgUgys0lFQAHqnG82Or4Suan5ys-N4jOL_eS3PCf4D2Yu1lpjS7NZkqn0w3Razg3bq_KsPL7thfIiIH3etGRsuCVqoFrLpE32qxc9Gs07fswJZVp6-BnkbY4hoEXqvAnEPAnpMwkEzB3eH3XDms_FdMGm21CuYuYGRTABnYEE3H9GivhYyN95V09zKOrbrw7hKPwEwVjTaoeSLIfHIThOwO3EJVXMmo3bjDPbqawASS4KOu0AOgBi6AB-6-qzGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4b2AcA8gcEEM26F9IICQiA4YAQEAEYH4AKAcgLAdgTA4gUAdAVAYAXAbIXHAoaCAASFHB1Yi00MDMxMjQ3MTM3MjY2NDQzGAA&sigh=oSSkLnxMaEw&template_id=484

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 05 Sep 2021 16:13:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/17413837087603778193/ Frame 0BF2 11 KB
11 KB 24ms
10ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17413837087603778193/downsize_200k_v1?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c58f43214ce342d90c847c9a2a1472855a3be06143f9b4a1676f5dd0a93d4a27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 09:00:17 GMT
x-content-type-options: nosniff
age: 371596
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11682
x-xss-protection: 0
last-modified: Wed, 07 Apr 2021 08:04:06 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 09:00:17 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5554267693690589190/ Frame 0BF2 2 KB
2 KB 26ms
12ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5554267693690589190/downsize_200k_v1?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

822d50117042efa3a518bd3de93a7db2f3d1dc5a5d07bdd284ee52c33d818060

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 13:00:26 GMT
x-content-type-options: nosniff
age: 443587
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2534
x-xss-protection: 0
last-modified: Mon, 22 Mar 2021 11:04:25 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 13:00:26 GMT

GET
DATA 200
OK truncated
/ Frame 0BF2 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0063 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 05 Sep 2021 12:12:35 GMT
expires: Mon, 06 Sep 2021 12:12:35 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 14459
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0BF2 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8aa9a76e4d758785f2dd6c6f3010d95a7915f5ff77da647f29e949f6845560d7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 0BF2 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 14:23:42 GMT
x-content-type-options: nosniff
age: 6592
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 05 Sep 2022 14:23:42 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 0BF2 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 07:18:45 GMT
x-content-type-options: nosniff
age: 204889
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 07:18:45 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0063
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEOZHmJzU4s61lZgPYRyurSA&google_cver=1&google_push=AYg5qPLnGEyDwFDLaxFPoxlu_iAxJgnNXkh8DjOIrVSmPgLdfynZE7MDRg...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPLnGEyDwFDLaxFPoxlu_iAxJgnNXkh8DjOIrVSmPgLdfynZE7MDRg55PaQe739fDC2_bI3M-chRwN3GXthcTNA_Gn6p9uI&google_hm=1CMFKk_...

170 B
188 B

36ms
35ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPLnGEyDwFDLaxFPoxlu_iAxJgnNXkh8DjOIrVSmPgLdfynZE7MDRg55PaQe739fDC2_bI3M-chRwN3GXthcTNA_Gn6p9uI&google_hm=1CMFKk_c2KVbiX2D1Gp9zg

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPLnGEyDwFDLaxFPoxlu_iAxJgnNXkh8DjOIrVSmPgLdfynZE7MDRg55PaQe739fDC2_bI3M-chRwN3GXthcTNA_Gn6p9uI&google_hm=1CMFKk_c2KVbiX2D1Gp9zg
pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0063
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLerSzg6UyQ_uWbrw2qqx5xIGQJYm5yLeatOSE...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVRUc3JnQUFCU0M5UVFKMw&google_push=AYg5qPLerSzg6UyQ_uWbrw2qqx5xIGQJYm5yLeatOSEya419h4ZIvRKtO8lT6_tcVgbZMAUBrJzA0THFsHPCG-ewexQWnwsggg

170 B
188 B

34ms
34ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVRUc3JnQUFCU0M5UVFKMw&google_push=AYg5qPLerSzg6UyQ_uWbrw2qqx5xIGQJYm5yLeatOSEya419h4ZIvRKtO8lT6_tcVgbZMAUBrJzA0THFsHPCG-ewexQWnwsggg

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVRUc3JnQUFCU0M5UVFKMw&google_push=AYg5qPLerSzg6UyQ_uWbrw2qqx5xIGQJYm5yLeatOSEya419h4ZIvRKtO8lT6_tcVgbZMAUBrJzA0THFsHPCG-ewexQWnwsggg
Date: Sun, 05 Sep 2021 16:13:34 GMT
Server: Apache
Connection: keep-alive
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0063
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEGFl_0CbgevH_i41EdlFazk&google_cver=1&google_push=AYg5qPKOE_NumL-IMMcsKbGu_2JZ3Vvj1U89_Ct-dp6ycmJ3MfTio9qSyVtDhomrOY28DWCzxx1i4rPnWGuvzkl-v4UGnzM_i7s
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKOE_NumL-IMMcsKbGu_2JZ3Vvj1U89_Ct-dp6ycmJ3MfTio9qSyVtDhomrOY28DWCzxx1i4rPnWGuvzkl-v4UGnzM_i7s&google_hm=Q0FFU0VHRmxfMENiZ2V2SF...

170 B
188 B

38ms
38ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKOE_NumL-IMMcsKbGu_2JZ3Vvj1U89_Ct-dp6ycmJ3MfTio9qSyVtDhomrOY28DWCzxx1i4rPnWGuvzkl-v4UGnzM_i7s&google_hm=Q0FFU0VHRmxfMENiZ2V2SF9pNDFFZGxGYXpr

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 05 Sep 2021 16:13:33 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKOE_NumL-IMMcsKbGu_2JZ3Vvj1U89_Ct-dp6ycmJ3MfTio9qSyVtDhomrOY28DWCzxx1i4rPnWGuvzkl-v4UGnzM_i7s&google_hm=Q0FFU0VHRmxfMENiZ2V2SF9pNDFFZGxGYXpr
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 466606.gif
id.rlcdn.com/ Frame 0063 42 B
307 B 26ms
25ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLS5XezEeLz39IFrCMvKrbUpwC8cyQXB3juNScVPfFtcutvntXyeuq7zdT3Slppl-v6O-QqzX_cB14Tw_V-NDmTbQ8BfrE&google_gid=CAESEH-xCLfMt6CoVGpRi5Q99HI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 05 Sep 2021 16:13:34 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0063
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1LnHZri-QWmpUa3NzV9Rvg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

36ms
35ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1LnHZri-QWmpUa3NzV9Rvg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI0R9bM-N8NCKuyMWQHa4ImvZxamaXVP9cP0tk77GkUnsMQJzfqifMosf6ePiurlVrt1Q0U0IXXsYuwEcoZWxj27QW0Hxw

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1LnHZri-QWmpUa3NzV9Rvg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI0R9bM-N8NCKuyMWQHa4ImvZxamaXVP9cP0tk77GkUnsMQJzfqifMosf6ePiurlVrt1Q0U0IXXsYuwEcoZWxj27QW0Hxw
date: Sun, 05 Sep 2021 16:13:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET

pixel
cm.g.doubleclick.net/ Frame 0063
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKt...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0063
Redirect Chain

https://ag.innovid.com/trk?tid=11711&google_gid=CAESEEwBfIs8isv_TLoqisg6QF4&google_cver=1&google_push=AYg5qPLY_Esl22yB-es7AyuoOYg-hEYJeDkEpw5pT8MCBayOVFdNfO_NMN7tjFW0o1HHftBR4e1du3Me2SqP-18KJgJupnX...
https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPLY_Esl22yB-es7AyuoOYg-hEYJeDkEpw5pT8MCBayOVFdNfO_NMN7tjFW0o1HHftBR4e1du3Me2SqP-18KJgJupnX_X-s&google_hm=ypD49bFxTbyQvoN5Y...

170 B
188 B

35ms
35ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPLY_Esl22yB-es7AyuoOYg-hEYJeDkEpw5pT8MCBayOVFdNfO_NMN7tjFW0o1HHftBR4e1du3Me2SqP-18KJgJupnX_X-s&google_hm=ypD49bFxTbyQvoN5YrbZng

Requested by

Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPLY_Esl22yB-es7AyuoOYg-hEYJeDkEpw5pT8MCBayOVFdNfO_NMN7tjFW0o1HHftBR4e1du3Me2SqP-18KJgJupnX_X-s&google_hm=ypD49bFxTbyQvoN5YrbZng
pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
cache-control: no-cache
content-length: 0
request-time: 1
expires: -1

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 0063 0
12 B 33ms
32ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L63TfrE5ZcKkLuqkAnc4IOIc4lsGBDl1K6d1zrzOImwenE0jdeIJ9I_tZXQfj_fQKL1p4u

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:34 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js Show response
pagead2.googlesyndication.com/bg/ Frame C95A 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b23e7d8882806a2f0d3ac78e8afeafde83c77e229c62720251fb59dcc6866a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 14:08:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7477
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13351
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 05 Sep 2022 14:08:57 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/ Frame 6358 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=90&slotname=2589461422&adk=3812213861&adf=3408173157&pi=t.ma~as.2589461422&w=728&lmt=1630858413&url=http%3A%2F%2Fwww.softpanorama.org%2Ftopupdates.shtml&flash=0&wgl=1&dt=1630858413304&bpp=14&bdt=145&idt=72&shv=r20210831&mjsv=m202109010101&ptt=5&saldr=sa&correlator=5731227515698&frm=21&ife=1&pv=1&ga_vid=1666206666.1630858413&ga_sid=1630858413&ga_hid=1067035641&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=389&ady=21344&biw=1600&bih=1200&isw=1480&ish=320&ifk=352169860&scr_x=0&scr_y=0&eid=21065725%2C21067665%2C31062297&oid=3&pvsid=3551126409740499&top=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1480%2C320&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.gy6htlngvnjo&btvi=1&fsb=1&xpc=H65P0wtxh5&p=http%3A//www.softpanorama.org&dtd=80

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 157
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:10:57 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 6358 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:12:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:12:32 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6358 122 KB
37 KB 178ms
177ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:34 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630496346997469"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sun, 05 Sep 2021 16:13:34 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/ Frame 6358 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210831/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 157
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Sep 2021 16:10:57 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/ Frame EAC4 23 KB
6 KB 9ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f725b9ab38e04e239e4c7392732554d1cd5d88a48995c5ea0b5ff009a0893561

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Thu, 02 Sep 2021 03:10:44 GMT
expires: Fri, 02 Sep 2022 03:10:44 GMT
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 6583
age: 306170
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6358 0
0 32ms
29ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CXaqMrew0YZPPGMOL7_UP_LqgkA2lwMbkZLuNmP2uDprA48LBARABINCzkQJglQKgAZ_StbcByAEJqQK3zvaIH-6zPqgDAcgDSKoE7AFP0NTX8zHrVe0G270SmxTi82uGKOazMks3AjGTS0B2lq9hYPI2MwvqbPh13TC6pAJSwRkxHWWBCBLMrZ0i1jep51QJwciMKCvigGTPug7TR7JOX7LrQjGWDL7LawiIqV7PKRM-hUXchtvcT0OeczCH49NaDXtTmTqLukQt9c4To7LrlKvmqtrq2RUYcMycmQs3vTf2KqlbNYTw5P85ocv5ql_mKPkzmtTSrAkUVS0Gg84ovTVrpFnydi9jxtoIjmWXFteL7X4rTyuc54gwoeeeJXv_GIsltophn0sq-go7TzwuFXo7m8AxdwtXQMAE5Ze_49MDkgUECAQYAZIFBAgFGASgBi6AB8mtysgCqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G9gHAPIHBBDzqRrSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItNDAzMTI0NzEzNzI2NjQ0MxgA&sigh=GSH-l005aQw&template_id=419

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=90&slotname=2589461422&adk=3812213861&adf=3408173157&pi=t.ma~as.2589461422&w=728&lmt=1630858413&url=http%3A%2F%2Fwww.softpanorama.org%2Ftopupdates.shtml&flash=0&wgl=1&dt=1630858413304&bpp=14&bdt=145&idt=72&shv=r20210831&mjsv=m202109010101&ptt=5&saldr=sa&correlator=5731227515698&frm=21&ife=1&pv=1&ga_vid=1666206666.1630858413&ga_sid=1630858413&ga_hid=1067035641&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=389&ady=21344&biw=1600&bih=1200&isw=1480&ish=320&ifk=352169860&scr_x=0&scr_y=0&eid=21065725%2C21067665%2C31062297&oid=3&pvsid=3551126409740499&top=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1480%2C320&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.gy6htlngvnjo&btvi=1&fsb=1&xpc=H65P0wtxh5&p=http%3A//www.softpanorama.org&dtd=80
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 05 Sep 2021 16:13:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C67E 143 B
163 B 7ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=90&slotname=2589461422&adk=3812213861&adf=3408173157&pi=t.ma~as.2589461422&w=728&lmt=1630858413&url=http%3A%2F%2Fwww.softpanorama.org%2Ftopupdates.shtml&flash=0&wgl=1&dt=1630858413304&bpp=14&bdt=145&idt=72&shv=r20210831&mjsv=m202109010101&ptt=5&saldr=sa&correlator=5731227515698&frm=21&ife=1&pv=1&ga_vid=1666206666.1630858413&ga_sid=1630858413&ga_hid=1067035641&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=389&ady=21344&biw=1600&bih=1200&isw=1480&ish=320&ifk=352169860&scr_x=0&scr_y=0&eid=21065725%2C21067665%2C31062297&oid=3&pvsid=3551126409740499&top=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1480%2C320&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.gy6htlngvnjo&btvi=1&fsb=1&xpc=H65P0wtxh5&p=http%3A//www.softpanorama.org&dtd=80
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZq5lcBqMtUIEwjCZsjDcHYMy2IReIdDnLUtBryRiXVeC2km0iqPqiZX69TSU; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=90&slotname=2589461422&adk=3812213861&adf=3408173157&pi=t.ma~as.2589461422&w=728&lmt=1630858413&url=http%3A%2F%2Fwww.softpanorama.org%2Ftopupdates.shtml&flash=0&wgl=1&dt=1630858413304&bpp=14&bdt=145&idt=72&shv=r20210831&mjsv=m202109010101&ptt=5&saldr=sa&correlator=5731227515698&frm=21&ife=1&pv=1&ga_vid=1666206666.1630858413&ga_sid=1630858413&ga_hid=1067035641&ga_fc=0&nhd=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=389&ady=21344&biw=1600&bih=1200&isw=1480&ish=320&ifk=352169860&scr_x=0&scr_y=0&eid=21065725%2C21067665%2C31062297&oid=3&pvsid=3551126409740499&top=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1480%2C320&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=23&ifi=1&uci=1.gy6htlngvnjo&btvi=1&fsb=1&xpc=H65P0wtxh5&p=http%3A//www.softpanorama.org&dtd=80

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 05 Sep 2021 15:52:36 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1258
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 6358 0
20 B 54ms
39ms Other
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNPZo4Od6PICFcPFuwgdfB0I0g&gqi=rew0YYqLGNfH7_UP0dKeqAE&layout=/sadbundle/%24csp%253Der3%24/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame EAC4 9 KB
3 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 22:57:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62182
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 05 Sep 2021 22:57:12 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame EAC4 26 KB
10 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 14:25:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6468
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 06 Sep 2021 14:25:46 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C67E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

17ms
17ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZq5lcBqMtUIEwjCZsjDcHYMy2IReIdDnLUtBryRiXVeC2km0iqPqiZX69TSU; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 05 Sep 2021 16:13:34 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 05-Sep-2021 17:13:34 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 05 Sep 2021 16:13:34 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 05 Sep 2021 16:13:34 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 bg4.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/ Frame EAC4 17 KB
17 KB 15ms
13ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/bg4.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

212bba10b0296385eea28246f09af63ca6f142b4f8884a420e06be7675b93cac

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 402371
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17556
x-xss-protection: 0
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
server: sffe
date: Wed, 01 Sep 2021 00:27:23 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 01 Sep 2022 00:27:23 GMT

GET
H3-29 200 bg3.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/ Frame EAC4 17 KB
17 KB 13ms
11ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/bg3.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

212bba10b0296385eea28246f09af63ca6f142b4f8884a420e06be7675b93cac

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 117138
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17556
x-xss-protection: 0
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
server: sffe
date: Sat, 04 Sep 2021 07:41:16 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Sep 2022 07:41:16 GMT

GET
H3-29 200 bg2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/ Frame EAC4 19 KB
19 KB 12ms
10ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/bg2.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

200c3bbff43c818766c26c75125ededd70fcd88a97b38db3e7ac1fb165772768

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 434851
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18975
x-xss-protection: 0
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
server: sffe
date: Tue, 31 Aug 2021 15:26:03 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 15:26:03 GMT

GET
H3-29 200 bg1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/ Frame EAC4 12 KB
12 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/bg1.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55f051d54689dbc4f84551930f6a6eba3edafbf7727d627a803bd4d6bb9b3c0f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 33689
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11879
x-xss-protection: 0
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
server: sffe
date: Sun, 05 Sep 2021 06:52:05 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 05 Sep 2022 06:52:05 GMT

GET
H3-29 200 logo.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/ Frame EAC4 839 B
868 B 20ms
18ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/logo.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0451b9afc78c95abccb051407ecaa06ea63716d135fabd7047620c468ad476e6

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 19053
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 839
x-xss-protection: 0
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
server: sffe
date: Sun, 05 Sep 2021 10:56:01 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 05 Sep 2022 10:56:01 GMT

GET
H3-29 200 copy1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/ Frame EAC4 4 KB
4 KB 19ms
17ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/copy1.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9782836c0bb5cd7d648bf1cfe42d5b58aefd2df7132baf86e39ae108b418743d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 432379
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3907
x-xss-protection: 0
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
server: sffe
date: Tue, 31 Aug 2021 16:07:15 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 16:07:15 GMT

GET
H3-29 200 copy2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/ Frame EAC4 4 KB
4 KB 18ms
16ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/copy2.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec61671bb0bfd1964f3b690f262dc86e4a7de540cffa74e922e6a4545ed74004

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 213778
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4360
x-xss-protection: 0
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
server: sffe
date: Fri, 03 Sep 2021 04:50:36 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 04:50:36 GMT

GET
H3-29 200 copy3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/ Frame EAC4 4 KB
4 KB 17ms
15ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/copy3.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d6664b6727ad354121e39314012bdea5f33fa778c925075356c9f2cb9d396a1

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 117138
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4283
x-xss-protection: 0
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
server: sffe
date: Sat, 04 Sep 2021 07:41:16 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Sep 2022 07:41:16 GMT

GET
H3-29 200 endFrame1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/ Frame EAC4 886 B
917 B 20ms
19ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/endFrame1.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1acb4c63b698b2a2b731d34e52fb7f05aec576d4a9c216a02bcc820446786960

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 213704
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 886
x-xss-protection: 0
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
server: sffe
date: Fri, 03 Sep 2021 04:51:50 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Sep 2022 04:51:50 GMT

GET
H3-29 200 endFrame2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/ Frame EAC4 683 B
714 B 19ms
18ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/endFrame2.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e1319eb84b7dd7423d4b2770ded81b757c3dca8993480d135a1c1ec54501f864

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 80996
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 683
x-xss-protection: 0
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
server: sffe
date: Sat, 04 Sep 2021 17:43:38 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Sep 2022 17:43:38 GMT

GET
H3-29 200 endFrame3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/ Frame EAC4 4 KB
4 KB 20ms
18ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/endFrame3.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99f9751c2939f5966e0b7d95df72db0e2064282034bf0c9a581239cbd6d8e7de

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 89207
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4235
x-xss-protection: 0
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
server: sffe
date: Sat, 04 Sep 2021 15:26:47 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 04 Sep 2022 15:26:47 GMT

GET
H3-29 200 endFrame4.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/ Frame EAC4 2 KB
2 KB 20ms
19ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/endFrame4.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc10b3f7638f5ce69fcbe938a7f811bef7988d0e051f8f27b332d80f565504c9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 322150
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1701
x-xss-protection: 0
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
server: sffe
date: Wed, 01 Sep 2021 22:44:24 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/content-ads-owners
expires: Thu, 01 Sep 2022 22:44:24 GMT

GET
H3-29 200 cta.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/ Frame EAC4 656 B
688 B 20ms
19ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/images/cta.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9266851266358453199/Front_728x90_v2_modified/Front_728x90_v2/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48667dfe9c7056568317a0899b0e98fb79b44bc6b3266c0c55fac54d1369eeb5

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 445806
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 656
x-xss-protection: 0
last-modified: Fri, 13 Aug 2021 14:40:28 GMT
server: sffe
date: Tue, 31 Aug 2021 12:23:28 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 12:23:28 GMT

GET
H3-29 200 WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js Show response
pagead2.googlesyndication.com/bg/ Frame EAC4 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b23e7d8882806a2f0d3ac78e8afeafde83c77e229c62720251fb59dcc6866a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 14:08:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7477
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13351
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 05 Sep 2022 14:08:57 GMT

GET
DATA 200
OK truncated
/ Frame 6358 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3abcc63d7119912197a429e4d80e21ee5019e1616f0406bd1090391c77b130e9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1458 11 KB
9 KB 40ms
19ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210831&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4990716d62fc2affa4c73cdbcc0d573c98017261e72e36942aa702a5b2a96037

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 05 Sep 2021 16:13:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8605
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1458 17 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sun, 05 Sep 2021 16:13:34 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 0AE6 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.softpanorama.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: http://www.softpanorama.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Sun, 05 Sep 2021 15:29:53 GMT
expires: Mon, 05 Sep 2022 15:29:53 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2621
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2EE7 783 B
942 B 15ms
15ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c79142032f14e750467082596dcae9c4e6c9a89aebb3325c0d5f040d51767aa6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qzHqKXmi3uwcMjyLCPIcrg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.softpanorama.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: http://www.softpanorama.org/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 05 Sep 2021 16:13:34 GMT
date: Sun, 05 Sep 2021 16:13:34 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-qzHqKXmi3uwcMjyLCPIcrg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js Show response
pagead2.googlesyndication.com/bg/ Frame 0AE6 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b23e7d8882806a2f0d3ac78e8afeafde83c77e229c62720251fb59dcc6866a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 14:08:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7477
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13351
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 05 Sep 2022 14:08:57 GMT

GET
H3-29 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1458 0
0 71ms
60ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210831&jk=3551126409740499&bg=!NDelN3PNAAYJpm41CaY7ACkAdvg8Wvr_be92nyS58m_kZ6d7VkNS_HsjEAKTGR_Rky6j32IBum3dtgIAAABZUgAAAAxoAQcKAIqaL6BNqeoJ5x_COEWETrsp6O4gniYfzX0bQL-BpzWcTJP6qENHh2f7gTSBUfPGekQxqrnllilPfwq3uCYhhy6yq0QnW4dUbtwiWysQedO8mXyPHBBnFjV3yK3diJW2huHpLC9sN4qrWERSyyKmI3_WmFUfP_14u3rxSNNHYhkeysBu4LVUinwGZdaZAqlzknjEmUnV120x8JKbOZwYnbmFQtj9M_nFoYUc1v0J24cowHVvBwtlUwxySNrIqqFhyIrq_1g-fWiGbT9yAySlEFfaPIypxYuXImtNQu5YfhbP9NDE5udpULXAtrM8p1_zLYTDHRHVwuQIYCEfPDxVY3plGoEdXkFQvjhm2i8PPQSiGP7esTcM3JumkBUZYZFT21SoVOkbYbVXczS-r54AXZieyDxTpzepWoK8YfBVgEDSA-1tnbt0YCrCgnRy8Nk4W1gLxv5jQVr0PLgwFMwff6MFFRD3uZlSWfVvDdHgnLzPaRAGywNDiE0FV-9BuTaoZZQB95G7QLBTY6W9SfbdIFrdXUAUPRUEFk8z2Ml7iMrcxeKyD-IzIRJJSuUPS2WBcOpw4rHDWrHF8bQVAO9Qvqdx0QPl-nKhOzX4bzkvOm0NBhoeBlUNJqJvnQMJLktufdsNKOzRkAwBzEq08DOIK_c62tUSzwK3NiBJMJxWI5KTvqLWVR22LsHVgcPxDU6Ab0lBUcOblOq9BK7UdoIXwFrwNQhhLtnoQPbmoMyHGJIU7Z7zrZDrNCjqL680KOVDR_GEXoffsJ6xZpehx2AaaR5Kgz1pqQ6GjjW5j-48vpEkLxXfH5t2Kkq5m-S1pNWL3tQM6PLuKPiEmbGdZXOQAFZOhu-oCUutLO5iC9LFDLUVCB1l-BRUBff39H2cNlyMVUatToFG_KNIG5g0ks6cq4bUZAobzALEGOU8sg5XxDneEdOLTlg_xY5NqezqtfGXjCdhBCvJo-YI_PDpTN_opidpnW-rjbhybBq7bILHFFKIm-wxSZkt7y5FmpUi8MN-oN4HX1hPI_iySTw10__b_DrbNQ6oHH1d5ahCpvVAymhQs8sDmc38_RPcijgJQFYYcDxwTFgj5_A
Requested by: Host: www.softpanorama.org
URL: http://www.softpanorama.org/Malware/Malware_defense_history/Ch13_destructive_trojans_and_computer_sabotage/Zoo/cryptolocker.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0BF2 0
0 30ms
30ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CMuaPrew0YbWjD6S5lQeFxpzABJHy-7Bk49rdpYAOsJAfEAEg0LORAmCVAqAB-sDUzgPIAQmpArfO9ogf7rM-qAMBqgS5Ak_QszyDDA0YDJ2V3g5aLN6sWYHHViSh9xrOn82NiQKeuOIZ2S9Cs4Aw1IpwWhc9WRZBP_vqLokXpPHhdRCoBA7fZDDyDcilqxAWneoQMcDyy6N0wZ-8RVsPNZOGo8KyZ6MPENBVRUMoSbCoyc34qqvb4W3VhiEn-6i5_Ru8HfHHtorXsXLRV8Fmt0IpeBSDKzSUVAAeqcbzY6vhK5qfnKz43iM4v95Lc8J_gPZi7WWmNLs1mSqfTDdFrODdur8qw8vu2F8iIgfd60ZGy4JWqgWsukTfarFz0azTt-zAllWnr4GeRtjiGgReq8CcQ8CekzCQTMHd4fdcOaz8V0wabbUK5i5gZFMAGdgQTcf0aK-FjI33lXT3Mo6tuvDuEo_ATBWNNqh5Ish8chOE7A7cQlVcyajduMM9uprABJLgo67QA6AGLoAH7r6rMagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhvYBwDyBwQQzboX0ggJCIDhgBAQARgfgAoByAsB2BMDiBQB0BUBgBcBshccChoIABIUcHViLTQwMzEyNDcxMzcyNjY0NDMYAA&sigh=FB6lveE3pLE&vt=1&template_id=484

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4031247137266443&output=html&h=280&slotname=3389635737&adk=2306227976&adf=2653041513&pi=t.ma~as.3389635737&w=1200&fwrn=4&fwrnh=100&lmt=1630858413&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.softpanorama.org%2FMalware%2FMalware_defense_history%2FCh13_destructive_trojans_and_computer_sabotage%2FZoo%2Fcryptolocker.shtml&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1630858412991&bpp=7&bdt=211&idt=217&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&correlator=5731227515698&frm=20&pv=2&ga_vid=273114988.1630858413&ga_sid=1630858413&ga_hid=2138337387&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=144&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747620%2C21066430%2C31062297%2C31062093&oid=3&pvsid=1110570093447730&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=SjTNmvfBcm&p=http%3A//www.softpanorama.org&dtd=241
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 05 Sep 2021 16:13:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 05 Sep 2021 16:13:35 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0BF2 42 B
64 B 34ms
33ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstBHgXFNiKpO1cZ1C3TmeRRjH0aXvGDTNIUZrgBjHvAFaveQoDxR-jnYQm7cUjpHnTTtDXPeB6ZM35K_N_HzYz4A8fFVrB_622fSo1HOEEkznFpdhsDYz9N7FQQPg&sai=AMfl-YQD9a0u-mIaEoHykixaAsjjpxVpj5wKiBy2zwEz_z-qhezQYwC3rXMyVDFEowCIbU_R61WaUNAqXmv-My0N6DXT3dPH5UlcE0w&sig=Cg0ArKJSzHEWp-H3m5a0EAE&cid=CAASF-RoJYJl7-vWdsxMJjG8i8tx5v0yOTOB&id=lidar2&mcvt=1000&p=144,200,424,1400&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210901&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2306227976&rs=2&met=mue&la=1&cr=0&osd=1&vs=4&eosm=0&rst=1630858413233&rpt=916&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 24ms
23ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210831&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

455188b0df04147dffa4a421ecb83d7665b61e2428e69000b9ff50164aa1ca16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 05 Sep 2021 16:13:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8475
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 16:13:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sun, 05 Sep 2021 16:13:35 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame F3AD 12 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.softpanorama.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: http://www.softpanorama.org/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Sun, 05 Sep 2021 15:29:53 GMT
expires: Mon, 05 Sep 2022 15:29:53 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2622
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9C25 783 B
535 B 16ms
15ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0cb0892f4faf73c09724ffbaf57ae90373821b734543e28706419506dc393168

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-44Q4XAQe9qdWzp9d0Et++A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.softpanorama.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=222=IIfE3-szNvrpIvYhCc8m0jdTkOePLpMDhwXI160ycaRuBNXmmxLgRRWo1bomcV2NoReSFFjdKrwX6GKFKNioftiY8tcOf_GD_HdQQCUcqyK8ZzABIOn1EsCbtZpfoq1o7xnQ9KlZ6Hs0DDsCUBzlPkc_nt-wxI39qoVcInbspeA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: http://www.softpanorama.org/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 05 Sep 2021 16:13:35 GMT
date: Sun, 05 Sep 2021 16:13:35 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-44Q4XAQe9qdWzp9d0Et++A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js Show response
pagead2.googlesyndication.com/bg/ Frame F3AD 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WyPn2IgoBqLw06x46K_q_eg8d-IpxicgJR-1ncxoZqI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b23e7d8882806a2f0d3ac78e8afeafde83c77e229c62720251fb59dcc6866a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 14:08:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7478
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13351
x-xss-protection: 0
last-modified: Mon, 30 Aug 2021 12:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 05 Sep 2022 14:08:57 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 95ms
94ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210831&jk=1110570093447730&bg=!l5SllNDNAAYJpm41CaY7ACkAdvg8Wvd2KP7tetT7l5k40uZGg0tBFebmhzTj2TTOptv27mnYwDNqMAIAAACBUgAAAA1oAQcKAJCtOVy-mdwZ9ju4NdhtfEcBxjzJ5hl4SiF2jfBMPB_FRO2_EIPwHl4Pspzy6WbzAnDF0VUSpBE0bZDj9xYClC4sOLWneMvvmMe6nb5g30tkk5o-od9BiyOCJhR2GI1yNbRck0EDaespEm16cemtqSkO9lgxyTLxQZkLItxWhnMr5z8uSMzWKvCEvIsIGck0dEqZAnZS8xRvmKdUAUBRhLc9qQ3rHhLuAQmQv5AqCLDjHHY0Aneb_xBnnWYVYMQRrfz1PoZsVgkYZmGyiRH4BhVr8WdUNOlRKsZ_9W1sAtHczJokCZehEQD2O3euMWYhwt589TjmvhhzWtVcXhAsBuCgn5bBxE61iSZmY5ln5CCnlhu8DVUW0XZO3-jJOUsPQdk4urunM9EMJtnkJWlbtmhisr38PDRUcA_vnbXl4aRgCA6nkdnvFd8_IDgN2N1Violf5X4VAcyQUeMtVLf22B9cwrcArDUQcEZyT-jnVDfuYa5j-vcKQMO4-ExJ1cwECmxksuIzU5_lk-uYk78wwRS54_nOY9wBcyBPcvngXow3I8VK0PSQ84AJc-TYgytEhMl9uLBEoQSmETfy86JGCG3W8xPZaV3Q_DTRldKYFkakt4TmP6DsYIejyUcOnf9J2ie2NGlD7Pj-1CkoklnP_zVyDbz2vngujYwpZeTPUTKSFNPcqUtQLHVFNT1YOgnP1DhnLGeVi3szpy5I9oezxgw0AjDQ7OhwhyQZfUM4eHdh-jbf_QWzNSK2l38BgEgfna354aUnjG2GSN1QLGE90Vf97ribQU59nCjxjJwV9huG2VEXil6TELFkIt7ZWf9FdOoBRr6Q1YXI_zHsEbUMAyKjVDPvz-TIErKqfMRs_xHwtHY_DrztFHkp9gq8p0w2U086oDMwgDn_gKiRk2q1HnUXQqM2Tvu3uIGFJuvDgKYSoJMYg5iMCHSuN938igPp36LYXOTpbwueW30NVeBUWTohmD6V0TC7tkKpRyoVgiSguWLDaxzWugmkYpRiq39RtI0jj6OCWtz8iyU
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.softpanorama.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EAC4 0
119 B 40ms
39ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=html5-mon&a0=layout&f0=layout&s0=0&d0=133.0000&a1=https&f1=layout_html&s1=0&d1=11.0000&a2=https%3A%2F%2Ftpc.googlesyndication.com%2Fsadbundle%2F%24csp%253Der3%24%2F9266851266358453199%2FFront_728x90_v2_modified%2FFront_728x90_v2%2Findex.html&f2=Custom_layout&s2=-1&d2=-1&i=538926507346&t=419&c=p&lp=%2Fsadbundle%2F%24csp%253Der3%24%2F9266851266358453199%2FFront_728x90_v2_modified%2FFront_728x90_v2%2Findex.html&gqi=rew0YYqLGNfH7_UP0dKeqAE&qqi=CNPZo4Od6PICFcPFuwgdfB0I0g

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Sep 2021 16:13:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_gid=CAESEAyCdPpByESJkufbHVQPF80&google_push=AYg5qPIROUBQSczLWOKQtwO9bf3yALGD5TXPa7jx0_GEn-S022qbrhafYj_1ibsi1bL0gX-JVSpSgigfxNxcqueuvZbHNlOlpNY&google_cver=1&google_tc=

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF2MUk8JtZETy7nWfnzR4cY&google_push=AYg5qPK2mKIW2qp7tutnxdE4JzK6KE_PgL9MDAoFo6GTgVCEqu84fRo78CJ9JHbDIeccOTFNBODpQ_KTPJz-3bdOfUjA-ZSrsFo&google_tc=

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YTTsrH7YyYtQOSQDkTn_EgAABJMAAAAB&google_cver=1&google_gid=CAESEF6dNk5mLOaYTF3Eo44yAp0&google_push=AYg5qPKDFlI-O795ZRDpSlNNcprYEZKQIgmKtP4Gjaq1PpEXMRrxHUElPwbd9Uu2PN6luPtFmA5RYZ2UCc3HwybNpPb_cRPYCAk&google_tc=

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com/	1970-01-19 22:27:22	Name: OGPC Value: 1151720448-1:
.google.com/	1970-01-25 20:05:16	Name: CONSENT Value: PENDING+020
.google.com/	1970-01-20 01:24:29	Name: NID Value: 222=IIfE3-szNvrpIvYhCc8m0jdTkOePLpMDhwXI160ycaRuBNXmmxLgRRWo1bomcV2NoReSFFjdKrwX6GKFKNioftiY8tcOf_GD_HdQQCUcqyK8ZzABIOn1EsCbtZpfoq1o7xnQ9KlZ6Hs0DDsCUBzlPkc_nt-wxI39qoVcInbspeA
.doubleclick.net/	1970-01-20 06:22:34	Name: IDE Value: AHWqTUkMnio2P0lDsCv8HbJTkRkFPDclN59wmhXSyC0FNyrEYxSvVzSq93yfcMQoOgE

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
adservice.google.com
adservice.google.de
ag.innovid.com
blog.emsisoft.com
blog.malwarebytes.com
blog.trendmicro.com
cdn.blog.malwarebytes.org
cm.g.doubleclick.net
cms.quantserve.com
coulee.tech
couleetechlink.com
d.agkn.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
id.rlcdn.com
image6.pubmatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.rubiconproject.com
robpickering.com
rtb.openx.net
sophosnews.files.wordpress.com
tpc.googlesyndication.com
windowssecrets.com
www.askwoody.com
www.coulee.tech
www.google.com
www.googletagservices.com
www.gstatic.com
www.paypalobjects.com
www.softpanorama.org
cm.g.doubleclick.net
104.111.231.15
104.20.207.62
130.211.198.3
142.250.186.130
142.250.186.98
151.101.14.133
167.71.243.126
184.170.146.10
185.64.190.78
192.0.72.27
192.64.119.107
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:802::2003
2a00:1450:4001:802::2004
2a00:1450:4001:80f::2002
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:813::200a
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:828::2003
2a00:1450:4001:829::2001
2a00:1450:4001:829::2003
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2002
2a04:4e42:600::775
2a05:d01c:1d8:8101:8678:af0d:fda8:5a84
35.186.253.211
35.244.174.68
52.18.11.109
52.35.104.127
52.59.79.213
69.173.144.165
74.208.236.152
79.137.69.120
94.31.29.96
0299ce766df424b69a25530d8afe7c2352cb6240c7510fe7be67d8cd53bd3467
038464eb913b8af9ea073596f161f7e3d7648a7f98d3b74135245192c5682698
0451b9afc78c95abccb051407ecaa06ea63716d135fabd7047620c468ad476e6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c1ce4dd3afaa97d8627ecebc2e255fe5c1b3c2038f6961a86d10f0381056cc7
0cb0892f4faf73c09724ffbaf57ae90373821b734543e28706419506dc393168
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5
14176f356319e0ae6968163c7d39f9c4acc4ac60110a214df3890beb36ceb38b
16585362dcad3ff0dfb0ce3808e006d220ed72577756d82c312f2113eb24fe92
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1acb4c63b698b2a2b731d34e52fb7f05aec576d4a9c216a02bcc820446786960
200c3bbff43c818766c26c75125ededd70fcd88a97b38db3e7ac1fb165772768
212bba10b0296385eea28246f09af63ca6f142b4f8884a420e06be7675b93cac
21d0d6d172e6d229ce8198ddb1890e7aad43945546da27798c19119e1336df24
2e4748a8a3f60fab0924964130bd63688a94a084bf5b403154e9d39edcef8dd1
2f7ce13ec1b5700535b33cd6b7e78323a4f6737152d95df209d33a871a5c01f2
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
331c8dbc087f677d4eca8035d19626c0662a712b95d0d78bbeba05b7c3bbe7dc
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
345c29f0f9be540b0f3bfe9e80ed8102250199dd71ac9322e2284e35ebd929f6
3abcc63d7119912197a429e4d80e21ee5019e1616f0406bd1090391c77b130e9
3c4b0b8d34b2baf58a54f7b96e09126edb5264b0eb2798d33e2ceb9562f85960
429a6497455fa05a4d250b9f4f683290e4b77cb7611dc948127d4de5ef44ef73
455188b0df04147dffa4a421ecb83d7665b61e2428e69000b9ff50164aa1ca16
47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5
48667dfe9c7056568317a0899b0e98fb79b44bc6b3266c0c55fac54d1369eeb5
4990716d62fc2affa4c73cdbcc0d573c98017261e72e36942aa702a5b2a96037
4d2b16263fbce949f06125bb273afa6069d242ce3ca077f8e8d9b573adb1f07e
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e9faf4a2194d387bfd620017cb0094db78d3d29a4d7b23361e064131fbc23a6
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
52205fda7bf40b4b5f40fb3ac1e44dcdcee4ef8bc11c1aa68c84bd8293289920
5469740595a44003b8884f40783d63ac3c9b57e1a00ad6f29c4fff55153717de
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55f051d54689dbc4f84551930f6a6eba3edafbf7727d627a803bd4d6bb9b3c0f
5b22508f97531135316ddf2bc95b0aeab015aedfa3d5aea5849aedbbddb44d41
5b23e7d8882806a2f0d3ac78e8afeafde83c77e229c62720251fb59dcc6866a2
5bcf1ba5031a47d84faf5815eac5570cfbd76734fa1cebf23ce2d33cabe9d1bb
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
5d6664b6727ad354121e39314012bdea5f33fa778c925075356c9f2cb9d396a1
5db2c6cfa229a270f142696b0be09b29566b3ac2265176a8d2a467044e38d590
5f095911e0aef1ae5ebba694da1de2b9f790cc5610319c9121d58fbc2ed08869
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
6bb706c8fdff0e9d887136c73669e65be179470ecf7d83c7b68674ee52c3075a
788fa194fe038d0363f4b0df4cde25a38d3db365208142f89fdf97a411afc642
822d50117042efa3a518bd3de93a7db2f3d1dc5a5d07bdd284ee52c33d818060
8524c7006487f6bf007d69a7935f8aa610d375eed28b0e290cdb64201ed939cb
8aa9a76e4d758785f2dd6c6f3010d95a7915f5ff77da647f29e949f6845560d7
8f9e3556749628840e188ef76b6b2391f515c52d7c9050899de820b96e8084ef
8fe8caef096c6690aba7954df80c1f08a6699d1849cc0122755d152b27248433
8ffe7f7d14a829cae1f0f152654eb50be84ecc4aafce1dc3010db1ee75065e7f
91e17e54c594f7a60193a595d27bf89b204317b923c2bfafc5be8b43535c8408
9782836c0bb5cd7d648bf1cfe42d5b58aefd2df7132baf86e39ae108b418743d
984f121c26aabc32904efa063bac24ac3e521798075eb60b05e6a484e9420810
99f9751c2939f5966e0b7d95df72db0e2064282034bf0c9a581239cbd6d8e7de
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5c7cc72a0ae78f518b02578a2be7f868dad24f4a50dc8d3b69f217449b7c60f
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a9fba6b582499fe4176b9d4e9ed2d4836833e51ed3307aae5ea745c3a87948fa
b41280ac279abd6b98a8ebe19aee488b52faa996b703390b124d043092571f29
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b8ed444af21607e85bb82a561eb07d176c54d2ff79c3d4f069f1c787356c9791
b93c09769e648f351cd315679b487d5c1a556cef36cfec77a92f5f96dff94252
bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c58f43214ce342d90c847c9a2a1472855a3be06143f9b4a1676f5dd0a93d4a27
c79142032f14e750467082596dcae9c4e6c9a89aebb3325c0d5f040d51767aa6
cb658d8af264091d320d32e952cb1756ea0145c2f6497b182a39e7ce4e466653
cc10b3f7638f5ce69fcbe938a7f811bef7988d0e051f8f27b332d80f565504c9
ce3c593d93d7aac931bd00a88f415f05ca0d4d03a44b51f228b2c1d107ba651e
d42551b36f344c14cbab00492d682f78ff716f25436e56f2ec19605017f49071
d4bf5fc456c0b3524fbc4a601e387619fa569b874190eaaa804f02ca2e4573ed
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d8f8cdb5aeedf4b9737a05e36cdff6236915390471280befa4ead41179bdd408
e1319eb84b7dd7423d4b2770ded81b757c3dca8993480d135a1c1ec54501f864
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ef63c6b2ce5729befed5b85e69866abb66b7aae0622d95e610142707e33527
ec61671bb0bfd1964f3b690f262dc86e4a7de540cffa74e922e6a4545ed74004
ee1c4cfd1b1818743cf6930452dee0e56aa4709359e06ded6052d1e7abb14474
ef10bc1207c919d55e8741265dc81772b0ddb86244a052b2f40b1dfaa2c617e5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f38b8c2336c96e72481aae984bb3af88e05e786b06e056c51f610ba93293d702
f725b9ab38e04e239e4c7392732554d1cd5d88a48995c5ea0b5ff009a0893561
fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549
fd94a9dd7cdf81a371a340dfbfdddb3b27e860e973bd5bcda13d28bee646fb04

www.softpanorama.org Open in urlscan Pro 184.170.146.10 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

171 Requests

89 %HTTPS

46 %IPv6

30 Domains

35 Subdomains

29 IPs

6 Countries

2682 kBTransfer

4454 kBSize

4 Cookies

189 Outgoing links

Redirected requests

171 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

www.softpanorama.org Open in urlscan Pro
184.170.146.10 Public Scan

Screenshot
Live screenshot

Full Image

171
Requests

89 %
HTTPS

46 %
IPv6

30
Domains

35
Subdomains

29
IPs

6
Countries

2682 kB
Transfer

4454 kB
Size

4
Cookies

171 HTTP transactions
5 data transactions