mediacyber.id Open in urlscan Pro
103.49.188.59  Public Scan

7 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 121

• https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPI7mnRbQjbZNr95_9ZqurJ1MtC5_MJOvMKbPr46pvz3-gPpIrn1CAkVw5WYenDWln6yKVnsxzL6NYsu4xKfJfLOxOa-VYNU&google_gid=CAESEJqKvjfpyWBLArpa7R1b6iQ&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVp6UFl3QUFBVXlLcVdhaA&google_push=AYg5qPI7mnRbQjbZNr95_9ZqurJ1MtC5_MJOvMKbPr46pvz3-gPpIrn1CAkVw5WYenDWln6yKVnsxzL6NYsu4xKfJfLOxOa-VYNU

Request Chain 123

• https://rtb.openx.net/sync/dds?google_gid=CAESECYuJaDbBCro8dYezgRE4xg&google_cver=1&google_push=AYg5qPLNmdK6o8tfJcahYa53A4r6opuaKYjYKL0Js598I6w52EozTkRBCyIPVZrmHV_BK3SOESRNfsxfBWAHyGmgyr8s7i9vzf5c HTTP 302
• https://rtb.openx.net/sync/dds?google_gid=CAESECYuJaDbBCro8dYezgRE4xg&google_cver=1&google_push=AYg5qPLNmdK6o8tfJcahYa53A4r6opuaKYjYKL0Js598I6w52EozTkRBCyIPVZrmHV_BK3SOESRNfsxfBWAHyGmgyr8s7i9vzf5c&ox_sc=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLNmdK6o8tfJcahYa53A4r6opuaKYjYKL0Js598I6w52EozTkRBCyIPVZrmHV_BK3SOESRNfsxfBWAHyGmgyr8s7i9vzf5c&google_hm=Mar68ROByygPQyO5EY8abA==

Request Chain 124

• https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGjxQc3rN6MbW_MVJHgOyqo&google_cver=1&google_push=AYg5qPKpp8AbGitKXW0Fs9V6ra4Z_Fqq0nV6dPmGlAzUPAygfIe-cp7fQrAD5Y3Uc3xv4-UwAXDfp-wV3zCYIUFh6caJR-A7R5Tl HTTP 302
• https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGjxQc3rN6MbW_MVJHgOyqo&google_cver=1&google_push=AYg5qPKpp8AbGitKXW0Fs9V6ra4Z_Fqq0nV6dPmGlAzUPAygfIe-cp7fQrAD5Y3Uc3xv4-UwAXDfp-wV3zCYIUFh6caJR-A7R5Tl&rdf=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKpp8AbGitKXW0Fs9V6ra4Z_Fqq0nV6dPmGlAzUPAygfIe-cp7fQrAD5Y3Uc3xv4-UwAXDfp-wV3zCYIUFh6caJR-A7R5Tl

Request Chain 125

• https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJKXh00ADCExagzoD-bqyK8&google_cver=1&google_push=AYg5qPJfoHJmMcgGaeFVbvmU4kemnjs2ahPe9Uaa_WyxcJOpg7iHA_bGr9YL-IdBPP2FhLEW8kfV-A9Rtg4mlPUZ6Aykwm-TscY HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcxWTUtMjgtRUIzUQ==&google_push=AYg5qPJfoHJmMcgGaeFVbvmU4kemnjs2ahPe9Uaa_WyxcJOpg7iHA_bGr9YL-IdBPP2FhLEW8kfV-A9Rtg4mlPUZ6Aykwm-TscY

Request Chain 126

• https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua- HTTP 302
• https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&s=184023&C=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1

Request Chain 128

• https://www.google.com/pagead/drt/ui HTTP 302
• https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 137

• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKxYjK2uffM-4BwIltBYPA&google_cver=1

Request Chain 138

• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
• https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZzPY3tyTaZ-2WbeD14QlgAA HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1

Request Chain 139

• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
• https://ib.adnxs.com/setuid?entity=101&code=CAESEA1YsEAOsqJk9hKH5HT-vKQ&google_cver=1 HTTP 307
• https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEA1YsEAOsqJk9hKH5HT-vKQ%26google_cver%3D1

Request Chain 140

• https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
• https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA5NDA5NTI1MjA4Mzk0OTkzMg%3D%3D

Request Chain 160

• https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELOvtiCHPcWOGjFY13TRcaU&google_cver=1&google_push=AYg5qPLGg5KP5jCPmKqC3EqkXIp8SGzksuj6TQLYweWXthNoFA8A5pthgRrc5RFJroInPQO7EZ29qqaW91cUOFxeV3xANadSWw HTTP 302
• https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPLGg5KP5jCPmKqC3EqkXIp8SGzksuj6TQLYweWXthNoFA8A5pthgRrc5RFJroInPQO7EZ29qqaW91cUOFxeV3xANadSWw&google_hm=WIE-dil3j-zEZZV005wK6Q

Request Chain 161

• https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPIS2x2oQdvD6YNxyqqduHYE9A6b-TJXZ4AtWRXx8KB6zL2w3__r484FtGuRJD7Ly2ZdRZZaknal0c6IAdq5XuGXxinX_Oc&google_gid=CAESENU1rLqH-5n1ekGGwRD_pDY&google_cver=1 HTTP 307
• https://id.rlcdn.com/1000.gif?memo=CK69HBoNCOOe84wGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBJUzJ4Mm9RZHZENllOeHlxcWR1SFlFOUE2Yi1USlhaNEF0V1JYeDhLQjZ6TDJ3M19fcjQ4NEZ0R3VSSkQ3THkyWmRSWlpha25hbDBjNklBZHE1WHVHWHhpblhfT2M HTTP 307
• https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwczJKSU1rUUpaZEJLWHNiTHRLZURxM0M5VU5OZVZ3OHNncGh5NXVIZTJVcw==&google_push

Request Chain 163

• https://rtb.openx.net/sync/dds?google_gid=CAESEGlZ5W_euZOPMu-t_PuEqOw&google_cver=1&google_push=AYg5qPLR8x9daFS2ZWvhKs-ggSJYoZbqmGmEteyYCt1Flc8JBau2lqxvYISwFoHplRO3o2uCYObXgyzsrnh1ytPmt5lnjgVXTlc HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLR8x9daFS2ZWvhKs-ggSJYoZbqmGmEteyYCt1Flc8JBau2lqxvYISwFoHplRO3o2uCYObXgyzsrnh1ytPmt5lnjgVXTlc&google_hm=Mar68ROByygPQyO5EY8abA==

Request Chain 164

• https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGXvY7pqc0APqU6LmI7F6Ms&google_cver=1&google_push=AYg5qPKIuyVillQaO2EJpRVAlzEtwcey1nOdWg3ov-fAMD09J_l1mS8Z9PrGjFVZLtVgFvSL4qWcIdGavc_0upgWLUFpwpcUfCM HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKIuyVillQaO2EJpRVAlzEtwcey1nOdWg3ov-fAMD09J_l1mS8Z9PrGjFVZLtVgFvSL4qWcIdGavc_0upgWLUFpwpcUfCM

Request Chain 165

• https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMqFrumB2e_BVzLo-Q3MHZU&google_cver=1&google_push=AYg5qPKrUgjzmv8zM9XHe_xnaYUw1VwUWb-aP9xi1BCvEwGz0_StX3Zxj54XoD2s6Xfc-l18MR8EmAbL37tnXAYd88PUiEIEBF0 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcyMTAtTy1CNDM=&google_push=AYg5qPKrUgjzmv8zM9XHe_xnaYUw1VwUWb-aP9xi1BCvEwGz0_StX3Zxj54XoD2s6Xfc-l18MR8EmAbL37tnXAYd88PUiEIEBF0

Request Chain 166

• https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1

Request Chain 172

• https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEG6Upos2TcJFOl_PKi9_gA&google_cver=1&google_push=AYg5qPK4mWQwiZpt_RNNTvD4kSUkCloaZy_24656wO-uO6sxjbeIX8tfUABgi-7o0sp_VnUMaDVEYhA7V3oTo0x7wUgdY1ozwpo HTTP 302
• https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPK4mWQwiZpt_RNNTvD4kSUkCloaZy_24656wO-uO6sxjbeIX8tfUABgi-7o0sp_VnUMaDVEYhA7V3oTo0x7wUgdY1ozwpo&google_hm=WIE-dil3j-zEZZV005wK6Q

Request Chain 173

• https://d.agkn.com/pixel/2175/?google_gid=CAESECBDJKLlvDPSLea7LO_mQR8&google_cver=1&google_push=AYg5qPK59ob0Ky9wWosiQCucWUzKCA5JTi3SpoeXU4wkEf5akgXOsWcLpXIA3PigrPHxFV6zLaVMpkYWeVsHGI3TkdqztoBL5zM HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPK59ob0Ky9wWosiQCucWUzKCA5JTi3SpoeXU4wkEf5akgXOsWcLpXIA3PigrPHxFV6zLaVMpkYWeVsHGI3TkdqztoBL5zM&google_hm=Q0FFU0VDQkRKS0xsdkRQU0xlYTdMT19tUVI4

Request Chain 175

• https://rtb.openx.net/sync/dds?google_gid=CAESEAnxbK5XyZ7Jex1Ci0oKCjI&google_cver=1&google_push=AYg5qPIALhBne0UcBxWaAxLXS95LQL7UyhkQSiGAPVXGLOo--PfK42y--g1gWeIgB3W7ZgJfKpDW_M5fSIUtWmu93AYWPWn77Vg HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIALhBne0UcBxWaAxLXS95LQL7UyhkQSiGAPVXGLOo--PfK42y--g1gWeIgB3W7ZgJfKpDW_M5fSIUtWmu93AYWPWn77Vg&google_hm=Mar68ROByygPQyO5EY8abA==

Request Chain 176

• https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENXpN6nX1DrC6mnDOlgBzdY&google_cver=1&google_push=AYg5qPI-3Na1JlyoDSYiPzyyCfJI8lHrHxeqm18Ml4SzcjqxKW0kdL8S6UlA6RFxUnpEq6LPoQW51hCeVyIFIpk11BT20KPRIZA HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI-3Na1JlyoDSYiPzyyCfJI8lHrHxeqm18Ml4SzcjqxKW0kdL8S6UlA6RFxUnpEq6LPoQW51hCeVyIFIpk11BT20KPRIZA

Request Chain 177

• https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIwOoMqNWbfvxxrI-yNfKi8&google_cver=1&google_push=AYg5qPJSy6pFQmlEaMErfzduGkSpaILpY-mQZU6wQ5D799J_H8jIaZUPWaDU5malqxUrtTJcOhP8FvQmm6XclP3tCdArtdST3PU HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcyMkUtMU8tNE9GNg==&google_push=AYg5qPJSy6pFQmlEaMErfzduGkSpaILpY-mQZU6wQ5D799J_H8jIaZUPWaDU5malqxUrtTJcOhP8FvQmm6XclP3tCdArtdST3PU

Request Chain 178

• https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI

Request Chain 181

• https://www.google.com/pagead/drt/ui HTTP 302
• https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 215

• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1

Request Chain 216

• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZzPY3tyTaZ-2WbeD14QlgAA HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1

Request Chain 217

• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
• https://ib.adnxs.com/setuid?entity=101&code=CAESEI25v9kUAJST-9uC0uW4IjA&google_cver=1

Request Chain 218

• https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA5NDA5NTI1MjA4Mzk0OTkzMg%3D%3D

Request Chain 230

• https://us-u.openx.net/w/1.0/pd?ph=bbb82fae-1d27-4d90-bb10-e24164ecd7bc&google_gid=CAESEAnxbK5XyZ7Jex1Ci0oKCjI&google_cver=1&google_push=AYg5qPLvxPBFovwbN3H2P0rOpG_03Z3Pcjs-TlGdKkXW_o3YhsgAECE8mSlirHi36THmmjq6ILQHrtrHVCF3x6eQeUdUQay4jkE HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
• https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGpS98nyiEschZrvpjEmqJU&google_cver=1

Request Chain 231

• https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENXpN6nX1DrC6mnDOlgBzdY&google_cver=1&google_push=AYg5qPLb3Rwgwg1tcpph8IddIAN7GLB9MHgGMdcxNPzFeLo-CaMgfydSS3U4z9V-8OBc1E7LABV1yIg_ep1IkBFMQj_bX135dwQ HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLb3Rwgwg1tcpph8IddIAN7GLB9MHgGMdcxNPzFeLo-CaMgfydSS3U4z9V-8OBc1E7LABV1yIg_ep1IkBFMQj_bX135dwQ

Request Chain 232

• https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIwOoMqNWbfvxxrI-yNfKi8&google_cver=1&google_push=AYg5qPJ4Jv-Yb-BCGeaicKrchaSsLHTy7GopHtI6veGM24VgVcofR4xvNd4YWbxPZP9gkOO7flEQlp9OMoUrdIf28f-X-_-bu-0 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcyTFMtMUItSldTNg==&google_push=AYg5qPJ4Jv-Yb-BCGeaicKrchaSsLHTy7GopHtI6veGM24VgVcofR4xvNd4YWbxPZP9gkOO7flEQlp9OMoUrdIf28f-X-_-bu-0

Request Chain 233

• https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI

Request Chain 259

• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1

Request Chain 260

• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZzPY3tyTaZ-2WbeD14QlgAA HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1

Request Chain 261

• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
• https://ib.adnxs.com/setuid?entity=101&code=CAESEI25v9kUAJST-9uC0uW4IjA&google_cver=1

Request Chain 262

• https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA5NDA5NTI1MjA4Mzk0OTkzMg%3D%3D

Request Chain 266

• https://fw.adsafeprotected.com/rfw/bgd/820761/57728794/xbbe/creative/adj?p=APEucNXYE4Kt7zvIpJD3n1MNN4v2Go2vwM0OH0_Aw3cc6aY-wlJfThg&d=CnkAoCZ_4E4egiCwd_PFb0MdRbw_OUVOc728WfkBcaMwuLBEV2y5HmW4c-rs8RPyiBLqVlSYC84P0lM42ByZMxBtvHEloVwsiD-x-hEYdWcWl83Z4FenSFADtxonNFyvA6urvjERoPtdQ46uzMyRVIsi5-n0lpRuJGUIEtkSAKAmf-B5Cba4i3rHtRyrPWh9oiSIiYU0BfzY7fbHIiNi1OVm0YtwbsJ08vPwpDv8mdmyzaM4JRgSFx-i94hN2hxVPFV05Wt18WV3m_uCsuMk8cGqtvNlJyyn3vkAC3n4gfOtIQgGKGia2XLn7V36uIDHefsNEk2CjCDmaQvc2CQSUK4vYLHUa4slJCUJEssdk5rGiCUFUgAfyF6yl9yncOM426ua8FGVawkbSu3XDWZZwMneZ7y6V0InkMwuDoS4wy0lwW02eLOnJwWpV7Iq9zMZCFolKfXflLoSdzHLsQ6SLETMISh3A8HePYN73BHUvHIEAL9GlFAST7XPrq__bbPhiy46Mt9od7qkfHkdbJrg80ySpTC2py5RVqRBM9Ettpma3UF24026_5UDwpAmJkmR7JNu27ewI3E2TBw_vZ4H_H9kp8zfngyWYTQ9rLdzRx_ZefaI9HY4BtEM5g9n67cvZmoR31g06soV4Tsi0JRl2FKNL5fN5wTRP4MmhE67onmdeKgHLmdgO-fqBeFRyum_jrH5g661kqpt-Oj7NpkJQAHwLuW4O1hOY1s8DFxsLNmtMQiROsMrSa5UVwY1iawhraLabLOLY2yK6Lrv_NMIb77LgPDd5uU5qGaWrGXxO0KqhyDfquXO6rwxB2kmK09QNRhUkuqA4lLwZkFfRqZ1WLQ4RQDXAL-zhmLODwT2htv0sNsUDmA42Twe4PEC97uNQgoEWWr9xe1d2RhFTCpPTBz-lRU4pzZh5QYAiW6-FyK79Pl9GBjVhP4z6S-k37d0a8F3Wz8PryTZ7G6zT-vxmvR2oBymHQgJd_lh1OF5du8EhlYY9eZYgwki5YdslEw1LHIxrOVGus600MhquMozzzGj3wYx01LeVrb7Zo5XcuC3mjUU4v45Z9L4kdquGSmUd26CHHZRxi7WKdDsjyfcvkz1AYc1SfPb1r203j9wNlOdbLKHz2eX8wwcpfG3k2GycnLMxRlg2Z42PfX1ckS5kDdEfVPmB4ceE-cQHYexk1Pk6jNH1bvquVO4Xhj8Els57sunHdO3-TnDUeF3nenKqKrrtnSfoz3OALzaGTseQ7633cqt5CawCz6v_Pkg6ibCfh8YPFjOZBcQ43jLbLkd4qk1tilccF80r9zU0bjfV7Sw_bDRDIGVYZe2-zKan3iHinVvrB2G3zrwoPFQ70aUhiHL4zAI02apJePQ4-OSxXi0XFc_B-65ilDifVyozsETc-9OAkeQ-O9FKAM5rTsqlZ5NfhiRsCssUF-SzeIa4KrtaznQzzKxVzjAi3FJMBj7IP3gvVwlD3ckvAKnNr54WwUoqyo_Rjoc0HS14UiiMrOg6nVwhPqUUrg_Mxb8BaA0O6bdZxX2iGm6t2rD1V2yMS7vnOBfQoJVa8gGiegCd5v2g1v4fg3D6_2xa-pE7Y1C8VfIB4q0HpHvDxi6IIWZdQ8u7oqD1foUg2_3iG34Xl5GbKGa8mkKYZH2qM0wgVx5PS6TzBmwHYSOdwxh7-4LGvd4jiIcgQR7ro9l1HJiWPESADxKApnIZZNVF0ADg-mPUoeNAIWZfYFq3GalMQ4In5ua7mVUDA4_0hPRO8m2Uu7JvNbUVnScxi4KDsbpV0Sm6XMrYzNzZ9z4sTdwZmoBUJCmJ-E82XXxfLXMTeYaGIZ98oaxYmvc3_3C0vHPG1LWDmoSawrfdsS3b5pVGAUc1CvbD5j5AyIrTneWp0_RXs5dBr_iM905s5giPThMCOxmga6ry-ORztIPGvdqcwU8xkcleFOMrBDr_HwG497DfZxPpmVVb6p0b5H4P7nKN41ojF6qUYJRK2sUDyWrYGtP28XkNPL-5poTWy9Ibrj-drKIlXwzGcwJyXLdUPB2RFhzoDSuuKK9KErEK5XBBNB8BXe27I6toZKxpAFlZsN4bq9BFoZnJSKPekGCKcxyhg0CJ3sNx-gw7VoDO3xcesw7XPYW9qU-jVetN99ijyf7hX2NDSajUfM29TV4R1swZs_zF5h316kPib9yeDNQWQ8pmTG2mUDs5j7VVnOCG4SMBQUDJjUe-JPhnwAjlxhUybTe4p61in86kFFUrB46KDtngIoMzSegP3ogiBi85GZwdbhmzntzKJQrZnnp_lrjvtbKBDLd_NNqaAcLfRHbas-SS08NJuY6YbpTC6ZD65HdulvU6zM3xXeP46TBTBQyYxHHk-HDzxAOeuw_-CuMgC_EZr2zjGO7ABGX-mT9AVRHpzQ9zDASM2jxIoyVTqm8COEdBlukIsUJynlKZQlDsft7T1sJkhtKu95FkcNPa_Ihx9AJNlZO7O9fxx3qW4FUNl-bGiy9JSDCaCT5bXP_574MVMuzsszM8lnR2LmSAi6L20cqfMZazbztKxyY-UBklMtbWWM5ndZJd-8wpbRMfaJ2dWGgFkU4FYugRLcyvPdxzRFW8xj8c_08L_Qsksn5Ap3HcBkXRXaMvmM2f1Povjga14X8r_cfi5XNpVucwkYrqvpYV7H3n4JNX_bYQVcVanymE__cCPCmTpx4N0AtJUG3OEeuTEBWT-5qIhiCqq-0adiE5MJQQbvEDTSgXoFzdq1gX1GoXgP04nPsBY4pB7rEkbgEZvksyKA-vGF_lWgouRNesBd9yrYXpJNzRyyQlSzXtNVnLsi-TYAdrAZWHh5uzkRxMmdbkxctIEZW8T8D4mq-JDFeayd6OKvweoyFm25bz_8QY6qtLpW-yrJoDnT9uUlg-lUUvYIw609cQ6ybVUORhMWk5HMWl-bCiRu4gT7Og93Ykyer0lMZT5mYDaY1co2B7uiAPg8nFymNMGV1mRAoRe89ub1ElUQYj6_b29_RnBAdbZJkgtTDRspB_9gKSU9bU_6uMFkffIuDQKtbG7a8W_vcmb6ISHHwPe1NfLcS27IZa2_3eVsL-EUqjR36xcn6iD89TPYhmJDpeHd02gO5o8Zc6wXCswTQVtSF3mXDDTVufP3bGeTbDQcK8B2JPbeJ87vh2BB0OCZezy_2Myexby6Nc3CNncUy_JE1qsqqSNDc1zh0qa_6zFN5sOS3JOo4-Omk7zb_iObbXWG7kKnDLc41Kg8PGdiVFWBH0kcjBl-tji6WkfUQrVA18D1c-WMDOs0y4hUl0AdXVoEI2guDOt8KruLgZeS3ROiMYuZGcP7vbGRm4fm2Oczj9KtC5YUlZQKw2EEaFggAEhLkaCplKaOXfKuFv5DsL1pZKbBgAQ&adsafe_url=https%3A%2F%2Fmediacyber.id%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7307355418381929%26output%3Dhtml%26h%3D90%26slotname%3D4937810024%26adk%3D457726996%26adf%3D1183505835%26pi%3Dt.ma~as.4937810024%26w%3D728%26lmt%3D1637666659%26psa%3D1%26format%3D728x90%26url%3Dhttps%253A%252F%252Fmediacyber.id%252Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%252F%26flash%3D0%26host%3Dca-host-pub-2644536267352236%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.%26dt%3D1637666659882%26bpp%3D1%26bdt%3D4667%26idt%3D1%26shv%3Dr20211111%26mjsv%3Dm202111110101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253De5f47813f0b7e9b0-221f8b45f6cb00ed%253AT%253D1637666658%253ART%253D1637666658%253AS%253DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA%26prev_fmts%3D0x0%252C696x280%252C696x280%252C535x280%252C1600x1200%252C1005x124%26nras%3D6%26correlator%3D7181080420003%26frm%3D20%26pv%3D1%26ga_vid%3D628370486.1637666658%26ga_sid%3D1637666658%26ga_hid%3D1121670426%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D606%26ady%3D56%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31062938%26oid%3D2%26psts%3DAGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%252CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%252CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%252CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA%26pvsid%3D1351388657282890%26pem%3D434%26tmod%3D419901012%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CaE%257C%26abl%3DCA%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D8%26uci%3Da!8%26fsb%3D1%26xpc%3DkzR4ntWDHD%26p%3Dhttps%253A%2F%2Fmediacyber.id%26dtd%3D4&adsafe_type=d&adsafe_jsinfo=,id:cfd5a702-8e25-c70c-b2c9-199e2b8d9ebb,c:uMXD9W,sl:outOfView,em:true,fr:false,thd:1,mn:app09ie,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:forwrd1,nbld:0,mtim:3,fm:sPAmpIv+11%7C12%7C13%7C141%7C142%7C143%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C1641%7C1711%7C181%7C19*.820761-57728794%7C191%7C1921%7C1a11%7C1a12%7C1a13%7C1a141%7C1b,idMap:19*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:18,oid:e751d60c-4c4f-11ec-a1e5-0ae761671616,v:19.8.270,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
• https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNXYE4Kt7zvIpJD3n1MNN4v2Go2vwM0OH0_Aw3cc6aY-wlJfThg&d=CnkAoCZ_4E4egiCwd_PFb0MdRbw_OUVOc728WfkBcaMwuLBEV2y5HmW4c-rs8RPyiBLqVlSYC84P0lM42ByZMxBtvHEloVwsiD-x-hEYdWcWl83Z4FenSFADtxonNFyvA6urvjERoPtdQ46uzMyRVIsi5-n0lpRuJGUIEtkSAKAmf-B5Cba4i3rHtRyrPWh9oiSIiYU0BfzY7fbHIiNi1OVm0YtwbsJ08vPwpDv8mdmyzaM4JRgSFx-i94hN2hxVPFV05Wt18WV3m_uCsuMk8cGqtvNlJyyn3vkAC3n4gfOtIQgGKGia2XLn7V36uIDHefsNEk2CjCDmaQvc2CQSUK4vYLHUa4slJCUJEssdk5rGiCUFUgAfyF6yl9yncOM426ua8FGVawkbSu3XDWZZwMneZ7y6V0InkMwuDoS4wy0lwW02eLOnJwWpV7Iq9zMZCFolKfXflLoSdzHLsQ6SLETMISh3A8HePYN73BHUvHIEAL9GlFAST7XPrq__bbPhiy46Mt9od7qkfHkdbJrg80ySpTC2py5RVqRBM9Ettpma3UF24026_5UDwpAmJkmR7JNu27ewI3E2TBw_vZ4H_H9kp8zfngyWYTQ9rLdzRx_ZefaI9HY4BtEM5g9n67cvZmoR31g06soV4Tsi0JRl2FKNL5fN5wTRP4MmhE67onmdeKgHLmdgO-fqBeFRyum_jrH5g661kqpt-Oj7NpkJQAHwLuW4O1hOY1s8DFxsLNmtMQiROsMrSa5UVwY1iawhraLabLOLY2yK6Lrv_NMIb77LgPDd5uU5qGaWrGXxO0KqhyDfquXO6rwxB2kmK09QNRhUkuqA4lLwZkFfRqZ1WLQ4RQDXAL-zhmLODwT2htv0sNsUDmA42Twe4PEC97uNQgoEWWr9xe1d2RhFTCpPTBz-lRU4pzZh5QYAiW6-FyK79Pl9GBjVhP4z6S-k37d0a8F3Wz8PryTZ7G6zT-vxmvR2oBymHQgJd_lh1OF5du8EhlYY9eZYgwki5YdslEw1LHIxrOVGus600MhquMozzzGj3wYx01LeVrb7Zo5XcuC3mjUU4v45Z9L4kdquGSmUd26CHHZRxi7WKdDsjyfcvkz1AYc1SfPb1r203j9wNlOdbLKHz2eX8wwcpfG3k2GycnLMxRlg2Z42PfX1ckS5kDdEfVPmB4ceE-cQHYexk1Pk6jNH1bvquVO4Xhj8Els57sunHdO3-TnDUeF3nenKqKrrtnSfoz3OALzaGTseQ7633cqt5CawCz6v_Pkg6ibCfh8YPFjOZBcQ43jLbLkd4qk1tilccF80r9zU0bjfV7Sw_bDRDIGVYZe2-zKan3iHinVvrB2G3zrwoPFQ70aUhiHL4zAI02apJePQ4-OSxXi0XFc_B-65ilDifVyozsETc-9OAkeQ-O9FKAM5rTsqlZ5NfhiRsCssUF-SzeIa4KrtaznQzzKxVzjAi3FJMBj7IP3gvVwlD3ckvAKnNr54WwUoqyo_Rjoc0HS14UiiMrOg6nVwhPqUUrg_Mxb8BaA0O6bdZxX2iGm6t2rD1V2yMS7vnOBfQoJVa8gGiegCd5v2g1v4fg3D6_2xa-pE7Y1C8VfIB4q0HpHvDxi6IIWZdQ8u7oqD1foUg2_3iG34Xl5GbKGa8mkKYZH2qM0wgVx5PS6TzBmwHYSOdwxh7-4LGvd4jiIcgQR7ro9l1HJiWPESADxKApnIZZNVF0ADg-mPUoeNAIWZfYFq3GalMQ4In5ua7mVUDA4_0hPRO8m2Uu7JvNbUVnScxi4KDsbpV0Sm6XMrYzNzZ9z4sTdwZmoBUJCmJ-E82XXxfLXMTeYaGIZ98oaxYmvc3_3C0vHPG1LWDmoSawrfdsS3b5pVGAUc1CvbD5j5AyIrTneWp0_RXs5dBr_iM905s5giPThMCOxmga6ry-ORztIPGvdqcwU8xkcleFOMrBDr_HwG497DfZxPpmVVb6p0b5H4P7nKN41ojF6qUYJRK2sUDyWrYGtP28XkNPL-5poTWy9Ibrj-drKIlXwzGcwJyXLdUPB2RFhzoDSuuKK9KErEK5XBBNB8BXe27I6toZKxpAFlZsN4bq9BFoZnJSKPekGCKcxyhg0CJ3sNx-gw7VoDO3xcesw7XPYW9qU-jVetN99ijyf7hX2NDSajUfM29TV4R1swZs_zF5h316kPib9yeDNQWQ8pmTG2mUDs5j7VVnOCG4SMBQUDJjUe-JPhnwAjlxhUybTe4p61in86kFFUrB46KDtngIoMzSegP3ogiBi85GZwdbhmzntzKJQrZnnp_lrjvtbKBDLd_NNqaAcLfRHbas-SS08NJuY6YbpTC6ZD65HdulvU6zM3xXeP46TBTBQyYxHHk-HDzxAOeuw_-CuMgC_EZr2zjGO7ABGX-mT9AVRHpzQ9zDASM2jxIoyVTqm8COEdBlukIsUJynlKZQlDsft7T1sJkhtKu95FkcNPa_Ihx9AJNlZO7O9fxx3qW4FUNl-bGiy9JSDCaCT5bXP_574MVMuzsszM8lnR2LmSAi6L20cqfMZazbztKxyY-UBklMtbWWM5ndZJd-8wpbRMfaJ2dWGgFkU4FYugRLcyvPdxzRFW8xj8c_08L_Qsksn5Ap3HcBkXRXaMvmM2f1Povjga14X8r_cfi5XNpVucwkYrqvpYV7H3n4JNX_bYQVcVanymE__cCPCmTpx4N0AtJUG3OEeuTEBWT-5qIhiCqq-0adiE5MJQQbvEDTSgXoFzdq1gX1GoXgP04nPsBY4pB7rEkbgEZvksyKA-vGF_lWgouRNesBd9yrYXpJNzRyyQlSzXtNVnLsi-TYAdrAZWHh5uzkRxMmdbkxctIEZW8T8D4mq-JDFeayd6OKvweoyFm25bz_8QY6qtLpW-yrJoDnT9uUlg-lUUvYIw609cQ6ybVUORhMWk5HMWl-bCiRu4gT7Og93Ykyer0lMZT5mYDaY1co2B7uiAPg8nFymNMGV1mRAoRe89ub1ElUQYj6_b29_RnBAdbZJkgtTDRspB_9gKSU9bU_6uMFkffIuDQKtbG7a8W_vcmb6ISHHwPe1NfLcS27IZa2_3eVsL-EUqjR36xcn6iD89TPYhmJDpeHd02gO5o8Zc6wXCswTQVtSF3mXDDTVufP3bGeTbDQcK8B2JPbeJ87vh2BB0OCZezy_2Myexby6Nc3CNncUy_JE1qsqqSNDc1zh0qa_6zFN5sOS3JOo4-Omk7zb_iObbXWG7kKnDLc41Kg8PGdiVFWBH0kcjBl-tji6WkfUQrVA18D1c-WMDOs0y4hUl0AdXVoEI2guDOt8KruLgZeS3ROiMYuZGcP7vbGRm4fm2Oczj9KtC5YUlZQKw2EEaFggAEhLkaCplKaOXfKuFv5DsL1pZKbBgAQ

Request Chain 280

• https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEG6Upos2TcJFOl_PKi9_gA&google_cver=1&google_push=AYg5qPKwLy04UHfKOfrDPt3YaJSw1u08eaBQemxGm-tBYcVUqJbCcJ3ZMQB9h-JpPL5zhm919pmf__JkLBCyLJVyBU041qnqEAG7 HTTP 302
• https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKwLy04UHfKOfrDPt3YaJSw1u08eaBQemxGm-tBYcVUqJbCcJ3ZMQB9h-JpPL5zhm919pmf__JkLBCyLJVyBU041qnqEAG7&google_hm=WIE-dil3j-zEZZV005wK6Q

Request Chain 281

• https://d.agkn.com/pixel/2175/?google_gid=CAESECBDJKLlvDPSLea7LO_mQR8&google_cver=1&google_push=AYg5qPISzIVQJjp7YxaOv2tgxsTR7PaNsV-4ByFkhx4igVnnxr-glHQa04bX3S_ocwnQPlt-74op0sllWTvIjLRLh0tezabN-3Fv HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPISzIVQJjp7YxaOv2tgxsTR7PaNsV-4ByFkhx4igVnnxr-glHQa04bX3S_ocwnQPlt-74op0sllWTvIjLRLh0tezabN-3Fv&google_hm=Q0FFU0VDQkRKS0xsdkRQU0xlYTdMT19tUVI4

Request Chain 284

• https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENXpN6nX1DrC6mnDOlgBzdY&google_cver=1&google_push=AYg5qPKIsfyRZQTxV61TNdbgMqzLWZxZJRuT25LUqM0GF2nCnd28DyvoC3VowQmcxhsmXR5OqpKVs3Hdzc0BkPkyJdEcpll3cHxT HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKIsfyRZQTxV61TNdbgMqzLWZxZJRuT25LUqM0GF2nCnd28DyvoC3VowQmcxhsmXR5OqpKVs3Hdzc0BkPkyJdEcpll3cHxT

Request Chain 285

• https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1

Request Chain 286

• https://ag.innovid.com/trk?tid=11711&google_gid=CAESENod3C7X6o3nwGwCl63srVg&google_cver=1&google_push=AYg5qPKurOdiv-hUPXoA09VqG4DPlV5BSWpeOA1qljuAPgOXF5bXocPJW829TyZ5witC3nvGYGhsAJ5dvLaEniq_YAA-eiDyk54 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPKurOdiv-hUPXoA09VqG4DPlV5BSWpeOA1qljuAPgOXF5bXocPJW829TyZ5witC3nvGYGhsAJ5dvLaEniq_YAA-eiDyk54&google_hm=Blw9gadxQTOAiGljI0xPcA

301 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
9 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/	150 KB 151 KB	3896ms 2721ms	Document text/html	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash a648ed94c29d498e28f2db768b8a03779ceb35c07a98e1821e762b57f460d00d Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server nginx/1.21.4 Date Tue, 23 Nov 2021 11:24:13 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive X-Pingback https://mediacyber.id/xmlrpc.php X-LiteSpeed-Tag 764_HTTP.200 Link <https://mediacyber.id/wp-json/>; rel="https://api.w.org/", <https://mediacyber.id/wp-json/wp/v2/posts/10408>; rel="alternate"; type="application/json", <https://wp.me/pcs5cV-2HS>; rel=shortlink
GET H2	200	style.min.css c0.wp.com/c/5.8.2/wp-includes/css/dist/block-library/	79 KB 10 KB	25ms 7ms	Stylesheet text/css	192.0.77.37 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://c0.wp.com/c/5.8.2/wp-includes/css/dist/block-library/style.min.css Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 2 date Tue, 23 Nov 2021 11:24:15 GMT content-encoding br last-modified Wed, 01 Sep 2021 04:05:58 GMT server nginx vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css access-control-allow-origin * cache-control max-age=31536000 strict-transport-security max-age=15552000 timing-allow-origin * expires Wed, 23 Nov 2022 11:24:15 GMT
GET H2	200	mediaelementplayer-legacy.min.css c0.wp.com/c/5.8.2/wp-includes/js/mediaelement/	11 KB 2 KB	25ms 7ms	Stylesheet text/css	192.0.77.37 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://c0.wp.com/c/5.8.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646 Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 2 date Tue, 23 Nov 2021 11:24:15 GMT content-encoding br last-modified Tue, 29 Sep 2020 15:53:06 GMT server nginx vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css access-control-allow-origin * cache-control max-age=31536000 strict-transport-security max-age=15552000 timing-allow-origin * expires Wed, 23 Nov 2022 11:24:15 GMT
GET H2	200	wp-mediaelement.min.css c0.wp.com/c/5.8.2/wp-includes/js/mediaelement/	4 KB 1 KB	25ms 8ms	Stylesheet text/css	192.0.77.37 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://c0.wp.com/c/5.8.2/wp-includes/js/mediaelement/wp-mediaelement.min.css Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 2 date Tue, 23 Nov 2021 11:24:15 GMT content-encoding br last-modified Fri, 07 Jun 2019 20:45:02 GMT server nginx vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css access-control-allow-origin * cache-control max-age=31536000 strict-transport-security max-age=15552000 timing-allow-origin * expires Wed, 23 Nov 2022 11:24:15 GMT
GET H/1.1	200 OK	wp-automatic.css mediacyber.id/wp-content/plugins/wp-automatic/css/	3 KB 3 KB	539ms 179ms	Stylesheet text/css	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/plugins/wp-automatic/css/wp-automatic.css?ver=1.0.0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash 9d105532b10ffe64f4dd076d7dbb8784e3abfe6d1ec8fc26cfe13ec5684a408d Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:13 GMT Last-Modified Fri, 21 Sep 2018 09:06:42 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 2713 Content-Type text/css
GET H/1.1	200 OK	style.css mediacyber.id/wp-content/plugins/td-newsletter/	6 KB 6 KB	541ms 179ms	Stylesheet text/css	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/plugins/td-newsletter/style.css?ver=11.3.1 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash 4f9568d3aef0133feef6736a0be7a2bad332429d685a584e1c5b85e5a7fd60c9 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:13 GMT Last-Modified Thu, 14 Oct 2021 10:26:48 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 5831 Content-Type text/css
GET H/1.1	200 OK	style.css mediacyber.id/wp-content/plugins/td-composer/td-multi-purpose/	36 KB 37 KB	719ms 355ms	Stylesheet text/css	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/plugins/td-composer/td-multi-purpose/style.css?ver=810534ce963cec6bd2e7978db2c935c9 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash d227e31ec93027f2b903fe5011b6ef0d67fd1fd8e0105843a2f56626e74f4322 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:13 GMT Last-Modified Thu, 14 Oct 2021 10:24:44 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 37284 Content-Type text/css
GET H2	200	css fonts.googleapis.com/	15 KB 1 KB	44ms 16ms	Stylesheet text/css	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=11.3.1 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash a7cb333c1d23b4d034bc1f3cc7240773550ca144c57a4e6f706698a5bbd0747d Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 23 Nov 2021 10:49:01 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 23 Nov 2021 11:24:15 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 23 Nov 2021 11:24:15 GMT
GET H/1.1	200 OK	front.min.css mediacyber.id/wp-content/plugins/cookie-notice/css/	5 KB 6 KB	544ms 180ms	Stylesheet text/css	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/plugins/cookie-notice/css/front.min.css?ver=5.8.2 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash 8c21cdf7be2219908a953d92fba153dcc7175f7ee238856bd9954da18b0e05dd Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:13 GMT Last-Modified Tue, 05 Oct 2021 03:33:19 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 5480 Content-Type text/css
GET H/1.1	200 OK	style.css mediacyber.id/wp-content/themes/Newspaper/	146 KB 146 KB	724ms 358ms	Stylesheet text/css	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/themes/Newspaper/style.css?ver=11.3.1 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash 617885a3b0466844835e70fe3210c2ddeeff7f2d81706e366b5fa74ade330a14 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:14 GMT Last-Modified Thu, 14 Oct 2021 08:27:28 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 149061 Content-Type text/css
GET H/1.1	200 OK	td_legacy_main.css mediacyber.id/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/	155 KB 155 KB	688ms 180ms	Stylesheet text/css	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=810534ce963cec6bd2e7978db2c935c9 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash bf77065b0e4b52c6ee71566850b3e6a1ecdfd6331427c5063a1116e347b85203 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:14 GMT Last-Modified Thu, 14 Oct 2021 10:24:42 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 158679 Content-Type text/css
GET H/1.1	200 OK	td_standard_pack_main.css mediacyber.id/wp-content/plugins/td-standard-pack/Newspaper/assets/css/	715 KB 715 KB	894ms 355ms	Stylesheet text/css	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/plugins/td-standard-pack/Newspaper/assets/css/td_standard_pack_main.css?ver=79f8a1d02f05c15c98a62e68cd419e0b Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash 7a89d23287ae3c749a356c76da7ef88c34d0ed018c049701b05304c3f6601ab7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:14 GMT Last-Modified Thu, 14 Oct 2021 10:27:02 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 732364 Content-Type text/css
GET H2	200	jetpack.css c0.wp.com/p/jetpack/10.3/css/	85 KB 16 KB	24ms 8ms	Stylesheet text/css	192.0.77.37 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://c0.wp.com/p/jetpack/10.3/css/jetpack.css Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 41b60d2262cffca90f6cd644983a2d813336dc959558bdd6ae54b35ef06dd9fb Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 2 date Tue, 23 Nov 2021 11:24:15 GMT content-encoding br last-modified Tue, 28 Sep 2021 19:34:54 GMT server nginx vary Accept-Encoding access-control-allow-methods GET, HEAD content-type text/css access-control-allow-origin * cache-control max-age=31536000 strict-transport-security max-age=15552000 timing-allow-origin * expires Wed, 23 Nov 2022 11:24:15 GMT
GET H2	200	related-posts.min.js Show response c0.wp.com/p/jetpack/10.3/_inc/build/related-posts/	6 KB 2 KB	24ms 8ms	Script application/javascript	192.0.77.37 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://c0.wp.com/p/jetpack/10.3/_inc/build/related-posts/related-posts.min.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 2256c9e5605323f852f232fd6819a02cf2cac3e04c84299e19efe83037fd8cda Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 2 date Tue, 23 Nov 2021 11:24:15 GMT content-encoding br last-modified Tue, 05 Oct 2021 16:47:49 GMT server nginx vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 strict-transport-security max-age=15552000 timing-allow-origin * expires Wed, 23 Nov 2022 11:24:15 GMT
GET H2	200	jquery.min.js Show response c0.wp.com/c/5.8.2/wp-includes/js/jquery/	87 KB 30 KB	24ms 8ms	Script application/javascript	192.0.77.37 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://c0.wp.com/c/5.8.2/wp-includes/js/jquery/jquery.min.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 2 date Tue, 23 Nov 2021 11:24:15 GMT content-encoding br last-modified Wed, 10 Mar 2021 15:07:24 GMT server nginx vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 strict-transport-security max-age=15552000 timing-allow-origin * expires Wed, 23 Nov 2022 11:24:15 GMT
GET H2	200	jquery-migrate.min.js Show response c0.wp.com/c/5.8.2/wp-includes/js/jquery/	11 KB 4 KB	24ms 8ms	Script application/javascript	192.0.77.37 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://c0.wp.com/c/5.8.2/wp-includes/js/jquery/jquery-migrate.min.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 2 date Tue, 23 Nov 2021 11:24:15 GMT content-encoding br last-modified Wed, 18 Nov 2020 09:06:06 GMT server nginx vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 strict-transport-security max-age=15552000 timing-allow-origin * expires Wed, 23 Nov 2022 11:24:15 GMT
GET H/1.1	200 OK	main-front.js Show response mediacyber.id/wp-content/plugins/wp-automatic/js/	1017 B 1 KB	719ms 179ms	Script application/javascript	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/plugins/wp-automatic/js/main-front.js?ver=5.8.2 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash d503937452e40c21fce10346b29287ad23b221a372547f248da87ca5efb55767 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:14 GMT Last-Modified Thu, 09 Jan 2020 06:09:46 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 1017 Content-Type application/javascript
GET H/1.1	200 OK	front.min.js Show response mediacyber.id/wp-content/plugins/cookie-notice/js/	8 KB 8 KB	179ms 179ms	Script application/javascript	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.1.5 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash 53c088f65c77c6b7af2804face3e267d4c1bf148177798a30fa3a15aa693c36f Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:16 GMT Last-Modified Tue, 05 Oct 2021 03:33:20 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 8371 Content-Type application/javascript
GET H2	200	js Show response www.googletagmanager.com/gtag/	90 KB 36 KB	59ms 35ms	Script application/javascript	2a00:1450:4001:829::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-60148533-4 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash a43a19a07629ea09bc393d7278034714c7472d8761da564d8e414e0b4e6eace5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:18 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 36151 x-xss-protection 0 last-modified Tue, 23 Nov 2021 09:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 23 Nov 2021 11:24:18 GMT
GET H2	200	adsbygoogle.js Show response pagead2.googlesyndication.com/pagead/js/	143 KB 51 KB	56ms 30ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7307355418381929 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash bfdfd94e3ee497b7aaa250e5646874cf8fd888319bf3d24f0c82bb7dfcf8c148 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://mediacyber.id/ Origin https://mediacyber.id Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:15 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 51181 x-xss-protection 0 server cafe etag 7235334350061431499 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=3600 timing-allow-origin * expires Tue, 23 Nov 2021 11:24:15 GMT
GET H/1.1	200 OK	wp-emoji-release.min.js Show response mediacyber.id/wp-includes/js/	18 KB 18 KB	182ms 181ms	Script application/javascript	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-includes/js/wp-emoji-release.min.js?ver=5.8.2 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:16 GMT Last-Modified Sat, 18 Sep 2021 07:34:58 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 18181 Content-Type application/javascript
GET H/1.1	200 OK	logo-mediacyber-web-300x102.png mediacyber.id/wp-content/uploads/2020/09/	7 KB 7 KB	358ms 356ms	Image image/png	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Show image Full URL https://mediacyber.id/wp-content/uploads/2020/09/logo-mediacyber-web-300x102.png Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash 6209237f1d67867d7059cb7cf68b6a472148abdce6f465d362ba22ba00f022bc Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:16 GMT Last-Modified Sun, 24 Oct 2021 17:56:51 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 7319 Content-Type image/png
GET H3	200	adsbygoogle.js Show response pagead2.googlesyndication.com/pagead/js/	143 KB 50 KB	67ms 51ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 640ab50c867d23797a1e4cce23121a9dfcc12fe05ec8c40f85db2a71bfc21f21 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:18 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 51205 x-xss-protection 0 server cafe etag 5870320952416701248 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Tue, 23 Nov 2021 11:24:18 GMT
GET H2	200	Emotet-map.jpg i0.wp.com/mediacyber.id/wp-content/uploads/2021/01/	14 KB 14 KB	85ms 61ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/mediacyber.id/wp-content/uploads/2021/01/Emotet-map.jpg?resize=696%2C348&ssl=1 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i0.wp.com Software nginx / Resource Hash 08a2081137e3d70ca13aa8cdf0099a64ca42de1e9c2fe97c825435cb11c12bff Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc MISS hhn 2 date Tue, 23 Nov 2021 11:24:18 GMT x-content-type-options nosniff last-modified Tue, 23 Nov 2021 11:24:18 GMT server nginx etag "1b250a7ca820c632" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://mediacyber.id/wp-content/uploads/2021/01/Emotet-map.jpg>; rel="canonical" content-length 14260 expires Thu, 23 Nov 2023 23:24:18 GMT
GET H2	200	logo-mediacyber-square.png i0.wp.com/mediacyber.id/wp-content/uploads/2020/09/	1 KB 2 KB	31ms 7ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/mediacyber.id/wp-content/uploads/2020/09/logo-mediacyber-square.png?fit=96%2C96&ssl=1 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i0.wp.com Software nginx / Resource Hash 9f7cd62356d4bf4585c4e1df4e6c26ba1b6bb8922670f952655b81c77e85bf5b Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 1 date Tue, 23 Nov 2021 11:24:18 GMT x-content-type-options nosniff last-modified Tue, 23 Nov 2021 08:44:45 GMT server nginx etag "7b82d5191b6daed2" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://mediacyber.id/wp-content/uploads/2020/09/logo-mediacyber-square.png>; rel="canonical" content-length 1374 expires Thu, 23 Nov 2023 20:44:45 GMT
GET H/1.1	200 OK	logo-mediacyber-web-snall-stick.png mediacyber.id/wp-content/uploads/2020/09/	3 KB 4 KB	182ms 180ms	Image image/png	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Show image Full URL https://mediacyber.id/wp-content/uploads/2020/09/logo-mediacyber-web-snall-stick.png Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash 8370700527ff5e209a0c966ce745625e28b787da5f25880d0a3d3ec11878219d Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:16 GMT Last-Modified Thu, 03 Sep 2020 08:22:56 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 3394 Content-Type image/png
GET H2	200	photon.min.js Show response c0.wp.com/p/jetpack/10.3/_inc/build/photon/	758 B 471 B	7ms 7ms	Script application/javascript	192.0.77.37 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://c0.wp.com/p/jetpack/10.3/_inc/build/photon/photon.min.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 2 date Tue, 23 Nov 2021 11:24:16 GMT content-encoding br last-modified Tue, 31 Mar 2020 17:26:38 GMT server nginx vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 strict-transport-security max-age=15552000 timing-allow-origin * expires Wed, 23 Nov 2022 11:24:16 GMT
GET H2	200	underscore.min.js Show response c0.wp.com/c/5.8.2/wp-includes/js/	19 KB 7 KB	7ms 7ms	Script application/javascript	192.0.77.37 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://c0.wp.com/c/5.8.2/wp-includes/js/underscore.min.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32 Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 2 date Tue, 23 Nov 2021 11:24:16 GMT content-encoding br last-modified Thu, 27 May 2021 19:33:19 GMT server nginx vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 strict-transport-security max-age=15552000 timing-allow-origin * expires Wed, 23 Nov 2022 11:24:16 GMT
GET H/1.1	200 OK	tdsLeads.js Show response mediacyber.id/wp-content/plugins/td-subscription/assets/js/frontend/	5 KB 5 KB	179ms 179ms	Script application/javascript	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/plugins/td-subscription/assets/js/frontend/tdsLeads.js?ver=18da952bde8fab1875ba66b9c5072e53 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash 0dca9aebd44a0d703986efe180554294687479465a34250979df778be1597350 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:14 GMT Last-Modified Thu, 29 Jul 2021 09:12:56 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 5045 Content-Type application/javascript
GET H/1.1	200 OK	js_posts_autoload.min.js Show response mediacyber.id/wp-content/plugins/td-cloud-library/assets/js/	5 KB 5 KB	208ms 208ms	Script application/javascript	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/plugins/td-cloud-library/assets/js/js_posts_autoload.min.js?ver=2713a088559ff26084e8003394764364 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash 1cb5dcdb11eda07425f9584041552e161f7ff7395cf52d201e023dcd869157f2 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:14 GMT Last-Modified Sun, 24 Oct 2021 17:11:07 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 5280 Content-Type application/javascript
GET H/1.1	200 OK	tagdiv_theme.min.js Show response mediacyber.id/wp-content/plugins/td-composer/legacy/Newspaper/js/	258 KB 258 KB	222ms 222ms	Script application/javascript	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?ver=11.3.1 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash a5442291e1c921abc633723ad82232f8388cde8206a5e27148d5904b08c7462b Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:15 GMT Last-Modified Thu, 14 Oct 2021 10:24:44 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 263832 Content-Type application/javascript
GET H2	200	comment-reply.min.js Show response c0.wp.com/c/5.8.2/wp-includes/js/	3 KB 1 KB	7ms 7ms	Script application/javascript	192.0.77.37 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://c0.wp.com/c/5.8.2/wp-includes/js/comment-reply.min.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103 Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 2 date Tue, 23 Nov 2021 11:24:17 GMT content-encoding br last-modified Thu, 18 Mar 2021 17:48:23 GMT server nginx vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 strict-transport-security max-age=15552000 timing-allow-origin * expires Wed, 23 Nov 2022 11:24:17 GMT
GET H/1.1	200 OK	js_files_for_front.min.js Show response mediacyber.id/wp-content/plugins/td-cloud-library/assets/js/	37 KB 37 KB	180ms 180ms	Script application/javascript	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/plugins/td-cloud-library/assets/js/js_files_for_front.min.js?ver=2713a088559ff26084e8003394764364 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash bedcc92fa96a1549eec70158c56437af620ad5562b61b64bbf86dfc8bb30dec5 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:15 GMT Last-Modified Sun, 24 Oct 2021 17:11:07 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 37582 Content-Type application/javascript
GET H2	200	wp-embed.min.js Show response c0.wp.com/c/5.8.2/wp-includes/js/	1 KB 719 B	7ms 7ms	Script application/javascript	192.0.77.37 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://c0.wp.com/c/5.8.2/wp-includes/js/wp-embed.min.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS wordpress.com Software nginx / Resource Hash 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991 Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 2 date Tue, 23 Nov 2021 11:24:17 GMT content-encoding br last-modified Wed, 06 Jan 2021 15:29:24 GMT server nginx vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 strict-transport-security max-age=15552000 timing-allow-origin * expires Wed, 23 Nov 2022 11:24:17 GMT
GET H/1.1	200 OK	image.js Show response mediacyber.id/wp-content/plugins/featured-image-from-url/includes/html/js/	2 KB 2 KB	179ms 179ms	Script application/javascript	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=3.7.8 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash caacfc6a3602fe9a189a4bd15792c4bed2fce634c04716f515e6c07cda07315a Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:16 GMT Last-Modified Wed, 27 Oct 2021 08:15:29 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 2271 Content-Type application/javascript
GET H2	200	e-202147.js Show response stats.wp.com/	9 KB 3 KB	30ms 6ms	Script application/javascript	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Full URL https://stats.wp.com/e-202147.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn date Tue, 23 Nov 2021 11:24:18 GMT content-encoding br server nginx etag W/"5c6340e3-350a" vary Accept-Encoding access-control-allow-methods GET, HEAD content-type application/javascript access-control-allow-origin * cache-control max-age=31536000 expires Sun, 13 Nov 2022 23:22:45 GMT
GET H3	200	show_ads_impl_with_ama_fy2019.js Show response pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/	270 KB 97 KB	51ms 35ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7307355418381929 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9f1d0ed98175acc23b76304bcb3a64f89db91852bc1fc4c37eaa1d9f0a44fc5c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:18 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 99573 x-xss-protection 0 server cafe etag 4826318592705062818 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600, stale-while-revalidate=3600 timing-allow-origin * expires Tue, 23 Nov 2021 11:24:18 GMT
GET H2	200	zrt_lookup.html Show response googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/ Frame 3C7C	11 KB 5 KB	31ms 7ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20211111/r20190131/zrt_lookup.html Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7307355418381929 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Tue, 23 Nov 2021 09:43:00 GMT expires Tue, 07 Dec 2021 09:43:00 GMT content-type text/html; charset=UTF-8 etag 16478831307880631077 x-content-type-options nosniff content-encoding gzip server cafe content-length 4883 x-xss-protection 0 age 6078 cache-control public, max-age=1209600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H/1.1	200 OK	newspaper.woff mediacyber.id/wp-content/themes/Newspaper/images/icons/	24 KB 24 KB	356ms 356ms	Font font/woff	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/wp-content/themes/Newspaper/images/icons/newspaper.woff?19 Requested by Host: mediacyber.id URL: https://mediacyber.id/wp-content/themes/Newspaper/style.css?ver=11.3.1 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash ea9ad8f6ace011a694d664482cc6ca0acc2dd86a8d6b684154327ec84c0c95fd Request headers Referer https://mediacyber.id/wp-content/themes/Newspaper/style.css?ver=11.3.1 Origin https://mediacyber.id Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:16 GMT Last-Modified Thu, 14 Oct 2021 08:27:28 GMT Server nginx/1.21.4 Connection keep-alive Accept-Ranges bytes Content-Length 24864 Content-Type font/woff
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.gstatic.com/s/opensans/v27/	44 KB 44 KB	46ms 8ms	Font font/woff2	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=11.3.1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://mediacyber.id Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 19 Nov 2021 13:52:02 GMT x-content-type-options nosniff age 336736 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 44656 x-xss-protection 0 last-modified Thu, 28 Oct 2021 00:30:43 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Sat, 19 Nov 2022 13:52:02 GMT
GET H2	200	KFOlCnqEu92Fr1MmWUlfBBc4.woff2 fonts.gstatic.com/s/roboto/v29/	15 KB 16 KB	41ms 14ms	Font font/woff2	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=11.3.1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://mediacyber.id Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Wed, 17 Nov 2021 17:56:19 GMT x-content-type-options nosniff age 494879 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15828 x-xss-protection 0 last-modified Wed, 22 Sep 2021 16:13:28 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Thu, 17 Nov 2022 17:56:19 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v29/	15 KB 15 KB	33ms 15ms	Font font/woff2	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=11.3.1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://mediacyber.id Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 19 Nov 2021 13:39:48 GMT x-content-type-options nosniff age 337470 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15688 x-xss-protection 0 last-modified Wed, 22 Sep 2021 16:13:19 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Sat, 19 Nov 2022 13:39:48 GMT
GET DATA	200 OK	truncated /	121 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a4b423bd3e84385d2bb624a55cddfaafe863235df9791628cb4fc0a9472d3f76 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET H3	200	KFOlCnqEu92Fr1MmEU9fBBc4.woff2 fonts.gstatic.com/s/roboto/v29/	16 KB 16 KB	23ms 7ms	Font font/woff2	2a00:1450:4001:808::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=11.3.1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://mediacyber.id Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 16 Nov 2021 14:02:00 GMT x-content-type-options nosniff age 595338 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15920 x-xss-protection 0 last-modified Wed, 22 Sep 2021 16:13:21 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 16 Nov 2022 14:02:00 GMT
GET H2	200	like.php Show response www.facebook.com/plugins/ Frame 56FA	0 3 KB	53ms 37ms	Document text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ Response headers content-type text/html;charset=utf-8 pragma no-cache cache-control private, no-cache, no-store, must-revalidate expires Sat, 01 Jan 2000 00:00:00 GMT content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups x-content-type-options nosniff x-xss-protection 0 x-fb-debug el6DThxg0otukBIQGiBsIUJFh4ocQv6eCFnH94SlfZoz1vfCC5D987bcpSCV9pq4+uFN/J0GE6ZqB/eXI/AeKw== content-length 0 date Tue, 23 Nov 2021 11:24:18 GMT priority u=3,i alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600
GET DATA	200 OK	truncated /	111 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7ae5b52b01b37efb4547c3493f75abf51dc034326bb6f1ff6fc97348065716ba Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	31ms 7ms	Script text/javascript	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-60148533-4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Tue, 02 Nov 2021 17:39:06 GMT server Golfe2 age 1391 date Tue, 23 Nov 2021 11:01:07 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Tue, 23 Nov 2021 13:01:07 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	163 KB 60 KB	53ms 38ms	Script application/javascript	2a00:1450:4001:829::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-WJM17ZNQST&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-60148533-4 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 5674dbd22a3bcded716082a89e55cd71f4c7fa7a80e0e9394120c2526c52a7ff Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:18 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 61786 x-xss-protection 0 expires Tue, 23 Nov 2021 11:24:18 GMT
GET DATA	200 OK	truncated /	101 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash c9a612722eed86936463bc8772a9d4509e0c24f22485221beaa583a60079fef2 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET H2	200	g.gif pixel.wp.com/	50 B 93 B	7ms 6ms	Image image/gif	192.0.76.3 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.wp.com/g.gif?v=ext&j=1%3A10.3&blog=184009237&post=10408&tz=7&srv=mediacyber.id&host=mediacyber.id&ref=&fcp=6839&rand=0.7901094376528919 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers access-control-allow-origin * date Tue, 23 Nov 2021 11:24:18 GMT cache-control no-cache server nginx content-length 50 content-type image/gif
GET H/1.1	200 OK	/ Show response mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/	3 KB 3 KB	3370ms 3369ms	XHR application/json	103.49.188.59 IDNIC-DESIBLE-AS-...
General Check archive.org Show headers Download Go to Full URL https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/?relatedposts=1 Requested by Host: c0.wp.com URL: https://c0.wp.com/p/jetpack/10.3/_inc/build/related-posts/related-posts.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 103.49.188.59 , Indonesia, ASN63867 (IDNIC-DESIBLE-AS-ID PT Tirta Karya Buana, ID), Reverse DNS srv1.cybermedia.co.id Software nginx/1.21.4 / Resource Hash 8083f8a4ce63c882122d761b1ed44c41a65d0b063dc5dafcf6dacaa21e38a64e Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ x-requested-with XMLHttpRequest Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:19 GMT X-Content-Type-Options nosniff Server nginx/1.21.4 X-Pingback https://mediacyber.id/xmlrpc.php Content-Type application/json; charset=utf-8 Transfer-Encoding chunked X-LiteSpeed-Tag 764_HTTP.200 Connection keep-alive
GET H2	200	cookie.js Show response partner.googleadservices.com/gampad/	203 B 639 B	42ms 15ms	Script text/javascript	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://partner.googleadservices.com/gampad/cookie.js?domain=mediacyber.id&callback=_gfp_s_&client=ca-pub-7307355418381929 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software cafe / Resource Hash d46657d671a389c83c89c39bfe8648e596358da295a7e3857e0152c4c22e75bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:18 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type text/javascript; charset=UTF-8 cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 194 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.de/adsid/	107 B 792 B	41ms 17ms	Script application/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=mediacyber.id Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:18 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H2	200	integrator.js Show response adservice.google.com/adsid/	107 B 549 B	40ms 16ms	Script application/javascript	2a00:1450:4001:808::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=mediacyber.id Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:18 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame 1B50	272 KB 65 KB	531ms 514ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&adk=1812271804&adf=3025194257&lmt=1637666658&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&ea=0&flash=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658031&bpp=22&bdt=2816&idt=248&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7181080420003&frm=20&pv=2&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=260 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash deb65a3368dd7fecbfd50785d4b9d0da4132fb2fe5b0c309f28bde24fc58a355 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding br date Tue, 23 Nov 2021 11:24:18 GMT server cafe content-length 66251 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Tue, 23 Nov 2021 11:24:18 GMT cache-control private
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 33 B	59ms 50ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug R3ZQmKsUdVrgcFq9Ard1eCKZIpGNHfo8dnCpTTsOqk+f/feXtANNsqdj1eCAL4YiZ/JO11ykmH3AaFWd0qSnxQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	50ms 41ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug YRA3nkgDy7RAxCUjDOfZQaY5T5UXY6ae5JiFirUqTvVpmBeQqtXRHl+TwiqVi3FzFDZV+KnZ0T0rm9NjpWezBw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	58ms 50ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug FTgOwDv5ArX63DaiGzQvr7RUfKmbMOgVRQ6B7Q1EPzqjgTTGupLwqS9QVjaN6ob1PnV36tFTOTsjznGnrUlj9w== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 38 B	46ms 39ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug wMyR+25YfjUBHQeN+PozOpsLJSRnnkJ9I0TY5KbyOW0vdAD4DqusiTg+In65ftwln49gl1FrxCvdrR73/kGOlA== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	57ms 50ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug 5EBbyG5Z++rcXLLVRq893FH9K83u+O2NsNdZpPXGIsKr+fWkfK79OA7T2Y/5ksx6lbNvCcRfltEH7J97j+wgIg== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	49ms 43ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug hPEOpHs5m2n+pxypSDPomjGTit9l8nAJEM5A12UQvJWDHOLwkJsU7mQ8zKrg6L68yjBDfnZ/zQzTRclPb4ONGQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	48ms 42ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug hn1QSLzWKgsSgCemlPDxRezXqePF2RNnrLCkLETlFAXiK4IU780nMvq8YV0PJMQzrPPuBgTXAi2d+uU/krxcHQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	54ms 50ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug W2tKpur+hEhLLp3EfvuYpvTbXXktR1Y7G/9TzaFt7yBJw7zO0Gb3HYKjZz6SBEepZP/wZiPG8+NPLiJ8IU9sHQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	54ms 50ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug 49u/8fvYRbZY/sZPa0eWXMQgFG4uuXAIlWZWiZ6XBqCZZlciWI6cI2tnCPs0OQIW1OEITWnW7gPKbpmBoXUX6Q== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	43ms 40ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug YR/uy02zNvWZfbBfs2ygzUoUsgut5aylNbs4AvsmwSwQvxEueZ+ThDOudD693CtRVloIVdLneL8x6IjTKVP9ew== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	54ms 52ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug lb00MmLFfFOypIj4dSyrk2IS9XeNCzCTPuPSzOrc0iTEpg01my3S348D4NGIHFGxu2DVyBb+7sQ+jKcWmpItxg== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	60ms 58ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug ZoHipLuKOwFt6YzkNtHVlXjVdBcotJnxlPRwrAD5aGyM3fyXuSx5xMfKyp78fKb/qhvqr3OEVpUqfYfoOa6dxA== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	40ms 39ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug H1wtVRisz9i6RYQ6sCjFOaAulgEAtM5PPm3p768S9hbEI36bUWtu0gvRB0ioMp56R9QycWjHUgU0h2vywWjVpA== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	63ms 63ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug wH47ZQoFF2CSAnBfvKE6N3zZrAlBPWN6a9r8RCU3XXfGtuMuiJGTlSmOePMnclFCYwMu82kTG/sRL+an1K8afA== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	60ms 59ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug jajhZpgP7S7G6aP1oTofOeSNlCDhsqoGPv1D8xyej07e0Q1M7shrAdsIGa23IxAFMqcDqhNBl5k9tDcIOSQssQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	60ms 59ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug zXDmxj5d4NbL5RIeNpyVEYHIB085Itv+/PnYVrTfvQjlkkykpyZKkK1eiSpyzbQnt1OhiXrQbTFidX/WqJAtLg== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	42ms 40ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug /YIdpsumoBvNUdhamL41lGT9ocb1TnfjezhzCVNdCsRxKTc9xUPjd5yyPxUwBAUewEYbMV+MyHxV9d3G7Y/Obw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	43ms 42ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug vH/TVmzmI7DxkFRtizbezHWpH/21f/1I61jdftTY+I7FQTBym2gJAoOH/wJlp7/mi9ZqYUOMNs7gn2fKHxgWjw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	41ms 41ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug /2vF7VCIgBAwAbabEOKysNhbqqmEXT9Sgs6U724/0yMNmcure7yuXiNWpH1JvnEdWmIrBmIgZZpxHHOW8+izCA== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	42ms 42ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug jmm/G95Ut0oTtBeNx2nZd7VbEgXw/sYhelafTw2kvc31IVaOHCApJ6Ja7BmJJJtuiZPnVBEGVcT7vtrLggh/zQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	/ www.facebook.com/csp/reporting/ Frame 56FA	0 30 B	43ms 42ms	Other text/html	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/csp/reporting/?minimize=0 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Referer https://www.facebook.com/plugins/like.php?href=https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/&layout=button_count&show_faces=false&width=105&action=like&colorscheme=light&height=21 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type application/csp-report Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 0 x-xss-protection 0 pragma no-cache x-fb-debug Ff8x211Y9dDZOUoleKy4SOB5VGH+vPvzf/McGW4y4Qr0xLz9O92FIFhvJhs8aq8X8wds+LF/oPatBufjWI77mA== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" expires Sat, 01 Jan 2000 00:00:00 GMT cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 23 Nov 2021 11:24:18 GMT strict-transport-security max-age=15552000; preload access-control-allow-methods OPTIONS content-type text/html; charset="utf-8" access-control-allow-origin https://www.facebook.com vary Origin cache-control private, no-cache, no-store, must-revalidate access-control-allow-credentials true x-fb-rlafr 0 priority u=3,i access-control-expose-headers X-FB-Debug, X-Loader-Length
POST H3	200	collect Show response www.google-analytics.com/j/	1 B 21 B	29ms 14ms	XHR text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1121670426&t=pageview&_s=1&dl=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&ul=en-us&de=UTF-8&dt=Comeback%20botnet%20emotet%20didalangi%20oleh%20geng%20Conti%20ransomware%20-%20Media%20Cyber&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YChACUABBAAAAC~&jid=268259567&gjid=1010081031&cid=628370486.1637666658&tid=UA-60148533-4&_gid=939857489.1637666658&_r=1&gtm=2ouba1&did=dZTNiMT&gdid=dZTNiMT&z=2122401118 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://mediacyber.id/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:18 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://mediacyber.id cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	collect www.google-analytics.com/g/	0 17 B	16ms 16ms	Ping text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/g/collect?v=2&tid=G-WJM17ZNQST&gtm=2oeba1&_p=1121670426&sr=1600x1200&gdid=dZTNiMT&ul=en-us&cid=628370486.1637666658&_s=1&dl=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&dt=Comeback%20botnet%20emotet%20didalangi%20oleh%20geng%20Conti%20ransomware%20-%20Media%20Cyber&sid=1637666658&sct=1&seg=0&en=page_view&_fv=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-WJM17ZNQST&l=dataLayer&cx=c Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://mediacyber.id/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:18 GMT server Golfe2 content-type text/plain access-control-allow-origin https://mediacyber.id cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	reactive_library_fy2019.js Show response pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/	147 KB 52 KB	38ms 37ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/reactive_library_fy2019.js Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 2708a6ac306263a79761648c5384e547e3800281e4d604062e90403817332347 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:18 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 53390 x-xss-protection 0 server cafe etag 13016123428690725189 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=1209600 timing-allow-origin * expires Tue, 23 Nov 2021 11:24:18 GMT
GET H3	200	integrator.js Show response adservice.google.de/adsid/	107 B 122 B	34ms 19ms	Script application/javascript	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=mediacyber.id Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:18 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	integrator.js Show response adservice.google.com/adsid/	107 B 122 B	32ms 17ms	Script application/javascript	2a00:1450:4001:808::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=mediacyber.id Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:18 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame C2A2	80 KB 31 KB	537ms 537ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9da7768e7307df4a16be6b20c69436d79c4f1a614ca8444d957140fe390242c2 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding br date Tue, 23 Nov 2021 11:24:19 GMT server cafe content-length 31982 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Tue, 23 Nov 2021 11:24:19 GMT cache-control private
GET H3	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame F6EF	80 KB 31 KB	642ms 642ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 978e5be91e9a73ee2fe674ab61528055f76d4ea00c171c6d49efd4471fe63dc0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding br date Tue, 23 Nov 2021 11:24:19 GMT server cafe content-length 31683 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Tue, 23 Nov 2021 11:24:19 GMT cache-control private
GET H3	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame B099	18 KB 10 KB	565ms 565ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 354a1e79ea3caf72d3743545503e14b426b26bff12b727987ef037e11aaad410 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding br date Tue, 23 Nov 2021 11:24:19 GMT server cafe content-length 9792 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Tue, 23 Nov 2021 11:24:19 GMT cache-control private
GET H3	200	integrator.js Show response adservice.google.de/adsid/	107 B 122 B	16ms 16ms	Script application/javascript	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=mediacyber.id Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:18 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	integrator.js Show response adservice.google.com/adsid/	107 B 122 B	17ms 17ms	Script application/javascript	2a00:1450:4001:808::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=mediacyber.id Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:18 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	zrt_lookup.html Show response googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/ Frame 49C0	11 KB 5 KB	7ms 7ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Mon, 22 Nov 2021 17:15:06 GMT expires Mon, 06 Dec 2021 17:15:06 GMT content-type text/html; charset=UTF-8 etag 16478831307880631077 x-content-type-options nosniff content-encoding gzip server cafe content-length 4883 x-xss-protection 0 age 65352 cache-control public, max-age=1209600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	zrt_lookup.html Show response googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/ Frame D808	11 KB 5 KB	8ms 7ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Mon, 22 Nov 2021 17:15:06 GMT expires Mon, 06 Dec 2021 17:15:06 GMT content-type text/html; charset=UTF-8 etag 16478831307880631077 x-content-type-options nosniff content-encoding gzip server cafe content-length 4883 x-xss-protection 0 age 65352 cache-control public, max-age=1209600 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	css2 fonts.googleapis.com/ Frame 49C0	4 KB 634 B	38ms 23ms	Stylesheet text/css	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 23 Nov 2021 10:01:35 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 23 Nov 2021 11:24:19 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 23 Nov 2021 11:24:19 GMT
GET H2	200	feedback_grey600_24dp.png www.gstatic.com/images/icons/material/system/2x/ Frame 49C0	205 B 744 B	31ms 7ms	Image image/png	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Sat, 20 Nov 2021 07:41:44 GMT x-content-type-options nosniff age 272555 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 205 x-xss-protection 0 last-modified Tue, 22 Oct 2019 18:15:00 GMT server sffe vary Origin report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type image/png cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Sun, 20 Nov 2022 07:41:44 GMT
GET H2	200	settings_grey600_24dp.png www.gstatic.com/images/icons/material/system/2x/ Frame 49C0	604 B 695 B	32ms 8ms	Image image/png	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 06:23:02 GMT x-content-type-options nosniff age 18077 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 604 x-xss-protection 0 last-modified Tue, 22 Oct 2019 18:15:00 GMT server sffe vary Origin report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type image/png cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Wed, 23 Nov 2022 06:23:02 GMT
GET H2	200	interstitial_ad_frame_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame 49C0	18 KB 8 KB	34ms 10ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/interstitial_ad_frame_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash db8deb30d5cecf873a6361b5410aed53a439e46072dcd6af4dc2481e44ea2a59 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:13:06 GMT content-encoding gzip x-content-type-options nosniff age 673 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 8141 x-xss-protection 0 server cafe etag 15959965552278146708 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:13:06 GMT
GET H3	200	css fonts.googleapis.com/ Frame D808	4 KB 619 B	26ms 15ms	Stylesheet text/css	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto%3A400%2C700 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 8aed12b8b95a1d49011f3e134dc8e71804a3576818d1d1334145aaa96d71aa5e Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 23 Nov 2021 10:03:23 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 23 Nov 2021 11:24:19 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 23 Nov 2021 11:24:19 GMT
GET H2	200	load_preloaded_resource_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame D808	1 KB 960 B	29ms 11ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/load_preloaded_resource_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:01:28 GMT content-encoding gzip x-content-type-options nosniff age 1371 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 853 x-xss-protection 0 server cafe etag 7170004918125193417 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:01:28 GMT
GET H3	200	adview googleads.g.doubleclick.net/pagead/ Frame D808	0 0	49ms 49ms	Fetch text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/adview?ai=CJeAhYs-cYdquFIvVtwe2jp6QAfLVpoBj1fn7rPoNyPDN7qsJEAEgvJvVY2CVgoCAuAegAdCk9PcDyAEJqQLnNHyHQ9myPqgDAcgDywSqBIkCT9AC6xXuQ7_JR2H6j725Abv2LZ6P5Z25gsibiDadLCQHux1-5LQxZ9NTIs-kHQUhaXEIsb1UPWUtiiMfk7IvDA2mtKNPf_KAOwC6kRhlpOUwrbVfpvN8ejHjAUCvmRzOYExfexnx1GocMharbloZMNr15gRec9C9S545LQPsUqmhAZY2SWqBK77hD_TYj5bF-u1-wdvy-mlb_h1t4haGcJiN4nA-XMeREJ9TKwMIs04YEHSw6BzWDNeGJZPb_Vtz5hc7Jj7H4wCWwX0Lmvrng3Id33-lgpmcE4ObMMf31FY77ABx-WAw8BWp-kEmkSIoTvfSFLIeGwIcZVq5n5ddKl2Bj_Ux9aTZB8AE4OOHl8sDkgUECAQYAZIFBAgFGASgBi6AB8ivyL4CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQjZdl0ggJCIDhgBAQARhfgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTczMDczNTU0MTgzODE5MjkYAA&sigh=lfwahJWTeF8&uach_m=[UACH]&template_id=484 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe date Tue, 23 Nov 2021 11:24:19 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control private cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Tue, 23 Nov 2021 11:24:19 GMT
GET H2	200	abg_lite_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame D808	19 KB 8 KB	23ms 6ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:21:38 GMT content-encoding gzip x-content-type-options nosniff age 161 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7840 x-xss-protection 0 server cafe etag 9525834815172239946 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:21:38 GMT
GET H2	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame D808	2 KB 1 KB	28ms 11ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:07:21 GMT content-encoding gzip x-content-type-options nosniff age 1018 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1332 x-xss-protection 0 server cafe etag 3351516697335751560 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:07:21 GMT
GET H2	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame D808	119 KB 37 KB	53ms 16ms	Script text/javascript	2a00:1450:4001:82f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:19 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37119 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1636547677202025" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 23 Nov 2021 11:24:19 GMT
GET H2	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame D808	15 KB 6 KB	25ms 8ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:19:55 GMT content-encoding gzip x-content-type-options nosniff age 264 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6415 x-xss-protection 0 server cafe etag 16810888504096353422 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:19:55 GMT
GET H2	200	163b3e9c260ab6fd774ac5b5c6fd1d76.js Show response www.gstatic.com/mysidia/ Frame D808	27 KB 11 KB	24ms 8ms	Script text/javascript	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/163b3e9c260ab6fd774ac5b5c6fd1d76.js?tag=mysidia_one_click_handler_one_afma_2019 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Thu, 18 Nov 2021 11:25:57 GMT content-encoding gzip x-content-type-options nosniff age 431902 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 11360 x-xss-protection 0 last-modified Tue, 16 Nov 2021 04:29:01 GMT server sffe cross-origin-opener-policy same-origin; report-to="mysidia" vary Accept-Encoding report-to {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]} content-type text/javascript cache-control public, max-age=7776000 accept-ranges bytes expires Wed, 16 Feb 2022 11:25:57 GMT
GET H2	200	6592766407814317453 tpc.googlesyndication.com/simgad/16923886890352353912/ Frame D808	40 KB 40 KB	26ms 12ms	Image image/jpeg	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/simgad/16923886890352353912/6592766407814317453 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1979f9e1f2aeeffb7803c5c3f7dcf4f9de54c8a39186dd92d7bf2eb5544076e8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 16 Nov 2021 23:22:16 GMT x-content-type-options nosniff age 561723 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 40733 x-xss-protection 0 last-modified Fri, 28 May 2021 07:03:29 GMT server sffe report-to {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]} content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="content-ads-owners" expires Wed, 16 Nov 2022 23:22:16 GMT
GET H3	200	css fonts.googleapis.com/ Frame C5F7	3 KB 579 B	16ms 16ms	Stylesheet text/css	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 23 Nov 2021 10:08:05 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 23 Nov 2021 11:24:19 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 23 Nov 2021 11:24:19 GMT
GET H3	200	load_preloaded_resource_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame C5F7	1 KB 880 B	27ms 10ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/load_preloaded_resource_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash b4a25f11fbb1e2b547eaf848472f9c048824e307a945f3a0417aac7b09d0456e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:01:28 GMT content-encoding gzip x-content-type-options nosniff age 1371 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 853 x-xss-protection 0 server cafe etag 7170004918125193417 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:01:28 GMT
GET H3	200	abg_lite_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame C5F7	19 KB 8 KB	25ms 8ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:21:38 GMT content-encoding gzip x-content-type-options nosniff age 161 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7840 x-xss-protection 0 server cafe etag 9525834815172239946 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:21:38 GMT
GET H3	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame C5F7	2 KB 1 KB	26ms 10ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:07:21 GMT content-encoding gzip x-content-type-options nosniff age 1018 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1332 x-xss-protection 0 server cafe etag 3351516697335751560 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:07:21 GMT
GET H2	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame C5F7	119 KB 36 KB	22ms 22ms	Script text/javascript	2a00:1450:4001:82f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:19 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37119 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1636547677202025" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 23 Nov 2021 11:24:19 GMT
GET H3	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame C5F7	15 KB 6 KB	24ms 8ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:19:55 GMT content-encoding gzip x-content-type-options nosniff age 264 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6415 x-xss-protection 0 server cafe etag 16810888504096353422 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:19:55 GMT
GET H3	200	163b3e9c260ab6fd774ac5b5c6fd1d76.js Show response www.gstatic.com/mysidia/ Frame C5F7	27 KB 11 KB	23ms 7ms	Script text/javascript	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/163b3e9c260ab6fd774ac5b5c6fd1d76.js?tag=mysidia_one_click_handler_one_afma_2019 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20211111/r20110914/zrt_lookup.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash de418fdfa1d02a219d049bb1cd8562182c4201c67f6b9d0e2f67f21a476e1096 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Thu, 18 Nov 2021 11:25:57 GMT content-encoding gzip x-content-type-options nosniff age 431902 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 11360 x-xss-protection 0 last-modified Tue, 16 Nov 2021 04:29:01 GMT server sffe cross-origin-opener-policy same-origin; report-to="mysidia" vary Accept-Encoding report-to {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]} content-type text/javascript cache-control public, max-age=7776000 accept-ranges bytes expires Wed, 16 Feb 2022 11:25:57 GMT
GET DATA	200 OK	truncated / Frame D808	212 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 10220fbd64bb0be038940a693477893015cdbbf8c750303a73830dd43a43168b Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET H3	200	lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response pagead2.googlesyndication.com/bg/ Frame 36AD	35 KB 13 KB	8ms 7ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:17:06 GMT content-encoding br x-content-type-options nosniff age 433 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13508 x-xss-protection 0 last-modified Mon, 08 Nov 2021 11:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 23 Nov 2022 11:17:06 GMT
GET H3	200	lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response pagead2.googlesyndication.com/bg/ Frame E860	35 KB 13 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:17:06 GMT content-encoding br x-content-type-options nosniff age 433 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13508 x-xss-protection 0 last-modified Mon, 08 Nov 2021 11:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 23 Nov 2022 11:17:06 GMT
GET H3	200	13206661468543097247 tpc.googlesyndication.com/daca_images/simgad/ Frame C2A2	223 KB 223 KB	9ms 9ms	Image image/png	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/daca_images/simgad/13206661468543097247 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6455e091b47b6f6341ca7cb29ab0d98583c1dbd86c221d51672b5260d12ecf0f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 22 Nov 2021 18:31:42 GMT x-content-type-options nosniff age 60757 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 228007 x-xss-protection 0 last-modified Wed, 15 Sep 2021 17:51:11 GMT server sffe report-to {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="content-ads-owners" expires Tue, 22 Nov 2022 18:31:42 GMT
GET H3	200	abg_lite_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame C2A2	19 KB 8 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:21:38 GMT content-encoding gzip x-content-type-options nosniff age 161 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7840 x-xss-protection 0 server cafe etag 9525834815172239946 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:21:38 GMT
GET H3	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame C2A2	2 KB 1 KB	12ms 11ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:07:21 GMT content-encoding gzip x-content-type-options nosniff age 1018 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1332 x-xss-protection 0 server cafe etag 3351516697335751560 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:07:21 GMT
GET H3	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame C2A2	119 KB 36 KB	48ms 33ms	Script text/javascript	2a00:1450:4001:82f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:19 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37119 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1636547677202025" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 23 Nov 2021 11:24:19 GMT
GET H3	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame C2A2	15 KB 6 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:19:55 GMT content-encoding gzip x-content-type-options nosniff age 264 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6415 x-xss-protection 0 server cafe etag 16810888504096353422 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:19:55 GMT
GET H2	204	l www.google.com/ads/measurement/ Frame C2A2	0 0	39ms 15ms	Image text/html	2a00:1450:4001:828::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ0Y4Kq7SHvROulvXpJs_jtRprKWbXDxVAU_FnZNu1U4RyofRz6XlFGLjPGPLmNbSTuz0l8_nQhYWFZq1N660PJpdzzhA Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers
GET H3	200	adview googleads.g.doubleclick.net/pagead/ Frame C2A2	0 0	54ms 53ms	Fetch text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/adview?ai=C8SPHYs-cYZ7sONCrzAaN4aKoA4mkgaJm88mkvZIO8ui0tfkBEAEgvJvVY2CVgoCAuAegAf-wpKMDyAECqQJyzsqkAXa2PqgDAcgDyQSqBI8CT9AE_SFOmZlcobd0miN2e7_7oftxcPg8YvNdavgXhMrhvn6zjw-E470i8sfPTwldfChX417TNSi1PjJXm8rcpF2iSWPkASFsp--T4L6HxDvhv_KmbbU9DAvkecUBS79p3T7kZIC_z0Xjzw5jRce42NqPvuxy9MHSlQnYp7Z389wdbbPPeDX-Wa7J2gN6-IXNeSnylz_BYWU-6I2TFTiXD7wwwr90m3al0ghw6oAz4et_px0U-SSes--l5BiCdNYpV-mK_iPFn5q8fsEC85aCVhx3nnPVE7ESY8SBdYrYtmyyEqXfKvr6MiKumXm8-MGZ3gjb0RwLpIwFhZC0cQJZfLNxFq9DiNtszvcmbGx_ysAE-pzPqdsBkgUECAQYAZIFBAgFGASgBgKAB73XhCyoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCi-THSCAkIgOGAEBABGF-ACgHICwHYEwzQFQGAFwGyFxwKGggAEhRwdWItNzMwNzM1NTQxODM4MTkyORgA&sigh=lgz0_4Q8ZUQ&uach_m=[UACH] Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe date Tue, 23 Nov 2021 11:24:19 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0
GET H3	200	one_click_handler_one_afma_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame C2A2	27 KB 11 KB	11ms 8ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/one_click_handler_one_afma_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 0072f2a89bd32697c990a647ce4577265131df2f7d089ecef8eb14d50abdfb36 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 02:53:02 GMT content-encoding gzip x-content-type-options nosniff age 30677 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 11327 x-xss-protection 0 server cafe etag 10656063359522146397 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 02:53:02 GMT
GET H3	200	s Show response googleads.g.doubleclick.net/pagead/drt/ Frame 6051	143 B 163 B	8ms 7ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Response headers content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip date Tue, 23 Nov 2021 10:58:25 GMT server cafe content-length 145 x-xss-protection 0 cache-control public, max-age=3600 age 1554 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	cookie_push_onload.html Show response pagead2.googlesyndication.com/pagead/s/ Frame A58E	1 KB 749 B	8ms 7ms	Document text/html	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Mon, 22 Nov 2021 13:26:12 GMT expires Tue, 23 Nov 2021 13:26:12 GMT content-type text/html; charset=UTF-8 etag 48472445140208031 x-content-type-options nosniff content-encoding gzip server cafe content-length 724 x-xss-protection 0 age 79087 cache-control public, max-age=86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	dpixel cms.quantserve.com/ Frame A58E	35 B 463 B	38ms 11ms	Image image/gif	2620:116:800d:21:5a23:9c4e:e774:96c1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEP4R7gL5MDNnGaFSnczVubk&google_cver=1&google_push=AYg5qPIXt-5wHGhf3JhA-HltF2pyCWQ3O7asEjSkKb9rUZyYqQsvy1B0ilY9KwTZxAKG8zgHxQvprJ52RtAkfopx9WTLWcKoMN1E Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8 Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT strict-transport-security max-age=86400 p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV" cache-control private, no-cache, no-store, proxy-revalidate content-type image/gif content-length 35 expires Fri, 04 Aug 1978 12:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame A58E Redirect Chain https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPI7mnRbQjbZNr95_9ZqurJ1MtC5_MJOvMKbPr4... https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVp6UFl3QUFBVXlLcVdhaA&google_push=AYg5qPI7mnRbQjbZNr95_9ZqurJ1MtC5_MJOvMKbPr46pvz3-gPpIrn1CAkVw5WYenDWln6yKVnsxzL6NYsu4xKfJfLOxOa-VYNU	170 B 188 B	20ms 18ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVp6UFl3QUFBVXlLcVdhaA&google_push=AYg5qPI7mnRbQjbZNr95_9ZqurJ1MtC5_MJOvMKbPr46pvz3-gPpIrn1CAkVw5WYenDWln6yKVnsxzL6NYsu4xKfJfLOxOa-VYNU Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Location https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVp6UFl3QUFBVXlLcVdhaA&google_push=AYg5qPI7mnRbQjbZNr95_9ZqurJ1MtC5_MJOvMKbPr46pvz3-gPpIrn1CAkVw5WYenDWln6yKVnsxzL6NYsu4xKfJfLOxOa-VYNU Date Tue, 23 Nov 2021 11:24:19 GMT Server Apache Connection keep-alive Content-Length 391 Content-Type text/html; charset=iso-8859-1
GET H2	200	sync odr.mookie1.com/t/v2/ Frame A58E	43 B 324 B	37ms 16ms	Image image/gif	34.98.67.61 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEMyNE-VFc9PTjpW0_WvjUT4&google_push=AYg5qPL7pTc71IZqWNvP_0G5fQonkg9Wmwr3FapMzApARFodssA5biVzoE49idwzsLaCTvwMRvjZDULvAwgW2lkQ6a9X5rUsBmno&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 61.67.98.34.bc.googleusercontent.com Software Apache / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT via 1.1 google server Apache p3p CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml" cache-control no-cache, no-store, must-revalidate content-type image/gif;charset=UTF-8 alt-svc clear content-length 43 x-application-context application expires Thu, 01 Jan 1970 00:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame A58E Redirect Chain https://rtb.openx.net/sync/dds?google_gid=CAESECYuJaDbBCro8dYezgRE4xg&google_cver=1&google_push=AYg5qPLNmdK6o8tfJcahYa53A4r6opuaKYjYKL0Js598I6w52EozTkRBCyIPVZrmHV_BK3SOESRNfsxfBWAHyGmgyr8s7i9vzf5c https://rtb.openx.net/sync/dds?google_gid=CAESECYuJaDbBCro8dYezgRE4xg&google_cver=1&google_push=AYg5qPLNmdK6o8tfJcahYa53A4r6opuaKYjYKL0Js598I6w52EozTkRBCyIPVZrmHV_BK3SOESRNfsxfBWAHyGmgyr8s7i9vzf5c&... https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLNmdK6o8tfJcahYa53A4r6opuaKYjYKL0Js598I6w52EozTkRBCyIPVZrmHV_BK3SOESRNfsxfBWAHyGmgyr8s7i9vzf5c&google_hm=Mar68ROByygPQyO5EY8abA==	170 B 188 B	17ms 17ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLNmdK6o8tfJcahYa53A4r6opuaKYjYKL0Js598I6w52EozTkRBCyIPVZrmHV_BK3SOESRNfsxfBWAHyGmgyr8s7i9vzf5c&google_hm=Mar68ROByygPQyO5EY8abA== Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 23 Nov 2021 11:24:18 GMT via 1.1 google server Cowboy access-control-allow-origin null vary Origin p3p CP="CUR ADM OUR NOR STA NID" location https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLNmdK6o8tfJcahYa53A4r6opuaKYjYKL0Js598I6w52EozTkRBCyIPVZrmHV_BK3SOESRNfsxfBWAHyGmgyr8s7i9vzf5c&google_hm=Mar68ROByygPQyO5EY8abA== access-control-expose-headers cache-control private, max-age=0, no-cache, must-revalidate access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-request-id nmdnp6iefii44fmoqj8ndibust9n3pha
GET H3	200	pixel cm.g.doubleclick.net/ Frame A58E Redirect Chain https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%... https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%... https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...	170 B 188 B	18ms 18ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKpp8AbGitKXW0Fs9V6ra4Z_Fqq0nV6dPmGlAzUPAygfIe-cp7fQrAD5Y3Uc3xv4-UwAXDfp-wV3zCYIUFh6caJR-A7R5Tl Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKpp8AbGitKXW0Fs9V6ra4Z_Fqq0nV6dPmGlAzUPAygfIe-cp7fQrAD5Y3Uc3xv4-UwAXDfp-wV3zCYIUFh6caJR-A7R5Tl date Tue, 23 Nov 2021 11:24:19 GMT p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" content-length 0 content-type text/html; charset=UTF-8
GET H3	200	pixel cm.g.doubleclick.net/ Frame A58E Redirect Chain https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJKXh00ADCExagzoD-bqyK8&google_cver=1&google_push=AYg5qPJfoHJmMcgGaeFVbvmU4kemnjs2ahPe9Uaa_WyxcJOpg7iHA_bGr9YL-IdBPP2FhLEW8kf... https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcxWTUtMjgtRUIzUQ==&google_push=AYg5qPJfoHJmMcgGaeFVbvmU4kemnjs2ahPe9Uaa_WyxcJOpg7iHA_bGr9YL-IdBPP2FhLEW8kfV-A9Rtg4mlPUZ6Aykwm-TscY	170 B 188 B	18ms 17ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcxWTUtMjgtRUIzUQ==&google_push=AYg5qPJfoHJmMcgGaeFVbvmU4kemnjs2ahPe9Uaa_WyxcJOpg7iHA_bGr9YL-IdBPP2FhLEW8kfV-A9Rtg4mlPUZ6Aykwm-TscY Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Location https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcxWTUtMjgtRUIzUQ==&google_push=AYg5qPJfoHJmMcgGaeFVbvmU4kemnjs2ahPe9Uaa_WyxcJOpg7iHA_bGr9YL-IdBPP2FhLEW8kfV-A9Rtg4mlPUZ6Aykwm-TscY Cache-Control no-cache,no-store,must-revalidate Content-Type text/html content-length 0 X-RPHost 6734403d2cb3625dc1fef1bbd4a17cf3 Expires 0
GET		pixel cm.g.doubleclick.net/ Frame A58E Redirect Chain https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1&googl... https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_push=AY... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTA...	0 0
GET H2	204	attr cm.g.doubleclick.net/pixel/ Frame A58E	0 232 B	40ms 16ms	Image text/html	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JlJDarMXl9ZMYvI3Kki_9BHI2fKB0FGOwwpaiHA0ol5qAr_OKYaiEEFf3plEvQD_eIhIWD Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 content-type text/html
GET H3	200	si Show response googleads.g.doubleclick.net/pagead/drt/ Frame 6051 Redirect Chain https://www.google.com/pagead/drt/ui https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA	0 16 B	72ms 71ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211 Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" content-type text/html; charset=UTF-8 x-content-type-options nosniff date Tue, 23 Nov 2021 11:24:19 GMT server cafe content-length 0 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Tue, 23 Nov 2021 11:24:19 GMT cache-control private Redirect headers location https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA cache-control private content-type text/html; charset=UTF-8 x-content-type-options nosniff date Tue, 23 Nov 2021 11:24:19 GMT server cafe content-length 0 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	gen_204 pagead2.googlesyndication.com/pagead/ Frame B099	42 B 63 B	41ms 40ms	Image image/gif	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DssUm9RdZWxUFXkiUgp9B7ODMjecbcjDvkqlKiZWjdvJ-P-AIZO6NSbb-tS_W2MkSK_ecxGkIOLnd8HMDlaxFY8ZhaTUGECzFlCo4q01qcbFkZ_aQ Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame B099	2 KB 1 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:07:21 GMT content-encoding gzip x-content-type-options nosniff age 1018 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1332 x-xss-protection 0 server cafe etag 3351516697335751560 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:07:21 GMT
GET H3	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame B099	119 KB 36 KB	19ms 18ms	Script text/javascript	2a00:1450:4001:82f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:19 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37119 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1636547677202025" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 23 Nov 2021 11:24:19 GMT
GET H3	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame B099	15 KB 6 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:19:55 GMT content-encoding gzip x-content-type-options nosniff age 264 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6415 x-xss-protection 0 server cafe etag 16810888504096353422 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:19:55 GMT
GET H3	204	l www.google.com/ads/measurement/ Frame B099	0 0	32ms 16ms	Image text/html	2a00:1450:4001:828::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/measurement/l?ebcid=ALh7CaQeEwsuIrStj2Udwj5JH5PqJ38ypM44zbh5nnfG_2faNja0IdeJMccNLn8JWz3CCsC7tjzCye9kCuu2VslEAkC_scciwQ Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers
GET H3	200	pixel Show response googleads.g.doubleclick.net/xbbe/ Frame EB05	624 B 297 B	18ms 18ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHz9QIQ8aSt-QEYm7LVoAEwAQ&v=APEucNWuNgEicptnjV1bh-KOZSDMFTQn5hqrGFf6CpvsULe6n5360X4UrqwPmeWUlrMcjGE9d_G_tq5t6jtlaCAJcuXOOLIbFmaDdxviFQrDKypGB1wskVnq-1fBTgGrZHmx65AGx5yY6uWjORaV0MFzXKaoeVKFrq4mhwNWpqPD5pplZUfCZyE Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip date Tue, 23 Nov 2021 11:24:19 GMT server cafe cache-control private content-length 276 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	ad Show response googleads.g.doubleclick.net/dbm/ Frame B099	71 KB 30 KB	42ms 41ms	Script text/javascript	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DYOnT7qJBWf6ipRXRi8JgERVomh3pjwMDoMjmv98Cwe-xzqDFajI9uCWr-WEnGBJqEnkj1z_gmGSPKptEFQM6sjLDCW8JdvAltJmiNDseoVQ7HMUqA2VTAwf0P_9cZRXTRaFkMLQTe4WcmqMwWBBNouWJBY24C8rj6qrFEWNUWZc4PPkx9dIvrEsiG3Y8x-g2M9OJg&cry=1&dbm_d=AKAmf-AzOgs3ht0EfTEHidTeB0AMndSVhHDEXvvtI2W8Bzwi6-XwUwueRqgEsq1WoQ8K6lQ2BXDhtZWK9p4qQyGmcej5jbP7ZZFz8PpSOWYZL87WLw0CsVxbylO9tPas8t1QaKIKjN99cE8qRyHR2QTpFncvuPXbemupsR_Jgm8RRsF-u21-OqqnNlt56FzsegzkRxFFBBPq_tDp9VIHa2wEhe5G9dRzHJJS0X63sGkpxLofd-4qnS3gZSu-gDuVmcisxj9JDVozTVDPcW9x2P0WWCwzBbcUtRTgr0hgPNJGbh4OionYaHVLldcu5-01vfVBpVDXciL9uoJ8fr6hsh7x16sSHoVuV_qp3kcafT7Sse1V0eSO4d4ebIDUIrjZNQKJ-5__V4RGquR7q6kXk-4bOrUkHzGWTEv9xKpjOz-GfGyf_WPaPCzU04JzEpIW3QZiYrT8E1M-kA-epCRImKxYpVU9jxkj3NESxlnFI63NF-6FvwQSFBpUOaXA8c3S91TNmOg-EO7Wh_ccqmgnu7hBEVIGLlwnz0MWrfQTnHXo5aTjNW2mkDqnxCarAO20HYgZIAWBP2lVfrVAqtkEADOroeskH98Xy0ulwTAFaNpI_SgrxLROvlvlL13Whve8cXn06YwJsNJ6gV5pgTs7qiWVn-n1A0Lb4FJp-A4WXs9e1FTh2QN_DDNDYg4DZbJtyf8c4eDAvX0FHrkuM72rVFeyiiH221o-mapn5LQ6GSFQgscyTSYbjrNDzAfPw5yzO3Icx_dU3_3qftt6YO1dyKhx5ExamR6PZaQ0FyfcplmLCCPWUeSzPl-TDbZKvRvHyh09SfjH45pIYRjd2QPOHfq1wGzD8wWp0iP-2c6Pi7FCwtgieBrvBIdh8UElnKiVJlKR3x_z49o-GOjV7kXgm2L9JT7rNtNQeguAp4NlrmQGDjHGowB5P735UKK-P_tCPHKBKOp917R9ai088yy88C53iGr9dpQqPlDLvPtTuTJ7CZMdDU6ItoWpcDSwx-9jQ-O5uvpnUkgvgyc-LZ-BMgl7lSOiArLnigyMfQHeKwtjsAFkzli2qNt-el92uy1n9MinRiM4-r_kuguAZ2FaqvgDRI7W4BJHYYYE57hKwd4voO53T9tNDjjz5wPoHSPdca-HpHJXwjGM_-CgDmNF77MHGtDQVI5FPp2zlW8BYjW9rKakO4f7AJC1x3uFv0Gf-RAexY_ZewKyvFAJb_AglSMR9FR4p75TQugWodlgT88uGHJapdZI48zRhwxTkNtwMd8VJb3LKcpRKXA5aWM0zCx_jGzPbi7LUB2q5tHJN6DUz3IFnz6jBnvPkCxBEt73SQ4NngAiCiWKmSHaHwHS8fL7XIK8F47ukN8vEHeLPa1A3o3u794gYKlmRknNrxVfY5NH1WUncdHpP4wDBMcRuc6BQfYnxiL2XwSj0PaUrsv4xdRgvDSDtS5ygBnbRWomzMoDigELzjljKY-_R8fAw0DoDwq_0Er6R_SR-qd5Sph6jlRnSYvLJSGtJJEnPncR8LmopI2JVtnNO7tK9WFnmRontYCopNM9CKrMz_hyFLAuX3dF3QyGG1ntR3UhdmCaEq0d0S4mBbEHoMPfokVtp4u635LUY_AcWd99OsRQEUyd9N1OZa7AXjYEsvtLgoPe1JCHVKK9xNPSneMJ5bO_dehBcGTHuOjJjKrMFbsEjAANAYYPqrGzwvBbN6vRUSxlvNgHv04BzRfm9qtv2BuRnni95djcKy9mFMJmWGY7Qy2hyiXwtMcqKfqOyY8_Ka5W9gp6bs2pKHAFywcPUB0georw3L82TG9rQYXKhK2VValx4ksJOFOPNFLj7Ej3UR77wRxxcsG_wu7MAvHg6Inp8pje7j00YNzmqpQ2OfcFQkRAr0qqc2K8U3-8KIMSbuD55p9P9L-8_9JMTj0R1tOSIldNgYEPqO5G7CxI-pxS0VlLvqQDRMOsURYDxjxJB48SVMsxZUCgUpemr7Kr_a4Gb6B3H2qdBTXkpefasaLw5sLYXytmxJ-8PDhe8NwT1YNCDoXfE99_XLT_8W2YBYF-UTYEwoDTmyr9Rii2ZGjHbICZAg6A-gOi5ZKuv7oDBk2Tzt3ZJWfmWIdNQ4aNXI7vUmGUdcAvjuweRnetGGkW_IzK9GDol94B3BUvt02Kae2vf2SkArKB-ABPviVPaKCcA0UPNooaz_iQsA5Luq7ixa3bh_9SR3ybKHDmk5IsKnpfLaglJG05_vFJSCy3D_slI8cT0dBmvdo8sAUZNESP6fuewXQWsvenGya9hV_6GMrHet8e1R46HI37CCVoL5RUFmiIUaeY0IY20CEvsuwo93n1IJCTp07PX3BXhUimr7EFsAf9aNW93JtgvlyS9bpoK9f5oAPS1w6Xgy6nOHQlQMux89ZwzA7Doz8nG1HykZrTGtWVg_UwQrB6stpeEMrqseH5sNkwuRudIofCKOSVhAjqYU37G9ahM-9oVc0fuksXrNaqSHLDXoPHOHgefVkNJ9Ge4H2iWsZZr4r_Ry0tgBmE_md-6Trt2bDUkxJLfaQQ4Jlxys8XXbWhSmwjz0NGW2ZVJpR82lw0RI7ku7NHVQ_qxbDN-aGnqyGQCTHKBaNrTiHbUwSmQY3WLrKT3wRle02GvtgOItz1NYs9IGRbv7aKFcE7bwaZWitFd2h_5xkZ-aMNm_MasghBYYkleHmtpiIx3I0YuVie040c5c00msMuA6KOg_BphcxQsZzifVW-6hZsgJZ3jyZtlliFgbJlGDmn-2YfHTfemmHKbK2l6SBeePb_rxtCccMfP6JGUpuWhW1dTE777qJ4OylFbEF8Ylqub34uREow2UNmVXz8LwlQg2KenzEh8UxGFHRCfXoapmoL1TBNi4z8wRgy4P3jPnzrf2Nzs55fryyTjB1XqozOKhrzq0ZHUgpGQXk-dDz9-geuDRr1cD1OVpXzI1d7t2GZsmVeHWvCkFWTqBKUmwitg8v7p7melIEl83SQQ4Pmo_PAqECxFVHC5nnjPDD1Hb1mQo6i6cMWOkPfBweSx7q-IMSjjd6DgjXZspR8_ZmZLr6pI5oFnHffVsSq2ur1i_RRqIbi7hU8xBQzPi_GzCDIgETyN3qzWolMbaWXV15Z7YEhNklTvosR1ByUdfHjuNh6WHYkAjnURnO4URgHh3ANmZbZNV14rc5eufngN6uxHVdYAbRxpcy0lPJ9nHUVKJApfqv_BWsnz_cfnVqCkSuckSv_5pKOtoA&cid=CAASEuRo9GHdOkE-MHqzcgBWvR2PIA&rfl=1%2Chttps%253A%252F%252Fmediacyber.id%252F%240 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash dfcacda48d6344e9b2d0ab7a22e99560e29fe7431ab77391e8f5b6bd8355067e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT content-encoding br x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 30816 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET DATA	200 OK	truncated / Frame C2A2	214 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 349fbcebdae5cde9aed2670c978372dcdf2add81601162678f257532b7b9370c Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame EB05 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKxYjK2uffM-4BwIltBYPA&google_cver=1	43 B 1014 B	31ms 15ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKxYjK2uffM-4BwIltBYPA&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHz9QIQ8aSt-QEYm7LVoAEwAQ&v=APEucNWuNgEicptnjV1bh-KOZSDMFTQn5hqrGFf6CpvsULe6n5360X4UrqwPmeWUlrMcjGE9d_G_tq5t6jtlaCAJcuXOOLIbFmaDdxviFQrDKypGB1wskVnq-1fBTgGrZHmx65AGx5yY6uWjORaV0MFzXKaoeVKFrq4mhwNWpqPD5pplZUfCZyE Protocol HTTP/1.1 Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:19 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 23 Nov 2021 11:24:19 GMT Redirect headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKxYjK2uffM-4BwIltBYPA&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame EB05 Redirect Chain https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZzPY3tyTaZ-2WbeD14QlgAA https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1	43 B 894 B	20ms 20ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHz9QIQ8aSt-QEYm7LVoAEwAQ&v=APEucNWuNgEicptnjV1bh-KOZSDMFTQn5hqrGFf6CpvsULe6n5360X4UrqwPmeWUlrMcjGE9d_G_tq5t6jtlaCAJcuXOOLIbFmaDdxviFQrDKypGB1wskVnq-1fBTgGrZHmx65AGx5yY6uWjORaV0MFzXKaoeVKFrq4mhwNWpqPD5pplZUfCZyE Protocol HTTP/1.1 Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:19 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 23 Nov 2021 11:24:19 GMT Redirect headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	bounce ib.adnxs.com/ Frame EB05 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm https://ib.adnxs.com/setuid?entity=101&code=CAESEA1YsEAOsqJk9hKH5HT-vKQ&google_cver=1 https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEA1YsEAOsqJk9hKH5HT-vKQ%26google_cver%3D1	43 B 1 KB	19ms 18ms	Image image/gif	185.33.220.241 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEA1YsEAOsqJk9hKH5HT-vKQ%26google_cver%3D1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHz9QIQ8aSt-QEYm7LVoAEwAQ&v=APEucNWuNgEicptnjV1bh-KOZSDMFTQn5hqrGFf6CpvsULe6n5360X4UrqwPmeWUlrMcjGE9d_G_tq5t6jtlaCAJcuXOOLIbFmaDdxviFQrDKypGB1wskVnq-1fBTgGrZHmx65AGx5yY6uWjORaV0MFzXKaoeVKFrq4mhwNWpqPD5pplZUfCZyE Protocol HTTP/1.1 Server 185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US), Reverse DNS 732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.17.9 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:19 GMT X-Proxy-Origin 213.239.209.3; 213.239.209.3; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com AN-X-Request-Uuid 63dc6a3f-c743-4cd0-8b96-9c034a5704de Server nginx/1.17.9 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin * Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type image/gif Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:19 GMT X-Proxy-Origin 213.239.209.3; 213.239.209.3; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com AN-X-Request-Uuid bda3cacd-e20f-476d-9ddb-1dd6f4c87469 Server nginx/1.17.9 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Location https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEA1YsEAOsqJk9hKH5HT-vKQ%26google_cver%3D1 Cache-Control no-store, no-cache, private Connection keep-alive Content-Type text/html; charset=utf-8 Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame EB05 Redirect Chain https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA5NDA5NTI1MjA4Mzk0OTkzMg%3D%3D	170 B 188 B	31ms 30ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA5NDA5NTI1MjA4Mzk0OTkzMg%3D%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHz9QIQ8aSt-QEYm7LVoAEwAQ&v=APEucNWuNgEicptnjV1bh-KOZSDMFTQn5hqrGFf6CpvsULe6n5360X4UrqwPmeWUlrMcjGE9d_G_tq5t6jtlaCAJcuXOOLIbFmaDdxviFQrDKypGB1wskVnq-1fBTgGrZHmx65AGx5yY6uWjORaV0MFzXKaoeVKFrq4mhwNWpqPD5pplZUfCZyE Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:19 GMT X-Proxy-Origin 213.239.209.3; 213.239.209.3; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com AN-X-Request-Uuid a140692b-33fd-4f8c-a631-9e61c1ffc24e Server nginx/1.17.9 Access-Control-Allow-Origin * P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Location https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA5NDA5NTI1MjA4Mzk0OTkzMg%3D%3D Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/html; charset=utf-8 Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	html_inpage_rendering_lib_200_275.js Show response s0.2mdn.net/879366/ Frame B099	169 KB 59 KB	31ms 7ms	Script text/javascript	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Origin https://googleads.g.doubleclick.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 10:03:52 GMT content-encoding gzip x-content-type-options nosniff age 4827 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 60173 x-xss-protection 0 last-modified Mon, 27 Sep 2021 18:44:51 GMT server sffe vary Accept-Encoding report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Wed, 24 Nov 2021 10:03:52 GMT
GET H3	200	omrhp.js Show response pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame B099	8 KB 3 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DYOnT7qJBWf6ipRXRi8JgERVomh3pjwMDoMjmv98Cwe-xzqDFajI9uCWr-WEnGBJqEnkj1z_gmGSPKptEFQM6sjLDCW8JdvAltJmiNDseoVQ7HMUqA2VTAwf0P_9cZRXTRaFkMLQTe4WcmqMwWBBNouWJBY24C8rj6qrFEWNUWZc4PPkx9dIvrEsiG3Y8x-g2M9OJg&cry=1&dbm_d=AKAmf-AzOgs3ht0EfTEHidTeB0AMndSVhHDEXvvtI2W8Bzwi6-XwUwueRqgEsq1WoQ8K6lQ2BXDhtZWK9p4qQyGmcej5jbP7ZZFz8PpSOWYZL87WLw0CsVxbylO9tPas8t1QaKIKjN99cE8qRyHR2QTpFncvuPXbemupsR_Jgm8RRsF-u21-OqqnNlt56FzsegzkRxFFBBPq_tDp9VIHa2wEhe5G9dRzHJJS0X63sGkpxLofd-4qnS3gZSu-gDuVmcisxj9JDVozTVDPcW9x2P0WWCwzBbcUtRTgr0hgPNJGbh4OionYaHVLldcu5-01vfVBpVDXciL9uoJ8fr6hsh7x16sSHoVuV_qp3kcafT7Sse1V0eSO4d4ebIDUIrjZNQKJ-5__V4RGquR7q6kXk-4bOrUkHzGWTEv9xKpjOz-GfGyf_WPaPCzU04JzEpIW3QZiYrT8E1M-kA-epCRImKxYpVU9jxkj3NESxlnFI63NF-6FvwQSFBpUOaXA8c3S91TNmOg-EO7Wh_ccqmgnu7hBEVIGLlwnz0MWrfQTnHXo5aTjNW2mkDqnxCarAO20HYgZIAWBP2lVfrVAqtkEADOroeskH98Xy0ulwTAFaNpI_SgrxLROvlvlL13Whve8cXn06YwJsNJ6gV5pgTs7qiWVn-n1A0Lb4FJp-A4WXs9e1FTh2QN_DDNDYg4DZbJtyf8c4eDAvX0FHrkuM72rVFeyiiH221o-mapn5LQ6GSFQgscyTSYbjrNDzAfPw5yzO3Icx_dU3_3qftt6YO1dyKhx5ExamR6PZaQ0FyfcplmLCCPWUeSzPl-TDbZKvRvHyh09SfjH45pIYRjd2QPOHfq1wGzD8wWp0iP-2c6Pi7FCwtgieBrvBIdh8UElnKiVJlKR3x_z49o-GOjV7kXgm2L9JT7rNtNQeguAp4NlrmQGDjHGowB5P735UKK-P_tCPHKBKOp917R9ai088yy88C53iGr9dpQqPlDLvPtTuTJ7CZMdDU6ItoWpcDSwx-9jQ-O5uvpnUkgvgyc-LZ-BMgl7lSOiArLnigyMfQHeKwtjsAFkzli2qNt-el92uy1n9MinRiM4-r_kuguAZ2FaqvgDRI7W4BJHYYYE57hKwd4voO53T9tNDjjz5wPoHSPdca-HpHJXwjGM_-CgDmNF77MHGtDQVI5FPp2zlW8BYjW9rKakO4f7AJC1x3uFv0Gf-RAexY_ZewKyvFAJb_AglSMR9FR4p75TQugWodlgT88uGHJapdZI48zRhwxTkNtwMd8VJb3LKcpRKXA5aWM0zCx_jGzPbi7LUB2q5tHJN6DUz3IFnz6jBnvPkCxBEt73SQ4NngAiCiWKmSHaHwHS8fL7XIK8F47ukN8vEHeLPa1A3o3u794gYKlmRknNrxVfY5NH1WUncdHpP4wDBMcRuc6BQfYnxiL2XwSj0PaUrsv4xdRgvDSDtS5ygBnbRWomzMoDigELzjljKY-_R8fAw0DoDwq_0Er6R_SR-qd5Sph6jlRnSYvLJSGtJJEnPncR8LmopI2JVtnNO7tK9WFnmRontYCopNM9CKrMz_hyFLAuX3dF3QyGG1ntR3UhdmCaEq0d0S4mBbEHoMPfokVtp4u635LUY_AcWd99OsRQEUyd9N1OZa7AXjYEsvtLgoPe1JCHVKK9xNPSneMJ5bO_dehBcGTHuOjJjKrMFbsEjAANAYYPqrGzwvBbN6vRUSxlvNgHv04BzRfm9qtv2BuRnni95djcKy9mFMJmWGY7Qy2hyiXwtMcqKfqOyY8_Ka5W9gp6bs2pKHAFywcPUB0georw3L82TG9rQYXKhK2VValx4ksJOFOPNFLj7Ej3UR77wRxxcsG_wu7MAvHg6Inp8pje7j00YNzmqpQ2OfcFQkRAr0qqc2K8U3-8KIMSbuD55p9P9L-8_9JMTj0R1tOSIldNgYEPqO5G7CxI-pxS0VlLvqQDRMOsURYDxjxJB48SVMsxZUCgUpemr7Kr_a4Gb6B3H2qdBTXkpefasaLw5sLYXytmxJ-8PDhe8NwT1YNCDoXfE99_XLT_8W2YBYF-UTYEwoDTmyr9Rii2ZGjHbICZAg6A-gOi5ZKuv7oDBk2Tzt3ZJWfmWIdNQ4aNXI7vUmGUdcAvjuweRnetGGkW_IzK9GDol94B3BUvt02Kae2vf2SkArKB-ABPviVPaKCcA0UPNooaz_iQsA5Luq7ixa3bh_9SR3ybKHDmk5IsKnpfLaglJG05_vFJSCy3D_slI8cT0dBmvdo8sAUZNESP6fuewXQWsvenGya9hV_6GMrHet8e1R46HI37CCVoL5RUFmiIUaeY0IY20CEvsuwo93n1IJCTp07PX3BXhUimr7EFsAf9aNW93JtgvlyS9bpoK9f5oAPS1w6Xgy6nOHQlQMux89ZwzA7Doz8nG1HykZrTGtWVg_UwQrB6stpeEMrqseH5sNkwuRudIofCKOSVhAjqYU37G9ahM-9oVc0fuksXrNaqSHLDXoPHOHgefVkNJ9Ge4H2iWsZZr4r_Ry0tgBmE_md-6Trt2bDUkxJLfaQQ4Jlxys8XXbWhSmwjz0NGW2ZVJpR82lw0RI7ku7NHVQ_qxbDN-aGnqyGQCTHKBaNrTiHbUwSmQY3WLrKT3wRle02GvtgOItz1NYs9IGRbv7aKFcE7bwaZWitFd2h_5xkZ-aMNm_MasghBYYkleHmtpiIx3I0YuVie040c5c00msMuA6KOg_BphcxQsZzifVW-6hZsgJZ3jyZtlliFgbJlGDmn-2YfHTfemmHKbK2l6SBeePb_rxtCccMfP6JGUpuWhW1dTE777qJ4OylFbEF8Ylqub34uREow2UNmVXz8LwlQg2KenzEh8UxGFHRCfXoapmoL1TBNi4z8wRgy4P3jPnzrf2Nzs55fryyTjB1XqozOKhrzq0ZHUgpGQXk-dDz9-geuDRr1cD1OVpXzI1d7t2GZsmVeHWvCkFWTqBKUmwitg8v7p7melIEl83SQQ4Pmo_PAqECxFVHC5nnjPDD1Hb1mQo6i6cMWOkPfBweSx7q-IMSjjd6DgjXZspR8_ZmZLr6pI5oFnHffVsSq2ur1i_RRqIbi7hU8xBQzPi_GzCDIgETyN3qzWolMbaWXV15Z7YEhNklTvosR1ByUdfHjuNh6WHYkAjnURnO4URgHh3ANmZbZNV14rc5eufngN6uxHVdYAbRxpcy0lPJ9nHUVKJApfqv_BWsnz_cfnVqCkSuckSv_5pKOtoA&cid=CAASEuRo9GHdOkE-MHqzcgBWvR2PIA&rfl=1%2Chttps%253A%252F%252Fmediacyber.id%252F%240 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:16:16 GMT content-encoding gzip x-content-type-options nosniff age 483 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 3140 x-xss-protection 0 server cafe etag 17163059639670574047 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:16:16 GMT
GET H3	200	abg_lite.js Show response pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame B099	24 KB 9 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DYOnT7qJBWf6ipRXRi8JgERVomh3pjwMDoMjmv98Cwe-xzqDFajI9uCWr-WEnGBJqEnkj1z_gmGSPKptEFQM6sjLDCW8JdvAltJmiNDseoVQ7HMUqA2VTAwf0P_9cZRXTRaFkMLQTe4WcmqMwWBBNouWJBY24C8rj6qrFEWNUWZc4PPkx9dIvrEsiG3Y8x-g2M9OJg&cry=1&dbm_d=AKAmf-AzOgs3ht0EfTEHidTeB0AMndSVhHDEXvvtI2W8Bzwi6-XwUwueRqgEsq1WoQ8K6lQ2BXDhtZWK9p4qQyGmcej5jbP7ZZFz8PpSOWYZL87WLw0CsVxbylO9tPas8t1QaKIKjN99cE8qRyHR2QTpFncvuPXbemupsR_Jgm8RRsF-u21-OqqnNlt56FzsegzkRxFFBBPq_tDp9VIHa2wEhe5G9dRzHJJS0X63sGkpxLofd-4qnS3gZSu-gDuVmcisxj9JDVozTVDPcW9x2P0WWCwzBbcUtRTgr0hgPNJGbh4OionYaHVLldcu5-01vfVBpVDXciL9uoJ8fr6hsh7x16sSHoVuV_qp3kcafT7Sse1V0eSO4d4ebIDUIrjZNQKJ-5__V4RGquR7q6kXk-4bOrUkHzGWTEv9xKpjOz-GfGyf_WPaPCzU04JzEpIW3QZiYrT8E1M-kA-epCRImKxYpVU9jxkj3NESxlnFI63NF-6FvwQSFBpUOaXA8c3S91TNmOg-EO7Wh_ccqmgnu7hBEVIGLlwnz0MWrfQTnHXo5aTjNW2mkDqnxCarAO20HYgZIAWBP2lVfrVAqtkEADOroeskH98Xy0ulwTAFaNpI_SgrxLROvlvlL13Whve8cXn06YwJsNJ6gV5pgTs7qiWVn-n1A0Lb4FJp-A4WXs9e1FTh2QN_DDNDYg4DZbJtyf8c4eDAvX0FHrkuM72rVFeyiiH221o-mapn5LQ6GSFQgscyTSYbjrNDzAfPw5yzO3Icx_dU3_3qftt6YO1dyKhx5ExamR6PZaQ0FyfcplmLCCPWUeSzPl-TDbZKvRvHyh09SfjH45pIYRjd2QPOHfq1wGzD8wWp0iP-2c6Pi7FCwtgieBrvBIdh8UElnKiVJlKR3x_z49o-GOjV7kXgm2L9JT7rNtNQeguAp4NlrmQGDjHGowB5P735UKK-P_tCPHKBKOp917R9ai088yy88C53iGr9dpQqPlDLvPtTuTJ7CZMdDU6ItoWpcDSwx-9jQ-O5uvpnUkgvgyc-LZ-BMgl7lSOiArLnigyMfQHeKwtjsAFkzli2qNt-el92uy1n9MinRiM4-r_kuguAZ2FaqvgDRI7W4BJHYYYE57hKwd4voO53T9tNDjjz5wPoHSPdca-HpHJXwjGM_-CgDmNF77MHGtDQVI5FPp2zlW8BYjW9rKakO4f7AJC1x3uFv0Gf-RAexY_ZewKyvFAJb_AglSMR9FR4p75TQugWodlgT88uGHJapdZI48zRhwxTkNtwMd8VJb3LKcpRKXA5aWM0zCx_jGzPbi7LUB2q5tHJN6DUz3IFnz6jBnvPkCxBEt73SQ4NngAiCiWKmSHaHwHS8fL7XIK8F47ukN8vEHeLPa1A3o3u794gYKlmRknNrxVfY5NH1WUncdHpP4wDBMcRuc6BQfYnxiL2XwSj0PaUrsv4xdRgvDSDtS5ygBnbRWomzMoDigELzjljKY-_R8fAw0DoDwq_0Er6R_SR-qd5Sph6jlRnSYvLJSGtJJEnPncR8LmopI2JVtnNO7tK9WFnmRontYCopNM9CKrMz_hyFLAuX3dF3QyGG1ntR3UhdmCaEq0d0S4mBbEHoMPfokVtp4u635LUY_AcWd99OsRQEUyd9N1OZa7AXjYEsvtLgoPe1JCHVKK9xNPSneMJ5bO_dehBcGTHuOjJjKrMFbsEjAANAYYPqrGzwvBbN6vRUSxlvNgHv04BzRfm9qtv2BuRnni95djcKy9mFMJmWGY7Qy2hyiXwtMcqKfqOyY8_Ka5W9gp6bs2pKHAFywcPUB0georw3L82TG9rQYXKhK2VValx4ksJOFOPNFLj7Ej3UR77wRxxcsG_wu7MAvHg6Inp8pje7j00YNzmqpQ2OfcFQkRAr0qqc2K8U3-8KIMSbuD55p9P9L-8_9JMTj0R1tOSIldNgYEPqO5G7CxI-pxS0VlLvqQDRMOsURYDxjxJB48SVMsxZUCgUpemr7Kr_a4Gb6B3H2qdBTXkpefasaLw5sLYXytmxJ-8PDhe8NwT1YNCDoXfE99_XLT_8W2YBYF-UTYEwoDTmyr9Rii2ZGjHbICZAg6A-gOi5ZKuv7oDBk2Tzt3ZJWfmWIdNQ4aNXI7vUmGUdcAvjuweRnetGGkW_IzK9GDol94B3BUvt02Kae2vf2SkArKB-ABPviVPaKCcA0UPNooaz_iQsA5Luq7ixa3bh_9SR3ybKHDmk5IsKnpfLaglJG05_vFJSCy3D_slI8cT0dBmvdo8sAUZNESP6fuewXQWsvenGya9hV_6GMrHet8e1R46HI37CCVoL5RUFmiIUaeY0IY20CEvsuwo93n1IJCTp07PX3BXhUimr7EFsAf9aNW93JtgvlyS9bpoK9f5oAPS1w6Xgy6nOHQlQMux89ZwzA7Doz8nG1HykZrTGtWVg_UwQrB6stpeEMrqseH5sNkwuRudIofCKOSVhAjqYU37G9ahM-9oVc0fuksXrNaqSHLDXoPHOHgefVkNJ9Ge4H2iWsZZr4r_Ry0tgBmE_md-6Trt2bDUkxJLfaQQ4Jlxys8XXbWhSmwjz0NGW2ZVJpR82lw0RI7ku7NHVQ_qxbDN-aGnqyGQCTHKBaNrTiHbUwSmQY3WLrKT3wRle02GvtgOItz1NYs9IGRbv7aKFcE7bwaZWitFd2h_5xkZ-aMNm_MasghBYYkleHmtpiIx3I0YuVie040c5c00msMuA6KOg_BphcxQsZzifVW-6hZsgJZ3jyZtlliFgbJlGDmn-2YfHTfemmHKbK2l6SBeePb_rxtCccMfP6JGUpuWhW1dTE777qJ4OylFbEF8Ylqub34uREow2UNmVXz8LwlQg2KenzEh8UxGFHRCfXoapmoL1TBNi4z8wRgy4P3jPnzrf2Nzs55fryyTjB1XqozOKhrzq0ZHUgpGQXk-dDz9-geuDRr1cD1OVpXzI1d7t2GZsmVeHWvCkFWTqBKUmwitg8v7p7melIEl83SQQ4Pmo_PAqECxFVHC5nnjPDD1Hb1mQo6i6cMWOkPfBweSx7q-IMSjjd6DgjXZspR8_ZmZLr6pI5oFnHffVsSq2ur1i_RRqIbi7hU8xBQzPi_GzCDIgETyN3qzWolMbaWXV15Z7YEhNklTvosR1ByUdfHjuNh6WHYkAjnURnO4URgHh3ANmZbZNV14rc5eufngN6uxHVdYAbRxpcy0lPJ9nHUVKJApfqv_BWsnz_cfnVqCkSuckSv_5pKOtoA&cid=CAASEuRo9GHdOkE-MHqzcgBWvR2PIA&rfl=1%2Chttps%253A%252F%252Fmediacyber.id%252F%240 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:22:42 GMT content-encoding gzip x-content-type-options nosniff age 97 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9475 x-xss-protection 0 server cafe etag 15988442915344899701 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:22:42 GMT
GET H3	200	UFYwWwmt.js Show response tpc.googlesyndication.com/sodar/ Frame B099	41 KB 15 KB	8ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 19 Nov 2021 12:35:12 GMT content-encoding gzip x-content-type-options nosniff age 341347 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15207 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" expires Sat, 19 Nov 2022 12:35:12 GMT
GET H3	200	cookie_push_onload.html Show response pagead2.googlesyndication.com/pagead/s/ Frame A526	1 KB 749 B	7ms 7ms	Document text/html	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Mon, 22 Nov 2021 13:26:12 GMT expires Tue, 23 Nov 2021 13:26:12 GMT content-type text/html; charset=UTF-8 etag 48472445140208031 x-content-type-options nosniff content-encoding gzip server cafe content-length 724 x-xss-protection 0 age 79087 cache-control public, max-age=86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET DATA	200 OK	truncated / Frame B099	214 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 3cea97808eb7b9a36416a6acdcb1e1cbff11372b58d85531d98fd8f4fa37be4e Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET H3	200	13206661468543097247 tpc.googlesyndication.com/daca_images/simgad/ Frame F6EF	223 KB 223 KB	7ms 7ms	Image image/png	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/daca_images/simgad/13206661468543097247 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6455e091b47b6f6341ca7cb29ab0d98583c1dbd86c221d51672b5260d12ecf0f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 22 Nov 2021 18:31:42 GMT x-content-type-options nosniff age 60757 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 228007 x-xss-protection 0 last-modified Wed, 15 Sep 2021 17:51:11 GMT server sffe report-to {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="content-ads-owners" expires Tue, 22 Nov 2022 18:31:42 GMT
GET H3	200	abg_lite_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame F6EF	19 KB 8 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 65623c8434f7dadaba113a4521a101729ee3e6635e4412f2ccc99fbe6412d15e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:21:38 GMT content-encoding gzip x-content-type-options nosniff age 161 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7840 x-xss-protection 0 server cafe etag 9525834815172239946 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:21:38 GMT
GET H3	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame F6EF	2 KB 1 KB	11ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:07:21 GMT content-encoding gzip x-content-type-options nosniff age 1018 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1332 x-xss-protection 0 server cafe etag 3351516697335751560 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:07:21 GMT
GET H3	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame F6EF	119 KB 36 KB	25ms 22ms	Script text/javascript	2a00:1450:4001:82f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:19 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37119 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1636547677202025" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 23 Nov 2021 11:24:19 GMT
GET H3	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame F6EF	15 KB 6 KB	10ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:19:55 GMT content-encoding gzip x-content-type-options nosniff age 264 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6415 x-xss-protection 0 server cafe etag 16810888504096353422 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:19:55 GMT
GET H3	200	Enqz_20U.html Show response tpc.googlesyndication.com/sodar/ Frame 62F1	22 KB 8 KB	10ms 9ms	Document text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Enqz_20U.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} timing-allow-origin * content-length 8395 date Fri, 19 Nov 2021 12:35:14 GMT expires Sat, 19 Nov 2022 12:35:14 GMT last-modified Tue, 03 Mar 2020 20:15:00 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 341345 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	adview googleads.g.doubleclick.net/pagead/ Frame F6EF	0 0	53ms 49ms	Fetch text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/adview?ai=CcuhSYs-cYe-3Ooud-wbA3KXYCYmkgaJm88mkvZIO8ui0tfkBEAEgvJvVY2CVgoCAuAegAf-wpKMDyAECqQJyzsqkAXa2PqgDAcgDyQSqBIkCT9BhhnVZlrgx6B-QP3NGRStQxD6VahzczVlbQv9jC14Mp8tFYjFMMZJum-ns_e49w1QtOk3q_Hr_u-s_sO1PixAAp0rq9VinUZxtMXVBHb4vq4995ynM558igBDAjWgpfJDo5wcHLNBsTDCGJjeW0Le-Uju_nbjTjvfJAbDrw_BNg-b3IxaR2UtzZOfXYbLQNpU58uChrV0Uo_COXo2OnJTvL3keWDBY5PYkR-plRTmupfvebVvAjyfajU0jk0SCmoEoSK17GYfvYSBuy1KU0GWd1albBiBoSkjyT-YfcYAhPxN2V2UhfJbuq2DcgvudttHXuDA3OI8Ohk5IAwKtBPBqsWLUfC9becAE-pzPqdsBkgUECAQYAZIFBAgFGASgBgKAB73XhCyoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBC-zS3SCAkIgOGAEBABGF-ACgHICwHYEwzQFQGAFwGyFxwKGggAEhRwdWItNzMwNzM1NTQxODM4MTkyORgA&sigh=LccEZrWq9A8&uach_m=[UACH] Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe date Tue, 23 Nov 2021 11:24:19 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0
GET H3	200	one_click_handler_one_afma_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame F6EF	27 KB 11 KB	9ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/one_click_handler_one_afma_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 0072f2a89bd32697c990a647ce4577265131df2f7d089ecef8eb14d50abdfb36 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 02:53:02 GMT content-encoding gzip x-content-type-options nosniff age 30677 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 11327 x-xss-protection 0 server cafe etag 10656063359522146397 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 02:53:02 GMT
GET H3	200	index.html Show response s0.2mdn.net/sadbundle/17308118496072713019/ Frame 9885	93 KB 24 KB	31ms 16ms	Document text/html	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/sadbundle/17308118496072713019/index.html?e=69&leftOffset=0&topOffset=0&c=y191at8IrX&t=1&renderingType=2 Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c889541f19f6331f1cf47d97d9839111835bf1e89d7eb123c7bd1adf3a4f6a66 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers accept-ranges bytes vary Accept-Encoding content-type text/html access-control-allow-origin * cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} timing-allow-origin * date Tue, 23 Nov 2021 11:24:19 GMT expires Wed, 23 Nov 2022 11:24:19 GMT cache-control public, max-age=31536000 last-modified Tue, 23 Mar 2021 12:34:59 GMT x-content-type-options nosniff x-dns-prefetch-control off content-encoding gzip server sffe x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST H2	200	view googleads4.g.doubleclick.net/pcs/ Frame B099	0 571 B	90ms 51ms	Ping image/gif	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstdP5ga53lmujt0ZLY_rZweexfIrJtF7W9IRplYguKKD5umajgNS4FG46a2UtrGhdvvlHz5wDfSfLiLFyz_DZPQFrqG5gg76f8viJjOcPP8SQhrlV3U9pzlt3qpTOKCucQopph7lqJPRIJlUfacnmxySr7aViVXjYvGpBTcEJexpsTmznS-jUssJVubRB15eLVxMqwb-Nlo1oJ78kemt77CZaUJo5viRCzUC_tUzQvQr00YYuOnc54utYDGwc6IE6Vb9hp1jCQEEVCLmjZ70ZyVgcnfPA791ACH2VmolU4yO6kNONZoubk-hsbaj6inaBYBRSnRIWYRfhXDBuZvcjyF5R9DK6PqePjXqBxiPl-IW8_Il3Fn1tjrhUDP1pgsstB-FrmyA9KMul369supzo7Vt-wVHYBeeJLv6XyOgQ_-M86pw3AlLMbeotir0K074rX55obvOopbydEUxKSzmWYJoS9CER6nsfFAZwAOkbRKjF6NemG4xerEyHtjYMXS2ZsDX05jM6yaby91NAPxrLvoPXUNUD5mvaN183eOaYWXXMqQimxC0BD9Bry1bx10LdWcLIzjh94fSBqmQ3dXN5WgP63Lp7UJEQkJhdXzL8yXeqEHsLBDtcT4qWa509xlKtP8Rg8PthrYYDcCIONy2xBnk_93Qeo2cKctfiuM2-45PHhewjfxCBS61duKfNw_iaBFLZqI2Mz7LZ7JDW5kEnINPNzMbolF3Vx1KJVTG1Zj2L6c-_OjwolyB92VqJ6MIp4XKd9VmhrAqykRXMI8PUBhU-RXwpvPNxDA6R5iF8-tJmsh8Y3xEJuHLrzocnZTD4G9ND0p-7AC3crg0znpC-ogsCwkRMWwQYwcJ_auo0YuR1hD9S9anUzqd3DBDLpMv7_uiIKS8WDa6CMFBBhPWaCb35RW1PmXFk2F1AjdCFz8ZfIttTgOrJdam78ZZ8i8jQN8AK2zYjLP5im_Kqwn58G9LYjkkJ_2QA8RYWtKL18zCTcDbQXHMsK6Nk6EMywA1S8AWzXdpht0lNSjvupK2BcGxldElE0yqjedk4QY1K54jXD7bd-AtS5TxI1KxzQ98E677c2FJG8SZrpB0dGNeh_B1ana8vO_lDYyS-WojDEd4hLis7OI19pUuZhWLFcBqB9UI2Aott0DICflHkDVHCZuwosByRo6l13xG714XiMKVW5U&sai=AMfl-YTq7zLzITZM6bO_sa0s4KLv6zK_1i3CxweXJ8VfhxEchQn8xFZ_GNEcqNmaU9n6UVWzi2ml_ey9VoGJlPpEbK2Qgcr8O-Mlx3ikEmLRTHSml5rItnANQnkC6n4-5UbYdQmFSy7DoJHixus6rvRuyKwYE3Mj7g&sig=Cg0ArKJSzMufeHoc7WKcEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=72&cbvp=1&cstd=66&cisv=r20211111.66183&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl= Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers timing-allow-origin * content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version date Tue, 23 Nov 2021 11:24:19 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe
GET H3	200	s Show response googleads.g.doubleclick.net/pagead/drt/ Frame D639	143 B 163 B	10ms 7ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Response headers content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip date Tue, 23 Nov 2021 10:58:25 GMT server cafe content-length 145 x-xss-protection 0 cache-control public, max-age=3600 age 1554 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	redir.html Show response p4-dmn6zsjahxwdi-tzjtwnmq6npogiw4-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame A03C	247 B 962 B	55ms 16ms	Document text/html	216.58.212.163 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://p4-dmn6zsjahxwdi-tzjtwnmq6npogiw4-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.58.212.163 , United States, ASN15169 (GOOGLE, US), Reverse DNS ams15s22-in-f163.1e100.net Software sffe / Resource Hash 2c256f08cb30049b1fa038d5f1d6dde6ba48360bef59a5df6f7f4edbd0838da5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers accept-ranges bytes vary Accept-Encoding content-type text/html content-security-policy-report-only script-src 'nonce-s-lI_TUteyqrGvX-5xhkwQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-length 204 date Tue, 23 Nov 2021 11:24:19 GMT pragma no-cache expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, must-revalidate last-modified Mon, 02 Dec 2019 20:15:00 GMT x-content-type-options nosniff content-encoding gzip server sffe x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	cookie_push_onload.html Show response pagead2.googlesyndication.com/pagead/s/ Frame 9A6E	1 KB 749 B	8ms 7ms	Document text/html	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Mon, 22 Nov 2021 13:26:12 GMT expires Tue, 23 Nov 2021 13:26:12 GMT content-type text/html; charset=UTF-8 etag 48472445140208031 x-content-type-options nosniff content-encoding gzip server cafe content-length 724 x-xss-protection 0 age 79087 cache-control public, max-age=86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	pixel cm.g.doubleclick.net/ Frame A526 Redirect Chain https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELOvtiCHPcWOGjFY13TRcaU&google_cver=1&google_push=AYg5qPLGg5KP5jCPmKqC3EqkXIp8SGzksuj6TQLYweWXthNoFA8A5pthgR... https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPLGg5KP5jCPmKqC3EqkXIp8SGzksuj6TQLYweWXthNoFA8A5pthgRrc5RFJroInPQO7EZ29qqaW91cUOFxeV3xANadSWw&google_hm=WIE-dil3...	170 B 188 B	17ms 16ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPLGg5KP5jCPmKqC3EqkXIp8SGzksuj6TQLYweWXthNoFA8A5pthgRrc5RFJroInPQO7EZ29qqaW91cUOFxeV3xANadSWw&google_hm=WIE-dil3j-zEZZV005wK6Q Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPLGg5KP5jCPmKqC3EqkXIp8SGzksuj6TQLYweWXthNoFA8A5pthgRrc5RFJroInPQO7EZ29qqaW91cUOFxeV3xANadSWw&google_hm=WIE-dil3j-zEZZV005wK6Q pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT cache-control private, no-cache, no-store, proxy-revalidate content-length 0 strict-transport-security max-age=86400 expires Fri, 04 Aug 1978 12:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame A526 Redirect Chain https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPIS2x2oQdvD6YNxyqqduHYE9A6b-TJXZ4AtWRXx8KB6zL2w3__r484FtGuRJD7Ly2ZdRZZaknal0c6IAdq5XuGXxinX_Oc&google_gid=CAESENU1rLqH-5n1ekGGwRD_pDY&goog... https://id.rlcdn.com/1000.gif?memo=CK69HBoNCOOe84wGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBJUzJ4Mm9RZHZENllOeHlxcWR1SFlFOUE2Yi1USlhaNEF0V1JYeDhLQjZ6TDJ3M19fcjQ4NEZ0R3VSSkQ3THkyWmRSWlpha25hbDBjNklBZH... https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwczJKSU1rUUpaZEJLWHNiTHRLZURxM0M5VU5OZVZ3OHNncGh5NXVIZTJVcw==&google_push	170 B 188 B	17ms 17ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwczJKSU1rUUpaZEJLWHNiTHRLZURxM0M5VU5OZVZ3OHNncGh5NXVIZTJVcw==&google_push Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers date Tue, 23 Nov 2021 11:24:19 GMT via 1.1 google p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" location https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwczJKSU1rUUpaZEJLWHNiTHRLZURxM0M5VU5OZVZ3OHNncGh5NXVIZTJVcw==&google_push cache-control no-cache, no-store timing-allow-origin * alt-svc clear content-length 0
GET H2	200	sync odr.mookie1.com/t/v2/ Frame A526	43 B 106 B	18ms 16ms	Image image/gif	34.98.67.61 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEBwPGTVC1iOpPF8pxIkXY5Y&google_push=AYg5qPJMfnDMaGJ7nkMea8JR0PdH79wGda3jRgss10Ku59XPnb_NDh0Z_QMO_Dy_GTRP6jlMe1dbfsT-GptgNBovOZ7vVGLkMrc&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 61.67.98.34.bc.googleusercontent.com Software Apache / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT via 1.1 google server Apache p3p CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml" cache-control no-cache, no-store, must-revalidate content-type image/gif;charset=UTF-8 alt-svc clear content-length 43 x-application-context application expires Thu, 01 Jan 1970 00:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame A526 Redirect Chain https://rtb.openx.net/sync/dds?google_gid=CAESEGlZ5W_euZOPMu-t_PuEqOw&google_cver=1&google_push=AYg5qPLR8x9daFS2ZWvhKs-ggSJYoZbqmGmEteyYCt1Flc8JBau2lqxvYISwFoHplRO3o2uCYObXgyzsrnh1ytPmt5lnjgVXTlc https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLR8x9daFS2ZWvhKs-ggSJYoZbqmGmEteyYCt1Flc8JBau2lqxvYISwFoHplRO3o2uCYObXgyzsrnh1ytPmt5lnjgVXTlc&google_hm=Mar68ROByygPQyO5EY8abA==	170 B 188 B	18ms 17ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLR8x9daFS2ZWvhKs-ggSJYoZbqmGmEteyYCt1Flc8JBau2lqxvYISwFoHplRO3o2uCYObXgyzsrnh1ytPmt5lnjgVXTlc&google_hm=Mar68ROByygPQyO5EY8abA== Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT via 1.1 google server Cowboy access-control-allow-origin null vary Origin p3p CP="CUR ADM OUR NOR STA NID" location https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLR8x9daFS2ZWvhKs-ggSJYoZbqmGmEteyYCt1Flc8JBau2lqxvYISwFoHplRO3o2uCYObXgyzsrnh1ytPmt5lnjgVXTlc&google_hm=Mar68ROByygPQyO5EY8abA== access-control-expose-headers cache-control private, max-age=0, no-cache, must-revalidate access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-request-id 5ipf771q88l5mvjh2agdjq5vbckhnp0f
GET H3	200	pixel cm.g.doubleclick.net/ Frame A526 Redirect Chain https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%... https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...	170 B 188 B	33ms 33ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKIuyVillQaO2EJpRVAlzEtwcey1nOdWg3ov-fAMD09J_l1mS8Z9PrGjFVZLtVgFvSL4qWcIdGavc_0upgWLUFpwpcUfCM Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKIuyVillQaO2EJpRVAlzEtwcey1nOdWg3ov-fAMD09J_l1mS8Z9PrGjFVZLtVgFvSL4qWcIdGavc_0upgWLUFpwpcUfCM date Tue, 23 Nov 2021 11:24:19 GMT p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" content-length 0 content-type text/html; charset=UTF-8
GET H3	200	pixel cm.g.doubleclick.net/ Frame A526 Redirect Chain https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMqFrumB2e_BVzLo-Q3MHZU&google_cver=1&google_push=AYg5qPKrUgjzmv8zM9XHe_xnaYUw1VwUWb-aP9xi1BCvEwGz0_StX3Zxj54XoD2s6Xfc-l18MR8... https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcyMTAtTy1CNDM=&google_push=AYg5qPKrUgjzmv8zM9XHe_xnaYUw1VwUWb-aP9xi1BCvEwGz0_StX3Zxj54XoD2s6Xfc-l18MR8EmAbL37tnXAYd88PUiEIEBF0	170 B 188 B	31ms 31ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcyMTAtTy1CNDM=&google_push=AYg5qPKrUgjzmv8zM9XHe_xnaYUw1VwUWb-aP9xi1BCvEwGz0_StX3Zxj54XoD2s6Xfc-l18MR8EmAbL37tnXAYd88PUiEIEBF0 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Location https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcyMTAtTy1CNDM=&google_push=AYg5qPKrUgjzmv8zM9XHe_xnaYUw1VwUWb-aP9xi1BCvEwGz0_StX3Zxj54XoD2s6Xfc-l18MR8EmAbL37tnXAYd88PUiEIEBF0 Cache-Control no-cache,no-store,must-revalidate Content-Type text/html content-length 0 X-RPHost 6734403d2cb3625dc1fef1bbd4a17cf3 Expires 0
GET		pixel cm.g.doubleclick.net/ Frame A526 Redirect Chain https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1&googl... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRM...	0 0
GET H3	204	attr cm.g.doubleclick.net/pixel/ Frame A526	0 12 B	33ms 32ms	Image text/html	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KeYEXPtCdL9pFZiaP5pni4EhnVxOCf1IaZmczM7BgBA4c3djLoJPjAYY-ZcTKdcAmtbC6p Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=1091561853&adf=1955204960&pi=t.aa~a.1965313108~rp.4&w=535&fwrn=4&fwrnh=100&lmt=1637666658&rafmt=1&to=qs&pwprc=3994875284&psa=0&format=535x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280&nras=4&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=405&ady=3791&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=s7PbYQYkQE&p=https%3A//mediacyber.id&dtd=42 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 content-type text/html
GET DATA	200 OK	truncated / Frame F6EF	214 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 61333017dd46ea009aab02546df32fa715d6aabfef23fe8d5f47e053a55d8924 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET H3	200	lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response pagead2.googlesyndication.com/bg/ Frame 62F1	35 KB 13 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:17:06 GMT content-encoding br x-content-type-options nosniff age 433 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13508 x-xss-protection 0 last-modified Mon, 08 Nov 2021 11:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 23 Nov 2022 11:17:06 GMT
GET H3	200	lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response pagead2.googlesyndication.com/bg/ Frame 77E8	35 KB 13 KB	9ms 8ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=3526151506&pi=t.aa~a.2135245809~i.19~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=2&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0&nras=2&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1849&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=iAigDo5ahh&p=https%3A//mediacyber.id&dtd=16 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:17:06 GMT content-encoding br x-content-type-options nosniff age 433 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13508 x-xss-protection 0 last-modified Mon, 08 Nov 2021 11:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 23 Nov 2022 11:17:06 GMT
GET H3	200	Enabler_01_245.js Show response s0.2mdn.net/879366/ Frame 9885	110 KB 38 KB	9ms 9ms	Script text/javascript	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/879366/Enabler_01_245.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/17308118496072713019/index.html?e=69&leftOffset=0&topOffset=0&c=y191at8IrX&t=1&renderingType=2 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/17308118496072713019/index.html?e=69&leftOffset=0&topOffset=0&c=y191at8IrX&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 22 Nov 2021 13:18:01 GMT content-encoding gzip x-content-type-options nosniff age 79578 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 38568 x-xss-protection 0 last-modified Wed, 14 Oct 2020 19:32:54 GMT server sffe vary Accept-Encoding report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 13:18:01 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame 9A6E Redirect Chain https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEG6Upos2TcJFOl_PKi9_gA&google_cver=1&google_push=AYg5qPK4mWQwiZpt_RNNTvD4kSUkCloaZy_24656wO-uO6sxjbeIX8tfUA... https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPK4mWQwiZpt_RNNTvD4kSUkCloaZy_24656wO-uO6sxjbeIX8tfUABgi-7o0sp_VnUMaDVEYhA7V3oTo0x7wUgdY1ozwpo&google_hm=WIE-dil...	170 B 188 B	17ms 17ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPK4mWQwiZpt_RNNTvD4kSUkCloaZy_24656wO-uO6sxjbeIX8tfUABgi-7o0sp_VnUMaDVEYhA7V3oTo0x7wUgdY1ozwpo&google_hm=WIE-dil3j-zEZZV005wK6Q Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPK4mWQwiZpt_RNNTvD4kSUkCloaZy_24656wO-uO6sxjbeIX8tfUABgi-7o0sp_VnUMaDVEYhA7V3oTo0x7wUgdY1ozwpo&google_hm=WIE-dil3j-zEZZV005wK6Q pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT cache-control private, no-cache, no-store, proxy-revalidate content-length 0 strict-transport-security max-age=86400 expires Fri, 04 Aug 1978 12:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame 9A6E Redirect Chain https://d.agkn.com/pixel/2175/?google_gid=CAESECBDJKLlvDPSLea7LO_mQR8&google_cver=1&google_push=AYg5qPK59ob0Ky9wWosiQCucWUzKCA5JTi3SpoeXU4wkEf5akgXOsWcLpXIA3PigrPHxFV6zLaVMpkYWeVsHGI3TkdqztoBL5zM https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPK59ob0Ky9wWosiQCucWUzKCA5JTi3SpoeXU4wkEf5akgXOsWcLpXIA3PigrPHxFV6zLaVMpkYWeVsHGI3TkdqztoBL5zM&google_hm=Q0FFU0VDQkRKS0xsdkRQU0...	170 B 188 B	32ms 32ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPK59ob0Ky9wWosiQCucWUzKCA5JTi3SpoeXU4wkEf5akgXOsWcLpXIA3PigrPHxFV6zLaVMpkYWeVsHGI3TkdqztoBL5zM&google_hm=Q0FFU0VDQkRKS0xsdkRQU0xlYTdMT19tUVI4 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:19 GMT Server Apache-Coyote/1.1 P3P CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Location https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPK59ob0Ky9wWosiQCucWUzKCA5JTi3SpoeXU4wkEf5akgXOsWcLpXIA3PigrPHxFV6zLaVMpkYWeVsHGI3TkdqztoBL5zM&google_hm=Q0FFU0VDQkRKS0xsdkRQU0xlYTdMT19tUVI4 Cache-Control no-cache, must-revalidate Connection keep-alive Content-Length 0 Expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	sync odr.mookie1.com/t/v2/ Frame 9A6E	43 B 106 B	17ms 16ms	Image image/gif	34.98.67.61 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEEZuGljDEzmR-G7qP4O3QAA&google_push=AYg5qPLoo4_YcnP7MROexZEhbQnmnychnUS-M9xoa9oLkO6Dam8KIKvghjQV8m5mim1pZCNFFZJCAu261Mojh55uDKf5EA5Vq6w&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 61.67.98.34.bc.googleusercontent.com Software Apache / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT via 1.1 google server Apache p3p CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml" cache-control no-cache, no-store, must-revalidate content-type image/gif;charset=UTF-8 alt-svc clear content-length 43 x-application-context application expires Thu, 01 Jan 1970 00:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame 9A6E Redirect Chain https://rtb.openx.net/sync/dds?google_gid=CAESEAnxbK5XyZ7Jex1Ci0oKCjI&google_cver=1&google_push=AYg5qPIALhBne0UcBxWaAxLXS95LQL7UyhkQSiGAPVXGLOo--PfK42y--g1gWeIgB3W7ZgJfKpDW_M5fSIUtWmu93AYWPWn77Vg https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIALhBne0UcBxWaAxLXS95LQL7UyhkQSiGAPVXGLOo--PfK42y--g1gWeIgB3W7ZgJfKpDW_M5fSIUtWmu93AYWPWn77Vg&google_hm=Mar68ROByygPQyO5EY8abA==	170 B 188 B	32ms 31ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIALhBne0UcBxWaAxLXS95LQL7UyhkQSiGAPVXGLOo--PfK42y--g1gWeIgB3W7ZgJfKpDW_M5fSIUtWmu93AYWPWn77Vg&google_hm=Mar68ROByygPQyO5EY8abA== Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT via 1.1 google server Cowboy access-control-allow-origin null vary Origin p3p CP="CUR ADM OUR NOR STA NID" location https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIALhBne0UcBxWaAxLXS95LQL7UyhkQSiGAPVXGLOo--PfK42y--g1gWeIgB3W7ZgJfKpDW_M5fSIUtWmu93AYWPWn77Vg&google_hm=Mar68ROByygPQyO5EY8abA== access-control-expose-headers cache-control private, max-age=0, no-cache, must-revalidate access-control-allow-credentials true alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-request-id na8ep6pjaenma8hd82a2vu1si7s4tpu3
GET H3	200	pixel cm.g.doubleclick.net/ Frame 9A6E Redirect Chain https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%... https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...	170 B 188 B	17ms 16ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI-3Na1JlyoDSYiPzyyCfJI8lHrHxeqm18Ml4SzcjqxKW0kdL8S6UlA6RFxUnpEq6LPoQW51hCeVyIFIpk11BT20KPRIZA Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI-3Na1JlyoDSYiPzyyCfJI8lHrHxeqm18Ml4SzcjqxKW0kdL8S6UlA6RFxUnpEq6LPoQW51hCeVyIFIpk11BT20KPRIZA date Tue, 23 Nov 2021 11:24:19 GMT p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" content-length 0 content-type text/html; charset=UTF-8
GET H3	200	pixel cm.g.doubleclick.net/ Frame 9A6E Redirect Chain https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIwOoMqNWbfvxxrI-yNfKi8&google_cver=1&google_push=AYg5qPJSy6pFQmlEaMErfzduGkSpaILpY-mQZU6wQ5D799J_H8jIaZUPWaDU5malqxUrtTJcOhP... https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcyMkUtMU8tNE9GNg==&google_push=AYg5qPJSy6pFQmlEaMErfzduGkSpaILpY-mQZU6wQ5D799J_H8jIaZUPWaDU5malqxUrtTJcOhP8FvQmm6XclP3tCdArtdST3PU	170 B 188 B	20ms 19ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcyMkUtMU8tNE9GNg==&google_push=AYg5qPJSy6pFQmlEaMErfzduGkSpaILpY-mQZU6wQ5D799J_H8jIaZUPWaDU5malqxUrtTJcOhP8FvQmm6XclP3tCdArtdST3PU Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Location https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcyMkUtMU8tNE9GNg==&google_push=AYg5qPJSy6pFQmlEaMErfzduGkSpaILpY-mQZU6wQ5D799J_H8jIaZUPWaDU5malqxUrtTJcOhP8FvQmm6XclP3tCdArtdST3PU Cache-Control no-cache,no-store,must-revalidate Content-Type text/html content-length 0 X-RPHost 6734403d2cb3625dc1fef1bbd4a17cf3 Expires 0
GET		pixel cm.g.doubleclick.net/ Frame 9A6E Redirect Chain https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1&googl... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp...	0 0
GET H3	204	attr cm.g.doubleclick.net/pixel/ Frame 9A6E	0 12 B	30ms 29ms	Image text/html	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K04gTTG_nb-ba-LZyBDOmekgqIkaWVpcNAxd1IUiu9koU335k_AAFAUOsLLDMn8YC1Zj3- Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:19 GMT server HTTP server (unknown) alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 content-type text/html
GET H3	200	iframe.html Show response p4-dmn6zsjahxwdi-tzjtwnmq6npogiw4-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame A03C	4 KB 2 KB	31ms 15ms	Document text/html	216.58.212.163 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://p4-dmn6zsjahxwdi-tzjtwnmq6npogiw4-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html Requested by Host: p4-dmn6zsjahxwdi-tzjtwnmq6npogiw4-if-v6exp3-v4.metric.gstatic.com URL: https://p4-dmn6zsjahxwdi-tzjtwnmq6npogiw4-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html Protocol H3 Security QUIC, , AES_128_GCM Server 216.58.212.163 , United States, ASN15169 (GOOGLE, US), Reverse DNS ams15s22-in-f163.1e100.net Software sffe / Resource Hash 3778019d519757b16979ad6884d3db9ac51779ae9bf3e5c1ba63ea14a0a841f7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://p4-dmn6zsjahxwdi-tzjtwnmq6npogiw4-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html Response headers accept-ranges bytes vary Accept-Encoding content-type text/html content-security-policy-report-only script-src 'nonce-0cdRL8eYAKtLt8zJBVwE4g' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-length 1863 date Tue, 23 Nov 2021 11:24:19 GMT pragma no-cache expires Fri, 01 Jan 1990 00:00:00 GMT cache-control no-cache, must-revalidate last-modified Thu, 29 Apr 2021 21:38:00 GMT x-content-type-options nosniff content-encoding gzip server sffe x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	si Show response googleads.g.doubleclick.net/pagead/drt/ Frame D639 Redirect Chain https://www.google.com/pagead/drt/ui https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA	0 16 B	51ms 50ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211 Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" content-type text/html; charset=UTF-8 x-content-type-options nosniff date Tue, 23 Nov 2021 11:24:19 GMT server cafe content-length 0 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" expires Tue, 23 Nov 2021 11:24:19 GMT cache-control private Redirect headers location https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA cache-control private content-type text/html; charset=UTF-8 x-content-type-options nosniff date Tue, 23 Nov 2021 11:24:19 GMT server cafe content-length 0 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST H3	200	view googleads4.g.doubleclick.net/pcs/ Frame B099	0 23 B	60ms 45ms	Ping image/gif	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstdP5ga53lmujt0ZLY_rZweexfIrJtF7W9IRplYguKKD5umajgNS4FG46a2UtrGhdvvlHz5wDfSfLiLFyz_DZPQFrqG5gg76f8viJjOcPP8SQhrlV3U9pzlt3qpTOKCucQopph7lqJPRIJlUfacnmxySr7aViVXjYvGpBTcEJexpsTmznS-jUssJVubRB15eLVxMqwb-Nlo1oJ78kemt77CZaUJo5viRCzUC_tUzQvQr00YYuOnc54utYDGwc6IE6Vb9hp1jCQEEVCLmjZ70ZyVgcnfPA791ACH2VmolU4yO6kNONZoubk-hsbaj6inaBYBRSnRIWYRfhXDBuZvcjyF5R9DK6PqePjXqBxiPl-IW8_Il3Fn1tjrhUDP1pgsstB-FrmyA9KMul369supzo7Vt-wVHYBeeJLv6XyOgQ_-M86pw3AlLMbeotir0K074rX55obvOopbydEUxKSzmWYJoS9CER6nsfFAZwAOkbRKjF6NemG4xerEyHtjYMXS2ZsDX05jM6yaby91NAPxrLvoPXUNUD5mvaN183eOaYWXXMqQimxC0BD9Bry1bx10LdWcLIzjh94fSBqmQ3dXN5WgP63Lp7UJEQkJhdXzL8yXeqEHsLBDtcT4qWa509xlKtP8Rg8PthrYYDcCIONy2xBnk_93Qeo2cKctfiuM2-45PHhewjfxCBS61duKfNw_iaBFLZqI2Mz7LZ7JDW5kEnINPNzMbolF3Vx1KJVTG1Zj2L6c-_OjwolyB92VqJ6MIp4XKd9VmhrAqykRXMI8PUBhU-RXwpvPNxDA6R5iF8-tJmsh8Y3xEJuHLrzocnZTD4G9ND0p-7AC3crg0znpC-ogsCwkRMWwQYwcJ_auo0YuR1hD9S9anUzqd3DBDLpMv7_uiIKS8WDa6CMFBBhPWaCb35RW1PmXFk2F1AjdCFz8ZfIttTgOrJdam78ZZ8i8jQN8AK2zYjLP5im_Kqwn58G9LYjkkJ_2QA8RYWtKL18zCTcDbQXHMsK6Nk6EMywA1S8AWzXdpht0lNSjvupK2BcGxldElE0yqjedk4QY1K54jXD7bd-AtS5TxI1KxzQ98E677c2FJG8SZrpB0dGNeh_B1ana8vO_lDYyS-WojDEd4hLis7OI19pUuZhWLFcBqB9UI2Aott0DICflHkDVHCZuwosByRo6l13xG714XiMKVW5U&sai=AMfl-YTq7zLzITZM6bO_sa0s4KLv6zK_1i3CxweXJ8VfhxEchQn8xFZ_GNEcqNmaU9n6UVWzi2ml_ey9VoGJlPpEbK2Qgcr8O-Mlx3ikEmLRTHSml5rItnANQnkC6n4-5UbYdQmFSy7DoJHixus6rvRuyKwYE3Mj7g&sig=Cg0ArKJSzMufeHoc7WKcEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=245&vt=11&dtpt=173&dett=3&cstd=66&cisv=r20211111.66183&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl= Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:19 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe
GET H3	200	sodar Show response pagead2.googlesyndication.com/getconfig/ Frame 9885	7 KB 5 KB	34ms 19ms	XHR application/json	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/Enabler_01_245.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 58a0c6147e6c62e6226d426bf9206d8df14bbf4a8f9d2771260d5b92c5852df1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:19 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5231 x-xss-protection 0
GET H3	200	prod_studio_01_245_configurablemodule.js Show response s0.2mdn.net/879366/ Frame 9885	30 KB 10 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/879366/prod_studio_01_245_configurablemodule.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/Enabler_01_245.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 19d8ebd3fb98721f56f81064a3b6c8d9e34b9e679f5badd844f05ce9090f245a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/17308118496072713019/index.html?e=69&leftOffset=0&topOffset=0&c=y191at8IrX&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 22 Nov 2021 18:24:01 GMT content-encoding gzip x-content-type-options nosniff age 61218 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 10470 x-xss-protection 0 last-modified Wed, 14 Oct 2020 19:32:53 GMT server sffe vary Accept-Encoding report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 18:24:01 GMT
GET H3	200	integrator.js Show response adservice.google.de/adsid/	107 B 122 B	16ms 16ms	Script application/javascript	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.de/adsid/integrator.js?domain=mediacyber.id Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:19 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	integrator.js Show response adservice.google.com/adsid/	107 B 122 B	17ms 16ms	Script application/javascript	2a00:1450:4001:808::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://adservice.google.com/adsid/integrator.js?domain=mediacyber.id Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:19 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info." cache-control private, no-cache, no-store cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 100 x-xss-protection 0
GET H3	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame CAB4	26 KB 11 KB	858ms 858ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 2e6cab1408df4149bc4c32abd4fbedf4584685240e0854bba92e15196c323973 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding br date Tue, 23 Nov 2021 11:24:20 GMT server cafe content-length 11728 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame 4005	18 KB 9 KB	501ms 501ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash b3c4ed0c0549579f923b0f3d98b9a7575e4cf66d7f2cc9432544e1187d99802a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding br date Tue, 23 Nov 2021 11:24:20 GMT server cafe content-length 9616 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H2	200	1637399042_MediaTek-meluncurkan-prosesor-Dimensity-9000-baru-untuk-ponsel-Android-unggulan.jpg i1.wp.com/mediacyber.id/wp-content/uploads/2021/11/	4 KB 5 KB	59ms 58ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i1.wp.com/mediacyber.id/wp-content/uploads/2021/11/1637399042_MediaTek-meluncurkan-prosesor-Dimensity-9000-baru-untuk-ponsel-Android-unggulan.jpg?resize=150%2C150&ssl=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i0.wp.com Software nginx / Resource Hash 11ecbb7c475ab0691091a2e09ec49cf2634ffc49f50e157eab7e7631cdcc4e9e Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc MISS hhn 1 date Tue, 23 Nov 2021 11:24:19 GMT x-content-type-options nosniff last-modified Tue, 23 Nov 2021 11:24:19 GMT server nginx etag "3d982ed9155d2257" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://mediacyber.id/wp-content/uploads/2021/11/1637399042_MediaTek-meluncurkan-prosesor-Dimensity-9000-baru-untuk-ponsel-Android-unggulan.jpg>; rel="canonical" content-length 4534 expires Thu, 23 Nov 2023 23:24:19 GMT
GET H3	200	sodar Show response pagead2.googlesyndication.com/getconfig/	12 KB 9 KB	29ms 29ms	XHR application/json	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211111&st=env Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash b5dc8d70e29aab02da875396a3468a0a7b655a71ae97527db1a4b645004170b3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:19 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9241 x-xss-protection 0
GET H3	200	sodar2.js Show response tpc.googlesyndication.com/sodar/ Frame 9885	17 KB 6 KB	16ms 16ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/Enabler_01_245.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:19 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1624308425655142" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6467 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" expires Tue, 23 Nov 2021 11:24:19 GMT
GET H3	200	18434454911232627282 s0.2mdn.net/simgad/ Frame 9885	5 KB 5 KB	10ms 10ms	Image image/png	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/simgad/18434454911232627282 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5672d10d2cb5da159487b982425bed1ecb45cfccff02b8c34b05c9273d8bf15c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/17308118496072713019/index.html?e=69&leftOffset=0&topOffset=0&c=y191at8IrX&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Wed, 17 Nov 2021 18:04:45 GMT x-content-type-options nosniff age 494374 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4922 x-xss-protection 0 last-modified Tue, 23 Mar 2021 12:36:21 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Thu, 17 Nov 2022 18:04:45 GMT
GET H3	200	3604846904723979040 s0.2mdn.net/simgad/ Frame 9885	20 KB 20 KB	9ms 9ms	Image image/jpeg	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/simgad/3604846904723979040 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1b3debff63331441f7a663b5319036cb4d60961e5c29d0024a2b92e6c7da5751 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/17308118496072713019/index.html?e=69&leftOffset=0&topOffset=0&c=y191at8IrX&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 07:47:02 GMT x-content-type-options nosniff age 13037 x-dns-prefetch-control off cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19995 x-xss-protection 0 last-modified Tue, 23 Mar 2021 12:51:49 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Wed, 23 Nov 2022 07:47:02 GMT
GET H3	200	lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response pagead2.googlesyndication.com/bg/ Frame F683	35 KB 13 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=280&adk=2863071536&adf=2104961071&pi=t.aa~a.2135245809~i.27~rp.4&w=696&fwrn=4&fwrnh=100&lmt=1637666658&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=3994875284&psa=0&ad_type=text_image&format=696x280&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rh=174&rw=696&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666658882&bpp=1&bdt=3667&idt=-M&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280&nras=3&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2637&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=1ucOAdKNGM&p=https%3A//mediacyber.id&dtd=40 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:17:06 GMT content-encoding br x-content-type-options nosniff age 433 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13508 x-xss-protection 0 last-modified Mon, 08 Nov 2021 11:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 23 Nov 2022 11:17:06 GMT
GET H2	200	Grammarly-mengumpulkan-200Mn-yang-mengejutkan-dalam-penggalangan-dana-baru.png i0.wp.com/mediacyber.id/wp-content/uploads/2021/11/	5 KB 5 KB	39ms 39ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/mediacyber.id/wp-content/uploads/2021/11/Grammarly-mengumpulkan-200Mn-yang-mengejutkan-dalam-penggalangan-dana-baru.png?resize=150%2C150&ssl=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i0.wp.com Software nginx / Resource Hash 12495e0fef95dbb91c5e4d58770591a6e3eeffa923cb4911ffd0070d3f50a155 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc MISS hhn 4 date Tue, 23 Nov 2021 11:24:19 GMT x-content-type-options nosniff last-modified Tue, 23 Nov 2021 11:24:19 GMT server nginx etag "debe5e94c1138f93" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://mediacyber.id/wp-content/uploads/2021/11/Grammarly-mengumpulkan-200Mn-yang-mengejutkan-dalam-penggalangan-dana-baru.png>; rel="canonical" content-length 5418 expires Thu, 23 Nov 2023 23:24:19 GMT
GET H3	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 6 KB	30ms 29ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7307355418381929&plah=mediacyber.id Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:20 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1624308425655142" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6467 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" expires Tue, 23 Nov 2021 11:24:20 GMT
GET H3	200	lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response pagead2.googlesyndication.com/bg/ Frame C492	35 KB 13 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:17:06 GMT content-encoding br x-content-type-options nosniff age 434 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13508 x-xss-protection 0 last-modified Mon, 08 Nov 2021 11:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 23 Nov 2022 11:17:06 GMT
GET H2	200	1637290257_Apple-akan-mulai-membiarkan-orang-memperbaiki-iPhone-mereka-sendiri.jpg i0.wp.com/mediacyber.id/wp-content/uploads/2021/11/	3 KB 4 KB	28ms 28ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/mediacyber.id/wp-content/uploads/2021/11/1637290257_Apple-akan-mulai-membiarkan-orang-memperbaiki-iPhone-mereka-sendiri.jpg?resize=150%2C150&ssl=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i0.wp.com Software nginx / Resource Hash ab9c9af1a594324a13e6b2831416242fec83ab3b20e6c050846b4faf8ea03ea2 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc MISS hhn 4 date Tue, 23 Nov 2021 11:24:20 GMT x-content-type-options nosniff last-modified Tue, 23 Nov 2021 11:24:20 GMT server nginx etag "0758f5e8f89b5664" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://mediacyber.id/wp-content/uploads/2021/11/1637290257_Apple-akan-mulai-membiarkan-orang-memperbaiki-iPhone-mereka-sendiri.jpg>; rel="canonical" content-length 3344 expires Thu, 23 Nov 2023 23:24:20 GMT
GET H3	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/224/ Frame B7BD	12 KB 5 KB	8ms 8ms	Document text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-length 5029 date Tue, 23 Nov 2021 09:59:49 GMT expires Wed, 23 Nov 2022 09:59:49 GMT last-modified Wed, 02 Jun 2021 17:09:45 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 5071 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	aframe Show response www.google.com/recaptcha/api2/ Frame AAB4	783 B 535 B	20ms 19ms	Document text/html	2a00:1450:4001:828::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 0f4c252c83542f181f5964935bae351ccf36b7febf0ba9db1be76630dba797c5 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-xYfnPSG/QXkD2JvJjsf+Ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ Response headers cross-origin-resource-policy cross-origin cross-origin-embedder-policy require-corp report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} expires Tue, 23 Nov 2021 11:24:20 GMT date Tue, 23 Nov 2021 11:24:20 GMT cache-control private, max-age=300 content-type text/html; charset=utf-8 content-security-policy script-src 'report-sample' 'nonce-xYfnPSG/QXkD2JvJjsf+Ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-length 513 server GSE alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 62F1	0 20 B	46ms 45ms	Image image/gif	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BFcLQY8-cYbzGH9vG7_UPyYSa-AYAAAAAOAHgBAI&bg=!TE-lTwvNAAZQLpa_UC47ACkAdvg8WvBGZF8r987oiXfSqX4apptvi64o1uhNvHumNaQlCwt8c2UIbwIAAAEMUgAAABdoAQcKAILOEE_JkBe9klChvOwmwwh3SMuWc858NXuJwSO00Vy5B5yahbA6_Rb9slzTMqt-CPflkPL9PDd-4937hwP8hzw_UDIF8d42rzscwMWH-Tomkl5G-qsivO7f3TvScmp9IoZeVHKtPinghAOUl5O_37o9ahOlpqvNtMLC_EHJ1V2HdhQHmQKuALIrYX3i8LSartug9UsomvGgCzFMThfVBdbZwxh0VGqVY2VoJwFZd7gAwiXs0gyadGbrZO1Dq4o-1q2PJRp_i1BSxmJhGrwslhlMFKqPisoAhErU--NsuYIYfRJnuJCtkm1hjWu6aCAspt5LMSRIASZQSzQqvRsHjptaE8wwFt8K0VundHz9AU0a7qZ7jIt2pXxjq9N5gAODyMZn55nBiK7NaTBFD7HQdryIpWCeh9tLhyGUw6XJgYA-4sQ95WFTpnKwHn71E-grsexNU6LeGcf81X4GUOIuumXjc8w25klB24IQAhbYK8zE_bDse7dBTBigLcMGJD4aGYlV_3uq_qeIn4RfjGz_VikwTKSf0gD7FTQtE4vdRQx9OxghVGdWM-CRGSFo8GoJ9uOWLKlaL22BHeV_-_qx0_HHASw0rSM50aHLvdhpdfbozXSIP917IZ0CNkgPKNNoemUeUSCUxFPhGF1V3ZK8GQNqy0eE66Owmg-WkKFVQ80-kY91DQLmfmFl0KdSzcWmoXBl0AXyrE_ELcWZofj_N4V1CEEJJh34LgogvqVtV3YINrdi64lkk4keyz3LOLz07V3ZoOWslnlPGhjcDk54m1KNFTpEhtYxPJDZUV8FVAvq7mYm7wVtyiOyZtyziKjg1Vf8py17TSC_9HlFIQIAla6u_URogf5OgJ3RHCioAR-Hhm-CAWqgGlYPqe2VuOkJsgmuens1TsH-H6BYUk8OU6wSm2Go6xHYFw4IKzIDYI3klGwJRCoS0S8m77MwPpjTtMI4zpcd_F2Q-c3Bg4QpHWSnrbEHNhgFZqFDHiBkupEDBbxJGkBvW1zHTkcPD5lV9JjCNJ09niFkWnQfyVT_3jITbyUwtlyIjjMFqMx0ebPPbo6_Ylc7QuVPqHgzvmEPd6z5bWA Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	1637333700_MediaTek-Mengumumkan-Chipset-Dimensity-9000-Tingkat-Unggulan-Untuk-Perangkat-Seluler.jpg i2.wp.com/mediacyber.id/wp-content/uploads/2021/11/	5 KB 5 KB	8ms 7ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i2.wp.com/mediacyber.id/wp-content/uploads/2021/11/1637333700_MediaTek-Mengumumkan-Chipset-Dimensity-9000-Tingkat-Unggulan-Untuk-Perangkat-Seluler.jpg?resize=150%2C150&ssl=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i0.wp.com Software nginx / Resource Hash 46cfe92ee266a546c11137257a418acd51de6ce0f62900920cc0a69cf66312ce Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 2 date Tue, 23 Nov 2021 11:24:20 GMT x-content-type-options nosniff last-modified Tue, 23 Nov 2021 07:48:04 GMT server nginx etag "994ce26cf8e732bd" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://mediacyber.id/wp-content/uploads/2021/11/1637333700_MediaTek-Mengumumkan-Chipset-Dimensity-9000-Tingkat-Unggulan-Untuk-Perangkat-Seluler.jpg>; rel="canonical" content-length 5198 expires Thu, 23 Nov 2023 19:48:04 GMT
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame AAB4	0 0	60ms 59ms	Image text/html	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211111&jk=1351388657282890&rc= Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers
GET H3	200	lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response pagead2.googlesyndication.com/bg/ Frame B7BD	35 KB 13 KB	8ms 7ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:17:06 GMT content-encoding br x-content-type-options nosniff age 434 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13508 x-xss-protection 0 last-modified Mon, 08 Nov 2021 11:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 23 Nov 2022 11:17:06 GMT
GET H2	200	1637575301_Pelayan-robot-membawa-Muslim-Irak-kembali-ke-masa-depan.jpg i2.wp.com/mediacyber.id/wp-content/uploads/2021/11/	7 KB 7 KB	37ms 37ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i2.wp.com/mediacyber.id/wp-content/uploads/2021/11/1637575301_Pelayan-robot-membawa-Muslim-Irak-kembali-ke-masa-depan.jpg?resize=150%2C150&ssl=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i0.wp.com Software nginx / Resource Hash 7573602bf1b123fe33710cc21ea5d601cc66f9a1373ec51a8a9a9784ee0a8506 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc MISS hhn 2 date Tue, 23 Nov 2021 11:24:20 GMT x-content-type-options nosniff last-modified Tue, 23 Nov 2021 11:24:20 GMT server nginx etag "eec98e08dbbbea48" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://mediacyber.id/wp-content/uploads/2021/11/1637575301_Pelayan-robot-membawa-Muslim-Irak-kembali-ke-masa-depan.jpg>; rel="canonical" content-length 6800 expires Thu, 23 Nov 2023 23:24:20 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/	0 20 B	44ms 43ms	Image image/gif	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211111&jk=1351388657282890&bg=!urmluf3NAAZQLpa_UC47ACkAdvg8WolUDkxXvOO0dcsB4c7QmPzYmyf6FRmADg_7Z4azx8NF-dSNkgIAAABkUgAAAAxoAQeZApL60ExLPvBCAiE3IDce8SxTpUL0u2j_sI7RPhGaXfPEOFAB1nN_o_OptsgKuMaXds5lhZ7W6VafvZ9K3pbPfMqKLFYrvaR6ilU81mVAHCXsF7dps_pCMybL-NntlP4MRkNG_W2EAXehTk7In-KbjLBCivXgotBJ4nVzeoS82hFprbCz4emWgrYS4A1MuHfLnqh2D0a7pKMpbNxuShg0OHyRA23E33Jk-tOGZsp3crgFZn2-VJpy2qEen8yBGKE2AloH0wcs3zm7mAc7_B8JSOQbQb5Z3ufzN52dC6SRO1YGbkEjc7QK-wv3cjSWj8oahbb7wJbn-4dqdF8B-fsk2bMx9_LhTEqIheM5CUIyIQFINxFyuS9DvDhcGIefDdDW-bPdNC4K5H7qYXSt02qfc8m38cvTjxdXeofLPQUGV72QQiWc3hdUIt3yt1V2R8ZUmIzsD81MWwrxgqsNSMLeeW7PlFC4TzX0ywwPznvrJNV4pbiQYkzlREoC9Ar49t0Ro_GUXNmkKxVx8MZdSbPg-BXEGDN_ld8ys9Un0xQQUX0YQKIsrPUw4_fyjmuKlXeD_sxFzn8Xjx08vrK1zvrmH0singfhcYqF9ab_1Md5NFR3B0_PBz0XPH4Htqk7-as_ArlHBVH3cAlDSx8mho6f9TuWBncmQEq7irG0rE8t27mC3glQUHAoVOdLBOWPbA6VOmdM4xC5hEU9bOocOBCwxmXmqC9DM5HyKWMoji1wMjCTkcKaoM81K5Uya4WAVkW25OqgtRny_eqfJeVg8cuWZtAtJO_8_yz1EgdANTQjoz8GF1joSaDtJ5etyk2VAuSMhc1BvWeHHjShJ9c_-XTc5hwN2RaCEF7VDyo0LdUVFA3P-1Ch Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame D808	42 B 64 B	42ms 41ms	Fetch image/gif	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstuTRM8wTqETlhZkm7QDNkHK6Cqzm8t-4cRnqVYXYgLy_smyc5CqlyUbWf7yjfGaWlzbFWeil3ddpgjoXj36b_AXAZaS4XeOBtmVHAnXAnoGtpiob1oJA&sai=AMfl-YRsGsRRo49olsNB6QVT3gMi5oswalfCQFUV1EmPab7tJydLZmJn1fG4elv9SBvvlnNa3UWYBorVdFGa&sig=Cg0ArKJSzK7dHYD1NxoIEAE&id=lidar2&mcvt=1002&p=0,0,124,1005&mtos=81,753,1002,1097,1213&tos=81,672,249,95,116&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637666658954&rpt=157&met=mue&wmsd=0 Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	pixel Show response googleads.g.doubleclick.net/xbbe/ Frame 2BFE	624 B 297 B	24ms 23ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiviPm6ATAB&v=APEucNWRaiglpXvX7oRBwVvM1Uico6_MT5buiMKkIODlgv1F_ASsRnh1dpxqP6Y7_AtUYgsoQYH-hOShfbrGqnbULnUm6Dcnj4EJDOn6IImadYpTRy2zJLhRtHxYcW9WmJiOb0PXGy57oEipyBr7EgCfLtQC10nD6t350zxwEEdz5-R2ihIzI_A Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip date Tue, 23 Nov 2021 11:24:20 GMT server cafe cache-control private content-length 276 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	ad Show response googleads.g.doubleclick.net/dbm/ Frame 3CC7	75 KB 31 KB	64ms 63ms	Script text/javascript	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AYMjyO_8AZ2ex0k4VEDjjBsaBxHJ1FvXXPgy5dZYDEu8JbquIyMxtIWSqCSq-DJ7QRIL-tZo_0TN-QP8SrCnBaABAvNoZ0aapJ3cDBWcuNs7eOk2mj-35NN_NNeAuhs-JHcK0mxQ60Gzv0t2lR48bGswDO5Q&dbm_d=AKAmf-CAa_FjU3IpZLQrF2FKhzN-cg2GbRb3JpxEqOZgPqk1AG--5UIGgzxaVNmd58eJvFskdQjMZLImYl0E7XiooyiriyNEk6k6xKchVt8j8apVm86rf1O_pe1aoc78fyCCWr-cw8pWb25-jWI1xihTLe0Qab2zt61JTyEVkxIvnuGKobKZmUJea2-do26v3nNvnM-ZJ3kE8rsuzA2cUPgIsnE0TpYljHXgA1O30HfdMl3wfIpspPskHq5OFGo1zxwYZ8TgA0HycdgqvCjp4m3OiMyLEU5od6Xr-QPb55zqEqvrp_RzkGtF-wHhwwiajrAhsNlP7NvyubhpFhVERCQSXwMb2oaD2FWTjhA9xp_opDOLbEIRHTk-VtqbpNSa7WYFhKJYjmvFh_djeD2xXa5tSF5MgcU0tnlczV_40AdSGxmP5YpscR1i5MaNU4kuJgvcRmqrbwWVKgc8k7C5iLE2S4nnhiPV8mA9mbg54lnunaFkZQyHmoZI5VmZtm3CAsGL66GlKoQAh7A2s2KUnhfKPMP75HjWDwaad3LTZM-CU-wMF37ApiWXcAl-_oLuGzEcxEdvbzE7E6xYN7La0Fs-fCi1bcc0bUv2QaJ2aKCb_prJ24MTkLovaPkJ97ilf766HU8dxNUj7wgBOUQ-HHNVcRaXw2u56TEBDSnRvo9R09sNChbQcF1pnDJdsMEl1851Mfr5dx2XZRy7bed6NRSF0HXX2sczdCc56JybPhalQuW4a2BnWzHjxSVxec62ITgKNWZnOWlMJUxOn-R2q9kBsPJdfufUtP8BksVoVCWG6LrSJxc26uiNidx_W9YroasEJ3c1KxRpkc7tEJySEy_KILvB3kcXOcs2Sk5Y40ZuQv5yzC0U0aLhbqXS9YWDH8N0Hi7dx2fmO5ZqW1jcuE9nEmhYjS0z_keJZtnhtzKXC9m0I-i-wN06TyRYUFE0JK9X6ganoeF8F9ECPAFDh-xE2U2uSdWyrZbX50-hpmOLKPJ7nfp5nSwrsgufLG7Dz4KbKrvetdF0WHhnjhO-t3raAuV9CSmEMoTAU7TDzfWvla89GSsUuv2TKPbzRjiQk1t5lmFPhiOlcj-6aS79OvrpQF1GpXljk_g7OrjGPh2nVED_VKM8j7ATKnOqgMQMFPGvoqX2kKcUWR42XtbCQ72mPlB1084nqX6wfgB8eU80uMdqZvl4YCHPRTRBy9I2kjLAxzq8xpDY8w8nwaqVLKrRbUGesVFklr93L3oZ5hh8guL4_0miNuJYfGC4PV-XcVLA37PnSxolQ2Js6dLScHwB20aHSE_jXh6q6MU50RN_WCmQv6UEGBSWyiQ7vLVbXfnwzvZqnhE509Nh3HdGsXm-F2kxwLriacOW8UXxHAy0ZxjfrFDf3vurHWdJj0HWVhkrthvn8lv0TdfrkLCTpyH27zaBXw3FccZVXY7pJvOJ1421SE5baXOs-nNl2dhDoy4FUfVXnoT-QLV84voZNWOGzBxdYc6hESwKyt8Lu03GtMh-8Xg2HHx-yX5bszPSxShY6FFdpeFYl7t1A8KzbTNgLREB2K6CXQ9gCqxx7j0fDxnbGCZeQxPT-0mNJHEG7WLSoYZsJrBiGwYirprzq3ubrbRl9olQiaMpG1R6h8iG36SeVVJLdko6PJ1-jdsYmClP4QbROnVlaHn0dVqekx09g60sskf8NHMr0AN-L3VDPQjjXPkLOnmQz8EnzE6yIpdnmUZV-rxx0CEpYPxORCM5ETciG6MYvFWcZEfuLNwy-XFknGHFENgWxBnWWCj-30OZSbJXf2ns2P3-cqx9XK478SKw8Ja0A4H9XeN7tQH-Qf7CWaL2kEXWmsiBl8s-5vwKQ0J_0J-z3iMY75V_dT3rHQV5J1gzbkpCp-oQV2kxVreWLRaWDhrgzKuRPGT9YGq26sENvWwMhzcY8ajPGPZfEgz2OL9b1w-U4WH-Gvb1QwJBwpr5zKUQvsfJnYqF05o4m5z7bRrYO_cAcf8STnlYvO_QdX3YJtY-aFAbbRKezJ5da2xK7nDUXHmX0sbkhdBG0wmuP5CinbdWu_yjh1tCOscCVY1FkqQxEuAX7Rmj0ORAFjNP1Qm3ywhLCRyHb7PxT0p5rEeTIzNEWZb98vneApWE4hZaJPX8g-hLFKv4I6dZQR-jlBDs4C-sXvEpcimsUFpCczyx-1sR-oCAxV9rWNwtxn1v7TDz_nSKgEyrGW_TU421fN8fCeY9BgpjStgEYNQ5FmEHvEqMb5lJU_LumeYTfpLu4lTaFMS_E8oswmVClXyzVRQikMHALMoCfFM3K-E6bdGLsmhCMYEi9Hmp84xQcoX2ZjQ9zc5MGwlKTYDevSJRC4U_Z7fs3IVvWVBRnt-pIH25smjJuxwsBZQHMf_3AKZ2-kqNIGHPv58-F8uNsAIoPzfyJXmreuAkmfjWVqe1aAVV9sUzLdg--E-_gg2M6D5EOv96wyqAM576uK7Xc5Kgad-Y3NHCw5zDdAgMGiiW6vHBUyzz13Gpx1sCPYvJVrcWA0gXtRXSkXPUy2Ohw1Qijsks5h5iGDhXyApYmYakg5Adqeml_rLZI1ESq5LUB-54hPLo9iQglb2mHv4IvVQy2Xe_VmlCaK8ffV-N4Q1snICO8iHqDwKyb9caqWCEHzEq-HGR6AJGaPjEWNSuzSzguH2W5jwrf1CNrLzkag52XAzPE2Ba_9QdaeBXxDLWR4ZzuXwrf5kp_gHy9wKU_07Cfz5dQQ5T3WgFxVBSX0cvPsn4hWASnDn_7tifcsVkL8zYSF8q41cwMADTIDQgTmDYF-UWW1xBKegomZ9gGcxdYZYGjTv8umuc-4LzH3hpDgWUgKD2XKJDbdG2Kj5-GXsOOu4OTS4cjbpJGY_ZRQ0pf2nUvxEyK0DMKNAuXxwit0trjzxkE3Ia4zf3uAwXwOeenqB3JALot7N_8ly8gfR7y_0iD9R0PARLjqHdfrbZD9ErDpMjAJNuDHlnWYvPZnEe_B0DTTIpPm0vt5xmenIyJgMxVXo_rkj7gPTQl86mG7Nam1gnwZ5gKGTkNCFSP2pU5ws&cid=CAASEuRo0p6mZBFv40ah1iuj8RbWKA&rfl=2%2Chttps%253A%252F%252Fmediacyber.id%252F%240 Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 8dcc41af3f0b0f41560433622c50b5903eb0d52cd69e957ad0d9f354031e4937 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT content-encoding br x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 31643 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 3CC7	2 KB 1 KB	7ms 6ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:07:21 GMT content-encoding gzip x-content-type-options nosniff age 1019 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1332 x-xss-protection 0 server cafe etag 3351516697335751560 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:07:21 GMT
GET H3	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame 3CC7	119 KB 36 KB	28ms 27ms	Script text/javascript	2a00:1450:4001:82f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:20 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37119 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1636547677202025" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 23 Nov 2021 11:24:20 GMT
GET H3	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 3CC7	15 KB 6 KB	8ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:19:55 GMT content-encoding gzip x-content-type-options nosniff age 265 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6415 x-xss-protection 0 server cafe etag 16810888504096353422 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:19:55 GMT
GET H3	204	l www.google.com/ads/measurement/ Frame 3CC7	0 0	16ms 15ms	Image text/html	2a00:1450:4001:828::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/measurement/l?ebcid=ALh7CaTEET_d1PsAhSHTuHRx6UVlFq_Lhv57Oy1td9ZV4uDsr4A0CdUPY8F6EZhPvDUFXmIp7R638sPViEkNLIhJn0D-Uo12bQ Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers
GET H3	200	gen_204 pagead2.googlesyndication.com/pagead/ Frame 3CC7	42 B 63 B	40ms 40ms	Image image/gif	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ayvb1nPV21zrc6S0a22a46YQuFVkz6_IiRI4I-09wPyzdkmedxjUssAIQ9sxpUhN53ok0TAsOX6zBX_GVb_qdeyTdBIJS42gdpdysqhsOwRo9RU-0 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame 2BFE Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1	43 B 894 B	27ms 27ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiviPm6ATAB&v=APEucNWRaiglpXvX7oRBwVvM1Uico6_MT5buiMKkIODlgv1F_ASsRnh1dpxqP6Y7_AtUYgsoQYH-hOShfbrGqnbULnUm6Dcnj4EJDOn6IImadYpTRy2zJLhRtHxYcW9WmJiOb0PXGy57oEipyBr7EgCfLtQC10nD6t350zxwEEdz5-R2ihIzI_A Protocol HTTP/1.1 Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:20 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 23 Nov 2021 11:24:20 GMT Redirect headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame 2BFE Redirect Chain https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZzPY3tyTaZ-2WbeD14QlgAA https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1	43 B 894 B	32ms 32ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiviPm6ATAB&v=APEucNWRaiglpXvX7oRBwVvM1Uico6_MT5buiMKkIODlgv1F_ASsRnh1dpxqP6Y7_AtUYgsoQYH-hOShfbrGqnbULnUm6Dcnj4EJDOn6IImadYpTRy2zJLhRtHxYcW9WmJiOb0PXGy57oEipyBr7EgCfLtQC10nD6t350zxwEEdz5-R2ihIzI_A Protocol HTTP/1.1 Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:20 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 23 Nov 2021 11:24:20 GMT Redirect headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	setuid ib.adnxs.com/ Frame 2BFE Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm https://ib.adnxs.com/setuid?entity=101&code=CAESEI25v9kUAJST-9uC0uW4IjA&google_cver=1	43 B 1004 B	12ms 12ms	Image image/gif	185.33.220.241 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/setuid?entity=101&code=CAESEI25v9kUAJST-9uC0uW4IjA&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiviPm6ATAB&v=APEucNWRaiglpXvX7oRBwVvM1Uico6_MT5buiMKkIODlgv1F_ASsRnh1dpxqP6Y7_AtUYgsoQYH-hOShfbrGqnbULnUm6Dcnj4EJDOn6IImadYpTRy2zJLhRtHxYcW9WmJiOb0PXGy57oEipyBr7EgCfLtQC10nD6t350zxwEEdz5-R2ihIzI_A Protocol HTTP/1.1 Server 185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US), Reverse DNS 732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.17.9 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:20 GMT X-Proxy-Origin 213.239.209.3; 213.239.209.3; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com AN-X-Request-Uuid 4d696120-f99c-4b75-b251-e9b5e0897116 Server nginx/1.17.9 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Cache-Control no-store, no-cache, private Connection keep-alive Content-Type image/gif Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://ib.adnxs.com/setuid?entity=101&code=CAESEI25v9kUAJST-9uC0uW4IjA&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 290 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame 2BFE Redirect Chain https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA5NDA5NTI1MjA4Mzk0OTkzMg%3D%3D	170 B 188 B	32ms 32ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA5NDA5NTI1MjA4Mzk0OTkzMg%3D%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiviPm6ATAB&v=APEucNWRaiglpXvX7oRBwVvM1Uico6_MT5buiMKkIODlgv1F_ASsRnh1dpxqP6Y7_AtUYgsoQYH-hOShfbrGqnbULnUm6Dcnj4EJDOn6IImadYpTRy2zJLhRtHxYcW9WmJiOb0PXGy57oEipyBr7EgCfLtQC10nD6t350zxwEEdz5-R2ihIzI_A Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:20 GMT X-Proxy-Origin 213.239.209.3; 213.239.209.3; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com AN-X-Request-Uuid febb06be-1321-4917-81ea-8f5e42f549c6 Server nginx/1.17.9 Access-Control-Allow-Origin * P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Location https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA5NDA5NTI1MjA4Mzk0OTkzMg%3D%3D Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/html; charset=utf-8 Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H3	200	html_inpage_rendering_lib_200_275.js Show response s0.2mdn.net/879366/ Frame 3CC7	169 KB 59 KB	22ms 7ms	Script text/javascript	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Origin https://googleads.g.doubleclick.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 10:03:52 GMT content-encoding gzip x-content-type-options nosniff age 4828 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 60173 x-xss-protection 0 last-modified Mon, 27 Sep 2021 18:44:51 GMT server sffe vary Accept-Encoding report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Wed, 24 Nov 2021 10:03:52 GMT
GET H3	200	omrhp.js Show response pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame 3CC7	8 KB 3 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AYMjyO_8AZ2ex0k4VEDjjBsaBxHJ1FvXXPgy5dZYDEu8JbquIyMxtIWSqCSq-DJ7QRIL-tZo_0TN-QP8SrCnBaABAvNoZ0aapJ3cDBWcuNs7eOk2mj-35NN_NNeAuhs-JHcK0mxQ60Gzv0t2lR48bGswDO5Q&dbm_d=AKAmf-CAa_FjU3IpZLQrF2FKhzN-cg2GbRb3JpxEqOZgPqk1AG--5UIGgzxaVNmd58eJvFskdQjMZLImYl0E7XiooyiriyNEk6k6xKchVt8j8apVm86rf1O_pe1aoc78fyCCWr-cw8pWb25-jWI1xihTLe0Qab2zt61JTyEVkxIvnuGKobKZmUJea2-do26v3nNvnM-ZJ3kE8rsuzA2cUPgIsnE0TpYljHXgA1O30HfdMl3wfIpspPskHq5OFGo1zxwYZ8TgA0HycdgqvCjp4m3OiMyLEU5od6Xr-QPb55zqEqvrp_RzkGtF-wHhwwiajrAhsNlP7NvyubhpFhVERCQSXwMb2oaD2FWTjhA9xp_opDOLbEIRHTk-VtqbpNSa7WYFhKJYjmvFh_djeD2xXa5tSF5MgcU0tnlczV_40AdSGxmP5YpscR1i5MaNU4kuJgvcRmqrbwWVKgc8k7C5iLE2S4nnhiPV8mA9mbg54lnunaFkZQyHmoZI5VmZtm3CAsGL66GlKoQAh7A2s2KUnhfKPMP75HjWDwaad3LTZM-CU-wMF37ApiWXcAl-_oLuGzEcxEdvbzE7E6xYN7La0Fs-fCi1bcc0bUv2QaJ2aKCb_prJ24MTkLovaPkJ97ilf766HU8dxNUj7wgBOUQ-HHNVcRaXw2u56TEBDSnRvo9R09sNChbQcF1pnDJdsMEl1851Mfr5dx2XZRy7bed6NRSF0HXX2sczdCc56JybPhalQuW4a2BnWzHjxSVxec62ITgKNWZnOWlMJUxOn-R2q9kBsPJdfufUtP8BksVoVCWG6LrSJxc26uiNidx_W9YroasEJ3c1KxRpkc7tEJySEy_KILvB3kcXOcs2Sk5Y40ZuQv5yzC0U0aLhbqXS9YWDH8N0Hi7dx2fmO5ZqW1jcuE9nEmhYjS0z_keJZtnhtzKXC9m0I-i-wN06TyRYUFE0JK9X6ganoeF8F9ECPAFDh-xE2U2uSdWyrZbX50-hpmOLKPJ7nfp5nSwrsgufLG7Dz4KbKrvetdF0WHhnjhO-t3raAuV9CSmEMoTAU7TDzfWvla89GSsUuv2TKPbzRjiQk1t5lmFPhiOlcj-6aS79OvrpQF1GpXljk_g7OrjGPh2nVED_VKM8j7ATKnOqgMQMFPGvoqX2kKcUWR42XtbCQ72mPlB1084nqX6wfgB8eU80uMdqZvl4YCHPRTRBy9I2kjLAxzq8xpDY8w8nwaqVLKrRbUGesVFklr93L3oZ5hh8guL4_0miNuJYfGC4PV-XcVLA37PnSxolQ2Js6dLScHwB20aHSE_jXh6q6MU50RN_WCmQv6UEGBSWyiQ7vLVbXfnwzvZqnhE509Nh3HdGsXm-F2kxwLriacOW8UXxHAy0ZxjfrFDf3vurHWdJj0HWVhkrthvn8lv0TdfrkLCTpyH27zaBXw3FccZVXY7pJvOJ1421SE5baXOs-nNl2dhDoy4FUfVXnoT-QLV84voZNWOGzBxdYc6hESwKyt8Lu03GtMh-8Xg2HHx-yX5bszPSxShY6FFdpeFYl7t1A8KzbTNgLREB2K6CXQ9gCqxx7j0fDxnbGCZeQxPT-0mNJHEG7WLSoYZsJrBiGwYirprzq3ubrbRl9olQiaMpG1R6h8iG36SeVVJLdko6PJ1-jdsYmClP4QbROnVlaHn0dVqekx09g60sskf8NHMr0AN-L3VDPQjjXPkLOnmQz8EnzE6yIpdnmUZV-rxx0CEpYPxORCM5ETciG6MYvFWcZEfuLNwy-XFknGHFENgWxBnWWCj-30OZSbJXf2ns2P3-cqx9XK478SKw8Ja0A4H9XeN7tQH-Qf7CWaL2kEXWmsiBl8s-5vwKQ0J_0J-z3iMY75V_dT3rHQV5J1gzbkpCp-oQV2kxVreWLRaWDhrgzKuRPGT9YGq26sENvWwMhzcY8ajPGPZfEgz2OL9b1w-U4WH-Gvb1QwJBwpr5zKUQvsfJnYqF05o4m5z7bRrYO_cAcf8STnlYvO_QdX3YJtY-aFAbbRKezJ5da2xK7nDUXHmX0sbkhdBG0wmuP5CinbdWu_yjh1tCOscCVY1FkqQxEuAX7Rmj0ORAFjNP1Qm3ywhLCRyHb7PxT0p5rEeTIzNEWZb98vneApWE4hZaJPX8g-hLFKv4I6dZQR-jlBDs4C-sXvEpcimsUFpCczyx-1sR-oCAxV9rWNwtxn1v7TDz_nSKgEyrGW_TU421fN8fCeY9BgpjStgEYNQ5FmEHvEqMb5lJU_LumeYTfpLu4lTaFMS_E8oswmVClXyzVRQikMHALMoCfFM3K-E6bdGLsmhCMYEi9Hmp84xQcoX2ZjQ9zc5MGwlKTYDevSJRC4U_Z7fs3IVvWVBRnt-pIH25smjJuxwsBZQHMf_3AKZ2-kqNIGHPv58-F8uNsAIoPzfyJXmreuAkmfjWVqe1aAVV9sUzLdg--E-_gg2M6D5EOv96wyqAM576uK7Xc5Kgad-Y3NHCw5zDdAgMGiiW6vHBUyzz13Gpx1sCPYvJVrcWA0gXtRXSkXPUy2Ohw1Qijsks5h5iGDhXyApYmYakg5Adqeml_rLZI1ESq5LUB-54hPLo9iQglb2mHv4IvVQy2Xe_VmlCaK8ffV-N4Q1snICO8iHqDwKyb9caqWCEHzEq-HGR6AJGaPjEWNSuzSzguH2W5jwrf1CNrLzkag52XAzPE2Ba_9QdaeBXxDLWR4ZzuXwrf5kp_gHy9wKU_07Cfz5dQQ5T3WgFxVBSX0cvPsn4hWASnDn_7tifcsVkL8zYSF8q41cwMADTIDQgTmDYF-UWW1xBKegomZ9gGcxdYZYGjTv8umuc-4LzH3hpDgWUgKD2XKJDbdG2Kj5-GXsOOu4OTS4cjbpJGY_ZRQ0pf2nUvxEyK0DMKNAuXxwit0trjzxkE3Ia4zf3uAwXwOeenqB3JALot7N_8ly8gfR7y_0iD9R0PARLjqHdfrbZD9ErDpMjAJNuDHlnWYvPZnEe_B0DTTIpPm0vt5xmenIyJgMxVXo_rkj7gPTQl86mG7Nam1gnwZ5gKGTkNCFSP2pU5ws&cid=CAASEuRo0p6mZBFv40ah1iuj8RbWKA&rfl=2%2Chttps%253A%252F%252Fmediacyber.id%252F%240 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:16:16 GMT content-encoding gzip x-content-type-options nosniff age 484 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 3140 x-xss-protection 0 server cafe etag 17163059639670574047 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:16:16 GMT
GET H3	200	abg_lite.js Show response pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 3CC7	24 KB 9 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AYMjyO_8AZ2ex0k4VEDjjBsaBxHJ1FvXXPgy5dZYDEu8JbquIyMxtIWSqCSq-DJ7QRIL-tZo_0TN-QP8SrCnBaABAvNoZ0aapJ3cDBWcuNs7eOk2mj-35NN_NNeAuhs-JHcK0mxQ60Gzv0t2lR48bGswDO5Q&dbm_d=AKAmf-CAa_FjU3IpZLQrF2FKhzN-cg2GbRb3JpxEqOZgPqk1AG--5UIGgzxaVNmd58eJvFskdQjMZLImYl0E7XiooyiriyNEk6k6xKchVt8j8apVm86rf1O_pe1aoc78fyCCWr-cw8pWb25-jWI1xihTLe0Qab2zt61JTyEVkxIvnuGKobKZmUJea2-do26v3nNvnM-ZJ3kE8rsuzA2cUPgIsnE0TpYljHXgA1O30HfdMl3wfIpspPskHq5OFGo1zxwYZ8TgA0HycdgqvCjp4m3OiMyLEU5od6Xr-QPb55zqEqvrp_RzkGtF-wHhwwiajrAhsNlP7NvyubhpFhVERCQSXwMb2oaD2FWTjhA9xp_opDOLbEIRHTk-VtqbpNSa7WYFhKJYjmvFh_djeD2xXa5tSF5MgcU0tnlczV_40AdSGxmP5YpscR1i5MaNU4kuJgvcRmqrbwWVKgc8k7C5iLE2S4nnhiPV8mA9mbg54lnunaFkZQyHmoZI5VmZtm3CAsGL66GlKoQAh7A2s2KUnhfKPMP75HjWDwaad3LTZM-CU-wMF37ApiWXcAl-_oLuGzEcxEdvbzE7E6xYN7La0Fs-fCi1bcc0bUv2QaJ2aKCb_prJ24MTkLovaPkJ97ilf766HU8dxNUj7wgBOUQ-HHNVcRaXw2u56TEBDSnRvo9R09sNChbQcF1pnDJdsMEl1851Mfr5dx2XZRy7bed6NRSF0HXX2sczdCc56JybPhalQuW4a2BnWzHjxSVxec62ITgKNWZnOWlMJUxOn-R2q9kBsPJdfufUtP8BksVoVCWG6LrSJxc26uiNidx_W9YroasEJ3c1KxRpkc7tEJySEy_KILvB3kcXOcs2Sk5Y40ZuQv5yzC0U0aLhbqXS9YWDH8N0Hi7dx2fmO5ZqW1jcuE9nEmhYjS0z_keJZtnhtzKXC9m0I-i-wN06TyRYUFE0JK9X6ganoeF8F9ECPAFDh-xE2U2uSdWyrZbX50-hpmOLKPJ7nfp5nSwrsgufLG7Dz4KbKrvetdF0WHhnjhO-t3raAuV9CSmEMoTAU7TDzfWvla89GSsUuv2TKPbzRjiQk1t5lmFPhiOlcj-6aS79OvrpQF1GpXljk_g7OrjGPh2nVED_VKM8j7ATKnOqgMQMFPGvoqX2kKcUWR42XtbCQ72mPlB1084nqX6wfgB8eU80uMdqZvl4YCHPRTRBy9I2kjLAxzq8xpDY8w8nwaqVLKrRbUGesVFklr93L3oZ5hh8guL4_0miNuJYfGC4PV-XcVLA37PnSxolQ2Js6dLScHwB20aHSE_jXh6q6MU50RN_WCmQv6UEGBSWyiQ7vLVbXfnwzvZqnhE509Nh3HdGsXm-F2kxwLriacOW8UXxHAy0ZxjfrFDf3vurHWdJj0HWVhkrthvn8lv0TdfrkLCTpyH27zaBXw3FccZVXY7pJvOJ1421SE5baXOs-nNl2dhDoy4FUfVXnoT-QLV84voZNWOGzBxdYc6hESwKyt8Lu03GtMh-8Xg2HHx-yX5bszPSxShY6FFdpeFYl7t1A8KzbTNgLREB2K6CXQ9gCqxx7j0fDxnbGCZeQxPT-0mNJHEG7WLSoYZsJrBiGwYirprzq3ubrbRl9olQiaMpG1R6h8iG36SeVVJLdko6PJ1-jdsYmClP4QbROnVlaHn0dVqekx09g60sskf8NHMr0AN-L3VDPQjjXPkLOnmQz8EnzE6yIpdnmUZV-rxx0CEpYPxORCM5ETciG6MYvFWcZEfuLNwy-XFknGHFENgWxBnWWCj-30OZSbJXf2ns2P3-cqx9XK478SKw8Ja0A4H9XeN7tQH-Qf7CWaL2kEXWmsiBl8s-5vwKQ0J_0J-z3iMY75V_dT3rHQV5J1gzbkpCp-oQV2kxVreWLRaWDhrgzKuRPGT9YGq26sENvWwMhzcY8ajPGPZfEgz2OL9b1w-U4WH-Gvb1QwJBwpr5zKUQvsfJnYqF05o4m5z7bRrYO_cAcf8STnlYvO_QdX3YJtY-aFAbbRKezJ5da2xK7nDUXHmX0sbkhdBG0wmuP5CinbdWu_yjh1tCOscCVY1FkqQxEuAX7Rmj0ORAFjNP1Qm3ywhLCRyHb7PxT0p5rEeTIzNEWZb98vneApWE4hZaJPX8g-hLFKv4I6dZQR-jlBDs4C-sXvEpcimsUFpCczyx-1sR-oCAxV9rWNwtxn1v7TDz_nSKgEyrGW_TU421fN8fCeY9BgpjStgEYNQ5FmEHvEqMb5lJU_LumeYTfpLu4lTaFMS_E8oswmVClXyzVRQikMHALMoCfFM3K-E6bdGLsmhCMYEi9Hmp84xQcoX2ZjQ9zc5MGwlKTYDevSJRC4U_Z7fs3IVvWVBRnt-pIH25smjJuxwsBZQHMf_3AKZ2-kqNIGHPv58-F8uNsAIoPzfyJXmreuAkmfjWVqe1aAVV9sUzLdg--E-_gg2M6D5EOv96wyqAM576uK7Xc5Kgad-Y3NHCw5zDdAgMGiiW6vHBUyzz13Gpx1sCPYvJVrcWA0gXtRXSkXPUy2Ohw1Qijsks5h5iGDhXyApYmYakg5Adqeml_rLZI1ESq5LUB-54hPLo9iQglb2mHv4IvVQy2Xe_VmlCaK8ffV-N4Q1snICO8iHqDwKyb9caqWCEHzEq-HGR6AJGaPjEWNSuzSzguH2W5jwrf1CNrLzkag52XAzPE2Ba_9QdaeBXxDLWR4ZzuXwrf5kp_gHy9wKU_07Cfz5dQQ5T3WgFxVBSX0cvPsn4hWASnDn_7tifcsVkL8zYSF8q41cwMADTIDQgTmDYF-UWW1xBKegomZ9gGcxdYZYGjTv8umuc-4LzH3hpDgWUgKD2XKJDbdG2Kj5-GXsOOu4OTS4cjbpJGY_ZRQ0pf2nUvxEyK0DMKNAuXxwit0trjzxkE3Ia4zf3uAwXwOeenqB3JALot7N_8ly8gfR7y_0iD9R0PARLjqHdfrbZD9ErDpMjAJNuDHlnWYvPZnEe_B0DTTIpPm0vt5xmenIyJgMxVXo_rkj7gPTQl86mG7Nam1gnwZ5gKGTkNCFSP2pU5ws&cid=CAASEuRo0p6mZBFv40ah1iuj8RbWKA&rfl=2%2Chttps%253A%252F%252Fmediacyber.id%252F%240 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:22:42 GMT content-encoding gzip x-content-type-options nosniff age 98 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9475 x-xss-protection 0 server cafe etag 15988442915344899701 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:22:42 GMT
GET H3	200	UFYwWwmt.js Show response tpc.googlesyndication.com/sodar/ Frame 3CC7	41 KB 15 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 19 Nov 2021 12:35:12 GMT content-encoding gzip x-content-type-options nosniff age 341348 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15207 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" expires Sat, 19 Nov 2022 12:35:12 GMT
GET H3	200	cookie_push_onload.html Show response pagead2.googlesyndication.com/pagead/s/ Frame 2F81	1 KB 749 B	9ms 9ms	Document text/html	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Mon, 22 Nov 2021 13:26:12 GMT expires Tue, 23 Nov 2021 13:26:12 GMT content-type text/html; charset=UTF-8 etag 48472445140208031 x-content-type-options nosniff content-encoding gzip server cafe content-length 724 x-xss-protection 0 age 79088 cache-control public, max-age=86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET DATA	200 OK	truncated / Frame 3CC7	212 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ae65dd045da6e7b2ee98a094237e93f1a43692dea0d1c8de152d0be550ace330 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET H3	200	Enqz_20U.html Show response tpc.googlesyndication.com/sodar/ Frame 3571	22 KB 8 KB	7ms 7ms	Document text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Enqz_20U.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} timing-allow-origin * content-length 8395 date Fri, 19 Nov 2021 12:35:14 GMT expires Sat, 19 Nov 2022 12:35:14 GMT last-modified Tue, 03 Mar 2020 20:15:00 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 341346 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	300x050.html Show response s0.2mdn.net/sadbundle/4773889544820883456/ Frame 601A	42 KB 10 KB	16ms 15ms	Document text/html	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/sadbundle/4773889544820883456/300x050.html?e=69&leftOffset=0&topOffset=0&c=7O6nzbP9g8&t=1&renderingType=2 Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3c0719d1aada353e454a4cea13060ffef6b8daa5b638d8a4ef1ff9cc597fd85b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers accept-ranges bytes vary Accept-Encoding content-type text/html access-control-allow-origin * cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} timing-allow-origin * date Tue, 23 Nov 2021 11:24:20 GMT expires Wed, 23 Nov 2022 11:24:20 GMT cache-control public, max-age=31536000 last-modified Fri, 11 Jun 2021 18:35:44 GMT x-content-type-options nosniff x-dns-prefetch-control off content-encoding gzip server sffe x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST H3	200	view googleads4.g.doubleclick.net/pcs/ Frame 3CC7	0 24 B	49ms 49ms	Ping image/gif	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssZ5irY8tecelm7lADTo0UiUi_jC2BZ5Wll4ADaifrFFiZdPe2HEn8Q5IT4nrUX_kdftzGmWJskyzTsJFgZ--WLRqg5roku_bJz3tfhBQiXKSv4kmCyckmETvNWD4PIUJs3rAtWJ8hzs1lK4zddhK6s_Gq7nG0juPAfnlJMjtYj3mQVD_a51DdM-HxkxFaavEW9qLmQ4GiqYi4aiLTAs1DNSpt5Q6pkbwRAoWKU7VtL6BgAZ5BJ6OgdrFDvuqjJYUUrmbvNocb4pevzBodItQ0qjUq3tiuLutIKzyBAPqUtxSmAYTJR9RvBp6Z60x47Vu0FtT0Ai0btpa6x3ERxHaL5dmPzwk2VHjrN70wK6tSr6PF-vxUZY9XWzQvGwZY04ejUaZA7jOztUoarI2YQkZ7ypLIBXf3qzDzfuWnuq0d34xGk3f6SniIAsoL6YwZi_rLcN2A6ja6Xky4yh7uXwPoiqXgUk0zxtEKmK_i1lhaKhLbaK5LH1AaOWxA-D55TD9PbEqkAxpaovcj7Mw4tyXkiP0tMv8MmjTauF7pOiFcJ0mtpOIPXIbkz0oZTKhbnfE1q9cgDuHheyvxxskgiqoJGV3jwvaMwUtKFrxJXr2iKj6EIiBGeTR1qf_uC3HT2qjrc3sdr2RafjQAOWFJBcbGwK9QKMmqOZpBMp-tL8L_uj0XI1337hXLLIm1rwXFGIFcGFIeJWix7vILENQFC2xaA3RibWfsdmhTKwjDD7sny0F2s5C3rYUeSSswQdzciNOITRz3hqETioBcqfy_r8b3n0KEFWiXt2rQDR5nlBmua2nv4uE4Mo5ZIIHa065rKUYm3knbchcXH__4WqWO5GF2bqnvK4aAxHEGBs09Tu4rG8eQDmnc_vXGApEHuFBTBupf2kjQDPgWVKt_5bcQ1hgatnfW1YyIs4BH0ddOIKnLyrQlCQCVSaLBT077qp8Awg19xMwrBpL8gC8l2FffGoE0RsMhlvuAiqBDOT4T50IC9Xdl4TJJ3-2vjPlTIxaMNHXnTxFE3SkOySnXG3Z690U700F_8rVcff3OuQqA4GD8SgfzoWABd0u44Xy7cQYSTyTiAr0wTPPYFP_KoZoJyC-hCZ9OZbhbqxd_iMaYqUu6M-ybfc9ONgxKMnD29Nbq0Jai23gDgXIBtGnkTpcIFZxcRwJgX4-FQU1puTjDoXCTQ6LWWGA&sai=AMfl-YT6qy8X6qAhrgQzrzkvGDl9uo3z1DMQU1_Ibf1glK5D09nUxk5F5YgrB5nqn3O6S0MACqQt7nIyZ_l2Ry5WUQkge8FlpwgsbjQeJhuCn4n1ECJnc4a8_td4AEacGm7bL__EOTBBJ4TL5uydQzUkBOxiNstFNw&sig=Cg0ArKJSzHP2ezOqkV6CEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=117&cbvp=1&cstd=114&cisv=r20211111.59787&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl= Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers timing-allow-origin * content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version date Tue, 23 Nov 2021 11:24:20 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe
GET H2	200	466606.gif id.rlcdn.com/ Frame 2F81	42 B 316 B	16ms 15ms	Image image/gif	35.244.174.68 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPKWre91xzjIr-8nwo5KoAJX4UYsqzdl26L5VCgQYWeydXx0cHIwQinSUW50B3CsE_n6bz9Ggbv1X3r1CexuHExeKbQzWow&google_gid=CAESEP1pWyX3UzlsbliU1tvmKNM&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:20 GMT via 1.1 google p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" cache-control no-cache, no-store content-type image/gif alt-svc clear content-length 42
GET H2	200	sync odr.mookie1.com/t/v2/ Frame 2F81	43 B 106 B	18ms 16ms	Image image/gif	34.98.67.61 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEEZuGljDEzmR-G7qP4O3QAA&google_push=AYg5qPLu2BkRL1vkCIvHHt-uibUbCPiIIf6RyUo2oGDzhJIBxv6bsPsrFG0JJXSLZ9fcfGL7UndZlmZipSRo_NNGCFlZ9D0_IMs&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 61.67.98.34.bc.googleusercontent.com Software Apache / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT via 1.1 google server Apache p3p CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml" cache-control no-cache, no-store, must-revalidate content-type image/gif;charset=UTF-8 alt-svc clear content-length 43 x-application-context application expires Thu, 01 Jan 1970 00:00:00 GMT
GET H3	200	sd us-u.openx.net/w/1.0/ Frame 2F81 Redirect Chain https://us-u.openx.net/w/1.0/pd?ph=bbb82fae-1d27-4d90-bb10-e24164ecd7bc&google_gid=CAESEAnxbK5XyZ7Jex1Ci0oKCjI&google_cver=1&google_push=AYg5qPLvxPBFovwbN3H2P0rOpG_03Z3Pcjs-TlGdKkXW_o3YhsgAECE8mSli... https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGpS98nyiEschZrvpjEmqJU&google_cver=1	43 B 61 B	27ms 17ms	Image image/gif	34.98.64.218 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGpS98nyiEschZrvpjEmqJU&google_cver=1 Protocol H3 Server 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 218.64.98.34.bc.googleusercontent.com Software OXGW/16.218.0 / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT via 1.1 google server OXGW/16.218.0 vary Accept p3p CP="CUR ADM OUR NOR STA NID" cache-control private, max-age=0, no-cache content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 43 expires Mon, 26 Jul 1997 05:00:00 GMT Redirect headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGpS98nyiEschZrvpjEmqJU&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 295 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame 2F81 Redirect Chain https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%... https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...	170 B 188 B	31ms 31ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLb3Rwgwg1tcpph8IddIAN7GLB9MHgGMdcxNPzFeLo-CaMgfydSS3U4z9V-8OBc1E7LABV1yIg_ep1IkBFMQj_bX135dwQ Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLb3Rwgwg1tcpph8IddIAN7GLB9MHgGMdcxNPzFeLo-CaMgfydSS3U4z9V-8OBc1E7LABV1yIg_ep1IkBFMQj_bX135dwQ date Tue, 23 Nov 2021 11:24:20 GMT p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" content-length 0 content-type text/html; charset=UTF-8
GET H3	200	pixel cm.g.doubleclick.net/ Frame 2F81 Redirect Chain https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIwOoMqNWbfvxxrI-yNfKi8&google_cver=1&google_push=AYg5qPJ4Jv-Yb-BCGeaicKrchaSsLHTy7GopHtI6veGM24VgVcofR4xvNd4YWbxPZP9gkOO7flE... https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcyTFMtMUItSldTNg==&google_push=AYg5qPJ4Jv-Yb-BCGeaicKrchaSsLHTy7GopHtI6veGM24VgVcofR4xvNd4YWbxPZP9gkOO7flEQlp9OMoUrdIf28f-X-_-bu-0	170 B 188 B	18ms 18ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcyTFMtMUItSldTNg==&google_push=AYg5qPJ4Jv-Yb-BCGeaicKrchaSsLHTy7GopHtI6veGM24VgVcofR4xvNd4YWbxPZP9gkOO7flEQlp9OMoUrdIf28f-X-_-bu-0 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Location https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1dDMEcyTFMtMUItSldTNg==&google_push=AYg5qPJ4Jv-Yb-BCGeaicKrchaSsLHTy7GopHtI6veGM24VgVcofR4xvNd4YWbxPZP9gkOO7flEQlp9OMoUrdIf28f-X-_-bu-0 Cache-Control no-cache,no-store,must-revalidate Content-Type text/html content-length 0 X-RPHost 6734403d2cb3625dc1fef1bbd4a17cf3 Expires 0
GET		pixel cm.g.doubleclick.net/ Frame 2F81 Redirect Chain https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1&googl... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcr...	0 0
GET H2	200	trk ag.innovid.com/ Frame 2F81	43 B 296 B	352ms 95ms	Image image/gif	2600:1f18:445b:903:68ae:f7eb:4da6:da40 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://ag.innovid.com/trk?tid=11711&google_gid=CAESENod3C7X6o3nwGwCl63srVg&google_cver=1&google_push=AYg5qPJFfXFSMRe3HFvEwp9HYHkN5lz4NfPEOIdZ4IUIw9i-A9RRIDidAmy3azPYZCqvX8VG3RaeyY1IJW8ujTO8G0rhxL5xhg Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:1f18:445b:903:68ae:f7eb:4da6:da40 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT cache-control no-cache content-type image/gif content-length 43 request-time 0 expires -1
GET H3	204	attr cm.g.doubleclick.net/pixel/ Frame 2F81	0 12 B	30ms 30ms	Image text/html	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J_qjujXXufSz2UWcCvkmB_mD_ibORDlGWNLvgQlvzvfha1v-fJerhJn11j2v6sXUdlaMZY Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=60&slotname=5930711040&adk=2026082355&adf=1737328691&pi=t.ma~as.5930711040&w=468&lmt=1637666659&psa=1&format=468x60&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659888&bpp=1&bdt=4674&idt=0&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124%2C728x90&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=380&ady=3329&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&cms=2&fu=0&bc=31&ifi=9&uci=a!9&btvi=5&fsb=1&xpc=QUNZoC1YGz&p=https%3A//mediacyber.id&dtd=3 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 content-type text/html
GET H3	200	lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response pagead2.googlesyndication.com/bg/ Frame 3571	35 KB 13 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:17:06 GMT content-encoding br x-content-type-options nosniff age 434 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13508 x-xss-protection 0 last-modified Mon, 08 Nov 2021 11:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 23 Nov 2022 11:17:06 GMT
GET H3	200	Enabler_01_245.js Show response s0.2mdn.net/879366/ Frame 601A	110 KB 38 KB	8ms 7ms	Script text/javascript	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/879366/Enabler_01_245.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/4773889544820883456/300x050.html?e=69&leftOffset=0&topOffset=0&c=7O6nzbP9g8&t=1&renderingType=2 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/4773889544820883456/300x050.html?e=69&leftOffset=0&topOffset=0&c=7O6nzbP9g8&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 22 Nov 2021 13:18:01 GMT content-encoding gzip x-content-type-options nosniff age 79579 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 38568 x-xss-protection 0 last-modified Wed, 14 Oct 2020 19:32:54 GMT server sffe vary Accept-Encoding report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 13:18:01 GMT
GET H3	200	gsap_3.5.1_min.js Show response s0.2mdn.net/ads/studio/cached_libs/ Frame 601A	60 KB 24 KB	17ms 17ms	Script text/javascript	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/4773889544820883456/300x050.html?e=69&leftOffset=0&topOffset=0&c=7O6nzbP9g8&t=1&renderingType=2 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/4773889544820883456/300x050.html?e=69&leftOffset=0&topOffset=0&c=7O6nzbP9g8&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:20 GMT content-encoding gzip x-content-type-options nosniff age 0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 24155 x-xss-protection 0 last-modified Mon, 31 Aug 2020 21:23:17 GMT server sffe vary Accept-Encoding report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=0 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 11:24:20 GMT
POST H3	200	view googleads4.g.doubleclick.net/pcs/ Frame 3CC7	0 23 B	44ms 43ms	Ping image/gif	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssZ5irY8tecelm7lADTo0UiUi_jC2BZ5Wll4ADaifrFFiZdPe2HEn8Q5IT4nrUX_kdftzGmWJskyzTsJFgZ--WLRqg5roku_bJz3tfhBQiXKSv4kmCyckmETvNWD4PIUJs3rAtWJ8hzs1lK4zddhK6s_Gq7nG0juPAfnlJMjtYj3mQVD_a51DdM-HxkxFaavEW9qLmQ4GiqYi4aiLTAs1DNSpt5Q6pkbwRAoWKU7VtL6BgAZ5BJ6OgdrFDvuqjJYUUrmbvNocb4pevzBodItQ0qjUq3tiuLutIKzyBAPqUtxSmAYTJR9RvBp6Z60x47Vu0FtT0Ai0btpa6x3ERxHaL5dmPzwk2VHjrN70wK6tSr6PF-vxUZY9XWzQvGwZY04ejUaZA7jOztUoarI2YQkZ7ypLIBXf3qzDzfuWnuq0d34xGk3f6SniIAsoL6YwZi_rLcN2A6ja6Xky4yh7uXwPoiqXgUk0zxtEKmK_i1lhaKhLbaK5LH1AaOWxA-D55TD9PbEqkAxpaovcj7Mw4tyXkiP0tMv8MmjTauF7pOiFcJ0mtpOIPXIbkz0oZTKhbnfE1q9cgDuHheyvxxskgiqoJGV3jwvaMwUtKFrxJXr2iKj6EIiBGeTR1qf_uC3HT2qjrc3sdr2RafjQAOWFJBcbGwK9QKMmqOZpBMp-tL8L_uj0XI1337hXLLIm1rwXFGIFcGFIeJWix7vILENQFC2xaA3RibWfsdmhTKwjDD7sny0F2s5C3rYUeSSswQdzciNOITRz3hqETioBcqfy_r8b3n0KEFWiXt2rQDR5nlBmua2nv4uE4Mo5ZIIHa065rKUYm3knbchcXH__4WqWO5GF2bqnvK4aAxHEGBs09Tu4rG8eQDmnc_vXGApEHuFBTBupf2kjQDPgWVKt_5bcQ1hgatnfW1YyIs4BH0ddOIKnLyrQlCQCVSaLBT077qp8Awg19xMwrBpL8gC8l2FffGoE0RsMhlvuAiqBDOT4T50IC9Xdl4TJJ3-2vjPlTIxaMNHXnTxFE3SkOySnXG3Z690U700F_8rVcff3OuQqA4GD8SgfzoWABd0u44Xy7cQYSTyTiAr0wTPPYFP_KoZoJyC-hCZ9OZbhbqxd_iMaYqUu6M-ybfc9ONgxKMnD29Nbq0Jai23gDgXIBtGnkTpcIFZxcRwJgX4-FQU1puTjDoXCTQ6LWWGA&sai=AMfl-YT6qy8X6qAhrgQzrzkvGDl9uo3z1DMQU1_Ibf1glK5D09nUxk5F5YgrB5nqn3O6S0MACqQt7nIyZ_l2Ry5WUQkge8FlpwgsbjQeJhuCn4n1ECJnc4a8_td4AEacGm7bL__EOTBBJ4TL5uydQzUkBOxiNstFNw&sig=Cg0ArKJSzHP2ezOqkV6CEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=182&vt=11&dtpt=65&dett=3&cstd=114&cisv=r20211111.59787&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl= Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:20 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe
GET H3	200	OnAir-Bold.woff2 s0.2mdn.net/creatives/assets/4140742/ Frame 601A	47 KB 47 KB	8ms 7ms	Font font/woff2	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://s0.2mdn.net/sadbundle/4773889544820883456/300x050.html?e=69&leftOffset=0&topOffset=0&c=7O6nzbP9g8&t=1&renderingType=2 Origin https://s0.2mdn.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:12:08 GMT x-content-type-options nosniff age 732 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 47676 x-xss-protection 0 last-modified Thu, 06 May 2021 11:38:39 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=900 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 11:27:08 GMT
GET H3	200	OnAir-Regular.woff2 s0.2mdn.net/creatives/assets/4140742/ Frame 601A	47 KB 47 KB	11ms 10ms	Font font/woff2	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/creatives/assets/4140742/OnAir-Regular.woff2 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://s0.2mdn.net/sadbundle/4773889544820883456/300x050.html?e=69&leftOffset=0&topOffset=0&c=7O6nzbP9g8&t=1&renderingType=2 Origin https://s0.2mdn.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:10:27 GMT x-content-type-options nosniff age 833 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 47848 x-xss-protection 0 last-modified Thu, 06 May 2021 11:38:29 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=900 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 11:25:27 GMT
GET H3	200	sodar Show response pagead2.googlesyndication.com/getconfig/ Frame 601A	7 KB 5 KB	19ms 19ms	XHR application/json	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/Enabler_01_245.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 047f56c5cd76545105ab0011b90d37ff728c7309d4a129310651fdf3bb1f7388 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:20 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5221 x-xss-protection 0
GET H3	200	60005582_20211115041150352_COUNTER_300x050_BG.png s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 601A	124 B 150 B	8ms 8ms	Image image/png	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211115041150352_COUNTER_300x050_BG.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash eaf106a098c00c67e2b4d66937974ddeb78909b70f9830eda3d261aa333db0bb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/4773889544820883456/300x050.html?e=69&leftOffset=0&topOffset=0&c=7O6nzbP9g8&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 22 Nov 2021 13:29:00 GMT x-content-type-options nosniff age 78920 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 124 x-xss-protection 0 last-modified Mon, 15 Nov 2021 12:11:50 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 13:29:00 GMT
GET H3	200	60005582_20211115025910384_COUNTER_300x050_intro.png s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 601A	6 KB 6 KB	9ms 8ms	Image image/png	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211115025910384_COUNTER_300x050_intro.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f357c5ebc73649954bdcccb93085105088f0093bc1c5c5abde32175f9133f449 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/4773889544820883456/300x050.html?e=69&leftOffset=0&topOffset=0&c=7O6nzbP9g8&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 22 Nov 2021 13:29:00 GMT x-content-type-options nosniff age 78920 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5681 x-xss-protection 0 last-modified Mon, 15 Nov 2021 10:59:10 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 13:29:00 GMT
GET H3	200	60005582_20211115042107115_AirPodsPro.png s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 601A	3 KB 3 KB	10ms 10ms	Image image/png	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211115042107115_AirPodsPro.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 87d9623284235f51ccb823857e73080dde36357de095ef50ab8a81d8fbeee516 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/4773889544820883456/300x050.html?e=69&leftOffset=0&topOffset=0&c=7O6nzbP9g8&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 22 Nov 2021 17:55:24 GMT x-content-type-options nosniff age 62936 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 3519 x-xss-protection 0 last-modified Mon, 15 Nov 2021 12:21:07 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 17:55:24 GMT
GET H3	200	60005582_20211115024435177_APP_iPhone-12_blau_AirPods-Pro.png s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 601A	52 KB 52 KB	9ms 9ms	Image image/png	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211115024435177_APP_iPhone-12_blau_AirPods-Pro.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash eac4ba277871fc6175f0d0b509fca418ae854a972a29981d8cda168e4cc65a67 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/4773889544820883456/300x050.html?e=69&leftOffset=0&topOffset=0&c=7O6nzbP9g8&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 22 Nov 2021 14:16:20 GMT x-content-type-options nosniff age 76080 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 52737 x-xss-protection 0 last-modified Mon, 15 Nov 2021 10:44:35 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 14:16:20 GMT
GET H/1.1	200 OK	postview.gif portal.o2online.de/nws/img/ Frame 601A	43 B 609 B	35ms 10ms	Image image/gif	82.113.101.132 TDDE-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=25667676_4307561_320113466_146034325_-0&ref=25667676_4307561_320113466_146034325_-0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.113.101.132 Offenbach, Germany, ASN6805 (TDDE-ASN1, DE), Reverse DNS portal.o2online.de Software Apache / Resource Hash e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:20 GMT Last-Modified Wed, 26 Aug 2020 10:11:24 GMT Server Apache ETag "2b-5adc50abeeb00" P3P policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Connection close Accept-Ranges bytes Content-Type image/gif Content-Length 43
GET H3	200	sodar2.js Show response tpc.googlesyndication.com/sodar/ Frame 601A	17 KB 6 KB	29ms 29ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/Enabler_01_245.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:20 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1624308425655142" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6467 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" expires Tue, 23 Nov 2021 11:24:20 GMT
GET H3	200	gen_204 pagead2.googlesyndication.com/pagead/ Frame CAB4	42 B 63 B	41ms 41ms	Image image/gif	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AaTi40vlO4sHGMnPlzRXGAaLcMOIVD8KTj7qtfB8dYFuYGZxYGsMrr2-P1ZUOkxrDYFivnKtH-UaTUbGt-z57JKC3c_8UAWeTxRQmZRP7P5_A6oBk Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	adj Show response fw.adsafeprotected.com/rjss/bgd/820761/57728794/xbbe/creative/ Frame CAB4	236 KB 79 KB	145ms 61ms	Script application/javascript	63.33.102.111 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://fw.adsafeprotected.com/rjss/bgd/820761/57728794/xbbe/creative/adj?p=APEucNXYE4Kt7zvIpJD3n1MNN4v2Go2vwM0OH0_Aw3cc6aY-wlJfThg&d=CnkAoCZ_4E4egiCwd_PFb0MdRbw_OUVOc728WfkBcaMwuLBEV2y5HmW4c-rs8RPyiBLqVlSYC84P0lM42ByZMxBtvHEloVwsiD-x-hEYdWcWl83Z4FenSFADtxonNFyvA6urvjERoPtdQ46uzMyRVIsi5-n0lpRuJGUIEtkSAKAmf-B5Cba4i3rHtRyrPWh9oiSIiYU0BfzY7fbHIiNi1OVm0YtwbsJ08vPwpDv8mdmyzaM4JRgSFx-i94hN2hxVPFV05Wt18WV3m_uCsuMk8cGqtvNlJyyn3vkAC3n4gfOtIQgGKGia2XLn7V36uIDHefsNEk2CjCDmaQvc2CQSUK4vYLHUa4slJCUJEssdk5rGiCUFUgAfyF6yl9yncOM426ua8FGVawkbSu3XDWZZwMneZ7y6V0InkMwuDoS4wy0lwW02eLOnJwWpV7Iq9zMZCFolKfXflLoSdzHLsQ6SLETMISh3A8HePYN73BHUvHIEAL9GlFAST7XPrq__bbPhiy46Mt9od7qkfHkdbJrg80ySpTC2py5RVqRBM9Ettpma3UF24026_5UDwpAmJkmR7JNu27ewI3E2TBw_vZ4H_H9kp8zfngyWYTQ9rLdzRx_ZefaI9HY4BtEM5g9n67cvZmoR31g06soV4Tsi0JRl2FKNL5fN5wTRP4MmhE67onmdeKgHLmdgO-fqBeFRyum_jrH5g661kqpt-Oj7NpkJQAHwLuW4O1hOY1s8DFxsLNmtMQiROsMrSa5UVwY1iawhraLabLOLY2yK6Lrv_NMIb77LgPDd5uU5qGaWrGXxO0KqhyDfquXO6rwxB2kmK09QNRhUkuqA4lLwZkFfRqZ1WLQ4RQDXAL-zhmLODwT2htv0sNsUDmA42Twe4PEC97uNQgoEWWr9xe1d2RhFTCpPTBz-lRU4pzZh5QYAiW6-FyK79Pl9GBjVhP4z6S-k37d0a8F3Wz8PryTZ7G6zT-vxmvR2oBymHQgJd_lh1OF5du8EhlYY9eZYgwki5YdslEw1LHIxrOVGus600MhquMozzzGj3wYx01LeVrb7Zo5XcuC3mjUU4v45Z9L4kdquGSmUd26CHHZRxi7WKdDsjyfcvkz1AYc1SfPb1r203j9wNlOdbLKHz2eX8wwcpfG3k2GycnLMxRlg2Z42PfX1ckS5kDdEfVPmB4ceE-cQHYexk1Pk6jNH1bvquVO4Xhj8Els57sunHdO3-TnDUeF3nenKqKrrtnSfoz3OALzaGTseQ7633cqt5CawCz6v_Pkg6ibCfh8YPFjOZBcQ43jLbLkd4qk1tilccF80r9zU0bjfV7Sw_bDRDIGVYZe2-zKan3iHinVvrB2G3zrwoPFQ70aUhiHL4zAI02apJePQ4-OSxXi0XFc_B-65ilDifVyozsETc-9OAkeQ-O9FKAM5rTsqlZ5NfhiRsCssUF-SzeIa4KrtaznQzzKxVzjAi3FJMBj7IP3gvVwlD3ckvAKnNr54WwUoqyo_Rjoc0HS14UiiMrOg6nVwhPqUUrg_Mxb8BaA0O6bdZxX2iGm6t2rD1V2yMS7vnOBfQoJVa8gGiegCd5v2g1v4fg3D6_2xa-pE7Y1C8VfIB4q0HpHvDxi6IIWZdQ8u7oqD1foUg2_3iG34Xl5GbKGa8mkKYZH2qM0wgVx5PS6TzBmwHYSOdwxh7-4LGvd4jiIcgQR7ro9l1HJiWPESADxKApnIZZNVF0ADg-mPUoeNAIWZfYFq3GalMQ4In5ua7mVUDA4_0hPRO8m2Uu7JvNbUVnScxi4KDsbpV0Sm6XMrYzNzZ9z4sTdwZmoBUJCmJ-E82XXxfLXMTeYaGIZ98oaxYmvc3_3C0vHPG1LWDmoSawrfdsS3b5pVGAUc1CvbD5j5AyIrTneWp0_RXs5dBr_iM905s5giPThMCOxmga6ry-ORztIPGvdqcwU8xkcleFOMrBDr_HwG497DfZxPpmVVb6p0b5H4P7nKN41ojF6qUYJRK2sUDyWrYGtP28XkNPL-5poTWy9Ibrj-drKIlXwzGcwJyXLdUPB2RFhzoDSuuKK9KErEK5XBBNB8BXe27I6toZKxpAFlZsN4bq9BFoZnJSKPekGCKcxyhg0CJ3sNx-gw7VoDO3xcesw7XPYW9qU-jVetN99ijyf7hX2NDSajUfM29TV4R1swZs_zF5h316kPib9yeDNQWQ8pmTG2mUDs5j7VVnOCG4SMBQUDJjUe-JPhnwAjlxhUybTe4p61in86kFFUrB46KDtngIoMzSegP3ogiBi85GZwdbhmzntzKJQrZnnp_lrjvtbKBDLd_NNqaAcLfRHbas-SS08NJuY6YbpTC6ZD65HdulvU6zM3xXeP46TBTBQyYxHHk-HDzxAOeuw_-CuMgC_EZr2zjGO7ABGX-mT9AVRHpzQ9zDASM2jxIoyVTqm8COEdBlukIsUJynlKZQlDsft7T1sJkhtKu95FkcNPa_Ihx9AJNlZO7O9fxx3qW4FUNl-bGiy9JSDCaCT5bXP_574MVMuzsszM8lnR2LmSAi6L20cqfMZazbztKxyY-UBklMtbWWM5ndZJd-8wpbRMfaJ2dWGgFkU4FYugRLcyvPdxzRFW8xj8c_08L_Qsksn5Ap3HcBkXRXaMvmM2f1Povjga14X8r_cfi5XNpVucwkYrqvpYV7H3n4JNX_bYQVcVanymE__cCPCmTpx4N0AtJUG3OEeuTEBWT-5qIhiCqq-0adiE5MJQQbvEDTSgXoFzdq1gX1GoXgP04nPsBY4pB7rEkbgEZvksyKA-vGF_lWgouRNesBd9yrYXpJNzRyyQlSzXtNVnLsi-TYAdrAZWHh5uzkRxMmdbkxctIEZW8T8D4mq-JDFeayd6OKvweoyFm25bz_8QY6qtLpW-yrJoDnT9uUlg-lUUvYIw609cQ6ybVUORhMWk5HMWl-bCiRu4gT7Og93Ykyer0lMZT5mYDaY1co2B7uiAPg8nFymNMGV1mRAoRe89ub1ElUQYj6_b29_RnBAdbZJkgtTDRspB_9gKSU9bU_6uMFkffIuDQKtbG7a8W_vcmb6ISHHwPe1NfLcS27IZa2_3eVsL-EUqjR36xcn6iD89TPYhmJDpeHd02gO5o8Zc6wXCswTQVtSF3mXDDTVufP3bGeTbDQcK8B2JPbeJ87vh2BB0OCZezy_2Myexby6Nc3CNncUy_JE1qsqqSNDc1zh0qa_6zFN5sOS3JOo4-Omk7zb_iObbXWG7kKnDLc41Kg8PGdiVFWBH0kcjBl-tji6WkfUQrVA18D1c-WMDOs0y4hUl0AdXVoEI2guDOt8KruLgZeS3ROiMYuZGcP7vbGRm4fm2Oczj9KtC5YUlZQKw2EEaFggAEhLkaCplKaOXfKuFv5DsL1pZKbBgAQ Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 63.33.102.111 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-63-33-102-111.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash 1bf32e1652285e2ba497c6879deb68e3ff6e36b7faa5515e332c473ad4b078a0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT content-encoding gzip x-server-name app09.ie.303net.net content-type application/javascript;charset=utf-8 access-control-allow-origin fw.adsafeprotected.com cache-control no-cache access-control-allow-credentials true server nginx expires Wed, 31 Dec 1969 23:59:59 GMT
GET H3	200	window_focus_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame CAB4	2 KB 1 KB	8ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:07:21 GMT content-encoding gzip x-content-type-options nosniff age 1019 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1332 x-xss-protection 0 server cafe etag 3351516697335751560 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:07:21 GMT
GET H3	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/ Frame CAB4	119 KB 36 KB	18ms 17ms	Script text/javascript	2a00:1450:4001:82f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:20 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37119 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1636547677202025" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Tue, 23 Nov 2021 11:24:20 GMT
GET H3	200	qs_click_protection_fy2019.js Show response tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame CAB4	15 KB 6 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:19:55 GMT content-encoding gzip x-content-type-options nosniff age 265 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6415 x-xss-protection 0 server cafe etag 16810888504096353422 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:19:55 GMT
GET H3	204	l www.google.com/ads/measurement/ Frame CAB4	0 0	15ms 15ms	Image text/html	2a00:1450:4001:828::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/measurement/l?ebcid=ALh7CaToxwabWWusbI6BbvTa0Zc5nEvc1LAwzUvA7X683wbZmJ7eG2w7vtgFW93yzU8LIFhEn6nrwdzVoOKF6yMWVNSiQdYHrg Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers
GET H3	200	pixel Show response googleads.g.doubleclick.net/xbbe/ Frame 7EBB	624 B 297 B	19ms 18ms	Document text/html	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARj7lau3ATAB&v=APEucNVUwXoumRQEBk7PZQgzQ0xrz_QT-u69eEg7IjZYXjIvLGLPvqvpadwuhS3MQkUibQqP_l0NrrDFVVzHxvJ5MmT2AFEuA3oIqXVAV3d4btixUiYVqAkjW5-4nDphhUrOY9uQf52-eOrn2wQhG0p4AS18Ch43lWB7eBlVo7JWnNtwR9blrGw Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Response headers p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" timing-allow-origin * cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 x-content-type-options nosniff content-encoding gzip date Tue, 23 Nov 2021 11:24:20 GMT server cafe cache-control private content-length 276 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	ad Show response googleads.g.doubleclick.net/dbm/ Frame CAB4	13 KB 10 KB	47ms 47ms	Script text/javascript	2a00:1450:4001:82a::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AldnqdqjIKrs377XvVMxgEWR42m_CZh5quY3kWPWP4XppijT8jLHH4zp7lf1d6EwlSdKCp4l1POwaE4UIQZeq1LrTq_8GjpyoGxJKoSC0BMN1luGvOpErGmb6w6lHbrNMI38jeCgloksOqLxB5cKlpbr_3yQ&dbm_d=AKAmf-AUnYEvPqU5zVgdrzvx5YwXX9dacBYpxGk3JlpDwF67g67PbiKem-6LhtuddVhX9Bg3Ybm3FuVmly5jcWY-H5VRldxuJBNsjKaPICEwhhjPWnbGydnYs881fdL31-wZ5BsKqe92B7QSbFWa121jtiwtMq_hOVomGHtoEctKfs2jNfN7-GcUeVAoKngL5JpIFI28txy4k5wwXkJ1oFvkye31WAPVY-5VY7PNMeOVS3SXmv8eNuJ1W1nnVMMk214KKtGKA1hNfwBwmHE5XZSPdzTf2N89Of3NHf48EgB18cTMmRAEl2ByWHHXFMJAyB-GpWmGg5DT5hNKodvJxV5wc-cFFrh7yFy-rg4iwgulATvZV5myw9bDmD40iQpMAza_XeaMsqeGPlCfX_O8aZz3fY6_KorjFQLYFKPTHdnaobwpzs2hCaDSVtl4QeUI2H2qJuvE1vLP9HRHjPYl2nreVamSskkPq9T5n6HnRjOmyPU4ZSzfm4-loV927rtV7Ou9B7l-PPFCGr2hUGsXHrzgTAmxPwFpcs92pdslfa6v4LdIGVCUErm7nJSNiodplDMB1be5PiIOYMHz_-FFHIQNmGrGh1G0wUXVFrK6I0Q3-G2QjPuVrI7o766eP1YDDJ1cJqpN3StyhMcavlWufrbMFReXMNAKALNd0BA9a1nyifoJdr5C_kjY1e1yeYlsTomrL3yuXKszXoSW3M-WAMmiYddZ_E-IphWWv6JrAAEcsDmr5Nlja1ZBodw7wBIDZnaR59LsJaeKs4OGObJ0XTx8NduALo8krbhppdW-1K7WJ3lPRrVP-M60OK5Cl7al0QwJFwmI5eAsKGpfG5CJbXJXRxkQ34Dk1Cs0JeETc7p1sxU2fMU6XaFD-05wVQhkPUYV_judzXO1PAmG38QWSuunThSRnRpemfWYMUp3qyBNTDskGxCz41geLucDms8rtSEmWgkR8UfdeZB45xtKWxdTKubhcNwBrl5A13uSrp63BwQVzvvwRu0ki_rjlN1ndJ0nrZLaUpaFfngmGPcsGvX59p-5YzIAGBeIwElISaN_e-2FDAYpGCMxaNfMAzfmVpMzROTdODRiQnSVJhGcYi-fkWRJ_DLsTTlRcQc6BgaeZZ276BFf2lPM3GuUQRfb6K_eejr-6ql_8wV7N6N_mmmRxVVafXCAg0Iu5eXDBUy0uCKPWX4iJhgOVcAseqrzuDJm5JXnPQ6xsHnrUgIhtqMVAaFJWfWZascSHD90qgf9BTymG5COSD-5xe9UV1481e5hYNmH1yg-Q8UC7YUMp5swyZ27fCAu38FVu59CtHqS47SiqMRatvXE4KXnMaMPmOYiozBFGoDIZ5nc8tSJeWQLYLbxFZvQJ4hHDSI9ztKDB2VU7XHwEnFmYx4GtQxWDixKR4aSai3wcKnbsbfingB4qIqGuoMIVTWzn3XEtpwfMTGu0iMuIrNf5cPPxs6RyGdeSy93F3HPcYH1UU_rj65Nz2Bp-q2UVaEuCX4pXKsCZEVIoCcfhnwO9s1bbpDL25BuQ7ddvjInM91AYPBh0MjR5tecVrhpOGHAdl8mSbzW13gfIDTU3G7tnjcSUr21dvPFRLBkUO9PGh9YLgZDn55rXuS9PJBFi-fepU92MrfzRq0p4XGXpRL_IRFR8RemoBYeI8qsLSHOYobk2hKLN1JVmJZVh88SY2KiAxVMJLVdSZg3qHc7K_sle5QQB96lkBIxFzApy5TKCQIR701AQu3l0DDBvx_H_ukImH_1VeUa1o8rxCxWNYdhMA6RABgfeAXLrTDM7ChoiavXn9hq9KeLu5ZTc9mWuESl5-6PWiT3Vyh75x2wtyRwd55R9iWUNHtla2i3OS7-Hss1Hvc_7dLf3XS_mVJC5YvdGwkyiEAORf26fYYQjiQbKF4RO_aEV85Z80MeF1tMALArtMaqSp7xDGOn34IPreaXOH1rx-siQg6P1zBCkZqtawO3QMN9UK71qayoqpKFijE1FsY2J8M_EPU6puOmXE-8GBipWq4eDjl7CfuofrVlgflVS84IcrHgPHmqgqtur2FQkc35ahL473J80erTCwvmpuuz_UgfTfwJ7efT__zP6xcNAgLFUHo9rCs0OaVDpGZEqOCa5XXkB6lcOF2Zd_aS9kLnvDhN2IltG2wX15fEIRjUyIsG6iDMmbVCRfQsk55p71sygZLyI503k6MbvTaIFaXY2qPYsaL-Rp3QPmlBjpdBdas4EWODGRJvVdNa8JlwNFe-Xu0QC48VDsX8bZ1xIhukfP4Apejmh6Vyr8evei6W28tqrqNRth0tnDgoAKsBKuZgiluakRYIlt7q-KXeRffY12zEmbIKfNm2JaDJ7BUSs2Z4YAZOFCkTYejUZ8xdWCfUqAw6jksw05lURdreWKjeqgx5pwodGn2b30FtrUEVeeCsh9BCVSKEUjtv1aMyFX67P5QoF8kZ4nd-4OpHaSuQNr2NpT7Z_ylpUIR4sIJCiN5IMpq6yUtrZ9Rf5bUXJeHXVQaXk8DozlwMayfel7hVCmO8GhZTQHQTVFh2xGWRrgsh-aj0L3AlH-Ter1mYtEt43W5ORd6bmoezbWgZoKPCrTQYkawhUfLO6uoas_4xO0Fcv--FYeACVTzKgcdylG6GKK-p7yjHZeI-6w&cid=CAASEuRoKmUpo5d8q4W_kOwvWlkpsA&rfl=1%2Chttps%253A%252F%252Fmediacyber.id%252F%240 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 75b064e88416d434441548aec8c2549c742ce5cb079f708d5b694eb6dd95e0e3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT content-encoding br x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9740 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response pagead2.googlesyndication.com/bg/ Frame BCB0	35 KB 13 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:17:06 GMT content-encoding br x-content-type-options nosniff age 434 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13508 x-xss-protection 0 last-modified Mon, 08 Nov 2021 11:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 23 Nov 2022 11:17:06 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 3571	0 20 B	44ms 44ms	Image image/gif	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BPaJVZM-cYbyPGoyG7_UPkNelsAkAAAAAOAHgBAI&bg=!AAOlA0fNAAZQLpa_UC47ACkAdvg8WvkNsSK4gfIKcsArUIQcDQ6591pDEFZOM1qQqLS5hRoikIoz2wIAAACBUgAAAA5oAQeZAsCG1DK0CSKAiPZw4518Ng0SyMlPWntGZh72cxZYLgTniRYjkBr7QpMExp2AFMm6F3alIn1IWouq60gsmv93eCpROn18sMj47r6DYDMQLTJ-PSOB-b0HXxZ-9vIyOzKTHrqCrFmH0AcTs-j1q8ceeuKH4YPHINeYysC9xemCRkZ9VB2_Km-ShsffnFCA7XW0B09RgaTYTgudBsYCDtMWmq1DtNDz_jFTLH2-gnpMgBfY2IIeRD2rAB-RZpgLC1_b0iUuhRk4S7oQmdE989lMSaWX5nTTdkTODNDFVsh1Jek_0rrJlfnu-Hp6kP7IcH1gK2hUxPKaGRBe7HW8Zvq7QKOCnqAZ75kAAQ-pf6oh_JJu_3Azqp6rt-PNMzICbbdCW0-EpDc5ENkushpEerXAjd2VleoFo6wn6zYLsJNmtlGZDvvzQIS79FPVXo-ypyyJon2ppZVeCEP6aYgvPjqP_qghPJDmHqF9qQAMrYNoFUk51LTivNHLQPmCdPeVVy9QF4djygzFvFBZ76tIiv_78k5qhWeXfGpSSbjxR2eJyiOoTTsxmR-R1Ys0eZUR0f5xE-dStsKl2527ucwAkBbwekFQkyWpkMYKA97orgVsiMT3aP-D9W55nGwxBFQmWM0nKrpEXLNn7-ZmHqH2sUDKyv8v8nRA8koHz6tywBLzzpv9GIdXBMdJoSaf78Z0uqZ9tNs1--i8k2DgcqeICPvNbWfmfARgiFhlVjNXDLJYqifkmwCaUv0IYK0Q4bTnRKD1b7c4tUjVXVWu_rDbHWXTF4T_fqQRz8Tacv4ar47A2PH0zttCtaYftT8nnc21eBD1dCKiv405LoPPJdJNvtcYIG7BOvAnXVJKOYjMI1Txe8K4V5XVUCkU0X3d-ohuEvCrhaLb4kHlZHkBqvPgix0nz_YHZ062SFoej1_YGtKcMt0cAg Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame 7EBB Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1	43 B 894 B	16ms 16ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARj7lau3ATAB&v=APEucNVUwXoumRQEBk7PZQgzQ0xrz_QT-u69eEg7IjZYXjIvLGLPvqvpadwuhS3MQkUibQqP_l0NrrDFVVzHxvJ5MmT2AFEuA3oIqXVAV3d4btixUiYVqAkjW5-4nDphhUrOY9uQf52-eOrn2wQhG0p4AS18Ch43lWB7eBlVo7JWnNtwR9blrGw Protocol HTTP/1.1 Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:20 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 23 Nov 2021 11:24:20 GMT Redirect headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame 7EBB Redirect Chain https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZzPY3tyTaZ-2WbeD14QlgAA https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1	43 B 894 B	23ms 23ms	Image image/gif	2.18.234.21 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARj7lau3ATAB&v=APEucNVUwXoumRQEBk7PZQgzQ0xrz_QT-u69eEg7IjZYXjIvLGLPvqvpadwuhS3MQkUibQqP_l0NrrDFVVzHxvJ5MmT2AFEuA3oIqXVAV3d4btixUiYVqAkjW5-4nDphhUrOY9uQf52-eOrn2wQhG0p4AS18Ch43lWB7eBlVo7JWnNtwR9blrGw Protocol HTTP/1.1 Server 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-234-21.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:20 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 23 Nov 2021 11:24:20 GMT Redirect headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6XbH0iESso53IktFT2d9U&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	setuid ib.adnxs.com/ Frame 7EBB Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm https://ib.adnxs.com/setuid?entity=101&code=CAESEI25v9kUAJST-9uC0uW4IjA&google_cver=1	43 B 1004 B	22ms 22ms	Image image/gif	185.33.220.241 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/setuid?entity=101&code=CAESEI25v9kUAJST-9uC0uW4IjA&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARj7lau3ATAB&v=APEucNVUwXoumRQEBk7PZQgzQ0xrz_QT-u69eEg7IjZYXjIvLGLPvqvpadwuhS3MQkUibQqP_l0NrrDFVVzHxvJ5MmT2AFEuA3oIqXVAV3d4btixUiYVqAkjW5-4nDphhUrOY9uQf52-eOrn2wQhG0p4AS18Ch43lWB7eBlVo7JWnNtwR9blrGw Protocol HTTP/1.1 Server 185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US), Reverse DNS 732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net Software nginx/1.17.9 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:20 GMT X-Proxy-Origin 213.239.209.3; 213.239.209.3; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com AN-X-Request-Uuid 9789375f-7ad3-493d-bf44-607f3a948aa9 Server nginx/1.17.9 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Cache-Control no-store, no-cache, private Connection keep-alive Content-Type image/gif Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://ib.adnxs.com/setuid?entity=101&code=CAESEI25v9kUAJST-9uC0uW4IjA&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 290 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame 7EBB Redirect Chain https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA5NDA5NTI1MjA4Mzk0OTkzMg%3D%3D	170 B 188 B	31ms 31ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA5NDA5NTI1MjA4Mzk0OTkzMg%3D%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARj7lau3ATAB&v=APEucNVUwXoumRQEBk7PZQgzQ0xrz_QT-u69eEg7IjZYXjIvLGLPvqvpadwuhS3MQkUibQqP_l0NrrDFVVzHxvJ5MmT2AFEuA3oIqXVAV3d4btixUiYVqAkjW5-4nDphhUrOY9uQf52-eOrn2wQhG0p4AS18Ch43lWB7eBlVo7JWnNtwR9blrGw Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:20 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:20 GMT X-Proxy-Origin 213.239.209.3; 213.239.209.3; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com AN-X-Request-Uuid 8f13dbf8-43eb-4377-8a74-8edc0e0f6fa8 Server nginx/1.17.9 Access-Control-Allow-Origin * P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Location https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTA5NDA5NTI1MjA4Mzk0OTkzMg%3D%3D Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/html; charset=utf-8 Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H3	200	UFYwWwmt.js Show response tpc.googlesyndication.com/sodar/ Frame CAB4	41 KB 15 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AldnqdqjIKrs377XvVMxgEWR42m_CZh5quY3kWPWP4XppijT8jLHH4zp7lf1d6EwlSdKCp4l1POwaE4UIQZeq1LrTq_8GjpyoGxJKoSC0BMN1luGvOpErGmb6w6lHbrNMI38jeCgloksOqLxB5cKlpbr_3yQ&dbm_d=AKAmf-AUnYEvPqU5zVgdrzvx5YwXX9dacBYpxGk3JlpDwF67g67PbiKem-6LhtuddVhX9Bg3Ybm3FuVmly5jcWY-H5VRldxuJBNsjKaPICEwhhjPWnbGydnYs881fdL31-wZ5BsKqe92B7QSbFWa121jtiwtMq_hOVomGHtoEctKfs2jNfN7-GcUeVAoKngL5JpIFI28txy4k5wwXkJ1oFvkye31WAPVY-5VY7PNMeOVS3SXmv8eNuJ1W1nnVMMk214KKtGKA1hNfwBwmHE5XZSPdzTf2N89Of3NHf48EgB18cTMmRAEl2ByWHHXFMJAyB-GpWmGg5DT5hNKodvJxV5wc-cFFrh7yFy-rg4iwgulATvZV5myw9bDmD40iQpMAza_XeaMsqeGPlCfX_O8aZz3fY6_KorjFQLYFKPTHdnaobwpzs2hCaDSVtl4QeUI2H2qJuvE1vLP9HRHjPYl2nreVamSskkPq9T5n6HnRjOmyPU4ZSzfm4-loV927rtV7Ou9B7l-PPFCGr2hUGsXHrzgTAmxPwFpcs92pdslfa6v4LdIGVCUErm7nJSNiodplDMB1be5PiIOYMHz_-FFHIQNmGrGh1G0wUXVFrK6I0Q3-G2QjPuVrI7o766eP1YDDJ1cJqpN3StyhMcavlWufrbMFReXMNAKALNd0BA9a1nyifoJdr5C_kjY1e1yeYlsTomrL3yuXKszXoSW3M-WAMmiYddZ_E-IphWWv6JrAAEcsDmr5Nlja1ZBodw7wBIDZnaR59LsJaeKs4OGObJ0XTx8NduALo8krbhppdW-1K7WJ3lPRrVP-M60OK5Cl7al0QwJFwmI5eAsKGpfG5CJbXJXRxkQ34Dk1Cs0JeETc7p1sxU2fMU6XaFD-05wVQhkPUYV_judzXO1PAmG38QWSuunThSRnRpemfWYMUp3qyBNTDskGxCz41geLucDms8rtSEmWgkR8UfdeZB45xtKWxdTKubhcNwBrl5A13uSrp63BwQVzvvwRu0ki_rjlN1ndJ0nrZLaUpaFfngmGPcsGvX59p-5YzIAGBeIwElISaN_e-2FDAYpGCMxaNfMAzfmVpMzROTdODRiQnSVJhGcYi-fkWRJ_DLsTTlRcQc6BgaeZZ276BFf2lPM3GuUQRfb6K_eejr-6ql_8wV7N6N_mmmRxVVafXCAg0Iu5eXDBUy0uCKPWX4iJhgOVcAseqrzuDJm5JXnPQ6xsHnrUgIhtqMVAaFJWfWZascSHD90qgf9BTymG5COSD-5xe9UV1481e5hYNmH1yg-Q8UC7YUMp5swyZ27fCAu38FVu59CtHqS47SiqMRatvXE4KXnMaMPmOYiozBFGoDIZ5nc8tSJeWQLYLbxFZvQJ4hHDSI9ztKDB2VU7XHwEnFmYx4GtQxWDixKR4aSai3wcKnbsbfingB4qIqGuoMIVTWzn3XEtpwfMTGu0iMuIrNf5cPPxs6RyGdeSy93F3HPcYH1UU_rj65Nz2Bp-q2UVaEuCX4pXKsCZEVIoCcfhnwO9s1bbpDL25BuQ7ddvjInM91AYPBh0MjR5tecVrhpOGHAdl8mSbzW13gfIDTU3G7tnjcSUr21dvPFRLBkUO9PGh9YLgZDn55rXuS9PJBFi-fepU92MrfzRq0p4XGXpRL_IRFR8RemoBYeI8qsLSHOYobk2hKLN1JVmJZVh88SY2KiAxVMJLVdSZg3qHc7K_sle5QQB96lkBIxFzApy5TKCQIR701AQu3l0DDBvx_H_ukImH_1VeUa1o8rxCxWNYdhMA6RABgfeAXLrTDM7ChoiavXn9hq9KeLu5ZTc9mWuESl5-6PWiT3Vyh75x2wtyRwd55R9iWUNHtla2i3OS7-Hss1Hvc_7dLf3XS_mVJC5YvdGwkyiEAORf26fYYQjiQbKF4RO_aEV85Z80MeF1tMALArtMaqSp7xDGOn34IPreaXOH1rx-siQg6P1zBCkZqtawO3QMN9UK71qayoqpKFijE1FsY2J8M_EPU6puOmXE-8GBipWq4eDjl7CfuofrVlgflVS84IcrHgPHmqgqtur2FQkc35ahL473J80erTCwvmpuuz_UgfTfwJ7efT__zP6xcNAgLFUHo9rCs0OaVDpGZEqOCa5XXkB6lcOF2Zd_aS9kLnvDhN2IltG2wX15fEIRjUyIsG6iDMmbVCRfQsk55p71sygZLyI503k6MbvTaIFaXY2qPYsaL-Rp3QPmlBjpdBdas4EWODGRJvVdNa8JlwNFe-Xu0QC48VDsX8bZ1xIhukfP4Apejmh6Vyr8evei6W28tqrqNRth0tnDgoAKsBKuZgiluakRYIlt7q-KXeRffY12zEmbIKfNm2JaDJ7BUSs2Z4YAZOFCkTYejUZ8xdWCfUqAw6jksw05lURdreWKjeqgx5pwodGn2b30FtrUEVeeCsh9BCVSKEUjtv1aMyFX67P5QoF8kZ4nd-4OpHaSuQNr2NpT7Z_ylpUIR4sIJCiN5IMpq6yUtrZ9Rf5bUXJeHXVQaXk8DozlwMayfel7hVCmO8GhZTQHQTVFh2xGWRrgsh-aj0L3AlH-Ter1mYtEt43W5ORd6bmoezbWgZoKPCrTQYkawhUfLO6uoas_4xO0Fcv--FYeACVTzKgcdylG6GKK-p7yjHZeI-6w&cid=CAASEuRoKmUpo5d8q4W_kOwvWlkpsA&rfl=1%2Chttps%253A%252F%252Fmediacyber.id%252F%240 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Fri, 19 Nov 2021 12:35:12 GMT content-encoding gzip x-content-type-options nosniff age 341348 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15207 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" expires Sat, 19 Nov 2022 12:35:12 GMT
GET H3	200	Enqz_20U.html Show response tpc.googlesyndication.com/sodar/ Frame 0C0D	22 KB 8 KB	7ms 7ms	Document text/html	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Enqz_20U.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers accept-ranges bytes vary Accept-Encoding content-encoding gzip content-type text/html cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} timing-allow-origin * content-length 8395 date Fri, 19 Nov 2021 12:35:14 GMT expires Sat, 19 Nov 2022 12:35:14 GMT last-modified Tue, 03 Mar 2020 20:15:00 GMT x-content-type-options nosniff server sffe x-xss-protection 0 cache-control public, max-age=31536000 age 341346 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET H3	200	lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response pagead2.googlesyndication.com/bg/ Frame 0C0D	35 KB 13 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:17:06 GMT content-encoding br x-content-type-options nosniff age 434 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13508 x-xss-protection 0 last-modified Mon, 08 Nov 2021 11:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 23 Nov 2022 11:17:06 GMT
GET H2	200	adj Show response bid.g.doubleclick.net/xbbe/creative/ Frame CAB4 Redirect Chain https://fw.adsafeprotected.com/rfw/bgd/820761/57728794/xbbe/creative/adj?p=APEucNXYE4Kt7zvIpJD3n1MNN4v2Go2vwM0OH0_Aw3cc6aY-wlJfThg&d=CnkAoCZ_4E4egiCwd_PFb0MdRbw_OUVOc728WfkBcaMwuLBEV2y5HmW4c-rs8RPy... https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNXYE4Kt7zvIpJD3n1MNN4v2Go2vwM0OH0_Aw3cc6aY-wlJfThg&d=CnkAoCZ_4E4egiCwd_PFb0MdRbw_OUVOc728WfkBcaMwuLBEV2y5HmW4c-rs8RPyiBLqVlSYC84P0lM42ByZMxBtv...	57 KB 21 KB	114ms 56ms	Script text/javascript	66.102.1.157 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNXYE4Kt7zvIpJD3n1MNN4v2Go2vwM0OH0_Aw3cc6aY-wlJfThg&d=CnkAoCZ_4E4egiCwd_PFb0MdRbw_OUVOc728WfkBcaMwuLBEV2y5HmW4c-rs8RPyiBLqVlSYC84P0lM42ByZMxBtvHEloVwsiD-x-hEYdWcWl83Z4FenSFADtxonNFyvA6urvjERoPtdQ46uzMyRVIsi5-n0lpRuJGUIEtkSAKAmf-B5Cba4i3rHtRyrPWh9oiSIiYU0BfzY7fbHIiNi1OVm0YtwbsJ08vPwpDv8mdmyzaM4JRgSFx-i94hN2hxVPFV05Wt18WV3m_uCsuMk8cGqtvNlJyyn3vkAC3n4gfOtIQgGKGia2XLn7V36uIDHefsNEk2CjCDmaQvc2CQSUK4vYLHUa4slJCUJEssdk5rGiCUFUgAfyF6yl9yncOM426ua8FGVawkbSu3XDWZZwMneZ7y6V0InkMwuDoS4wy0lwW02eLOnJwWpV7Iq9zMZCFolKfXflLoSdzHLsQ6SLETMISh3A8HePYN73BHUvHIEAL9GlFAST7XPrq__bbPhiy46Mt9od7qkfHkdbJrg80ySpTC2py5RVqRBM9Ettpma3UF24026_5UDwpAmJkmR7JNu27ewI3E2TBw_vZ4H_H9kp8zfngyWYTQ9rLdzRx_ZefaI9HY4BtEM5g9n67cvZmoR31g06soV4Tsi0JRl2FKNL5fN5wTRP4MmhE67onmdeKgHLmdgO-fqBeFRyum_jrH5g661kqpt-Oj7NpkJQAHwLuW4O1hOY1s8DFxsLNmtMQiROsMrSa5UVwY1iawhraLabLOLY2yK6Lrv_NMIb77LgPDd5uU5qGaWrGXxO0KqhyDfquXO6rwxB2kmK09QNRhUkuqA4lLwZkFfRqZ1WLQ4RQDXAL-zhmLODwT2htv0sNsUDmA42Twe4PEC97uNQgoEWWr9xe1d2RhFTCpPTBz-lRU4pzZh5QYAiW6-FyK79Pl9GBjVhP4z6S-k37d0a8F3Wz8PryTZ7G6zT-vxmvR2oBymHQgJd_lh1OF5du8EhlYY9eZYgwki5YdslEw1LHIxrOVGus600MhquMozzzGj3wYx01LeVrb7Zo5XcuC3mjUU4v45Z9L4kdquGSmUd26CHHZRxi7WKdDsjyfcvkz1AYc1SfPb1r203j9wNlOdbLKHz2eX8wwcpfG3k2GycnLMxRlg2Z42PfX1ckS5kDdEfVPmB4ceE-cQHYexk1Pk6jNH1bvquVO4Xhj8Els57sunHdO3-TnDUeF3nenKqKrrtnSfoz3OALzaGTseQ7633cqt5CawCz6v_Pkg6ibCfh8YPFjOZBcQ43jLbLkd4qk1tilccF80r9zU0bjfV7Sw_bDRDIGVYZe2-zKan3iHinVvrB2G3zrwoPFQ70aUhiHL4zAI02apJePQ4-OSxXi0XFc_B-65ilDifVyozsETc-9OAkeQ-O9FKAM5rTsqlZ5NfhiRsCssUF-SzeIa4KrtaznQzzKxVzjAi3FJMBj7IP3gvVwlD3ckvAKnNr54WwUoqyo_Rjoc0HS14UiiMrOg6nVwhPqUUrg_Mxb8BaA0O6bdZxX2iGm6t2rD1V2yMS7vnOBfQoJVa8gGiegCd5v2g1v4fg3D6_2xa-pE7Y1C8VfIB4q0HpHvDxi6IIWZdQ8u7oqD1foUg2_3iG34Xl5GbKGa8mkKYZH2qM0wgVx5PS6TzBmwHYSOdwxh7-4LGvd4jiIcgQR7ro9l1HJiWPESADxKApnIZZNVF0ADg-mPUoeNAIWZfYFq3GalMQ4In5ua7mVUDA4_0hPRO8m2Uu7JvNbUVnScxi4KDsbpV0Sm6XMrYzNzZ9z4sTdwZmoBUJCmJ-E82XXxfLXMTeYaGIZ98oaxYmvc3_3C0vHPG1LWDmoSawrfdsS3b5pVGAUc1CvbD5j5AyIrTneWp0_RXs5dBr_iM905s5giPThMCOxmga6ry-ORztIPGvdqcwU8xkcleFOMrBDr_HwG497DfZxPpmVVb6p0b5H4P7nKN41ojF6qUYJRK2sUDyWrYGtP28XkNPL-5poTWy9Ibrj-drKIlXwzGcwJyXLdUPB2RFhzoDSuuKK9KErEK5XBBNB8BXe27I6toZKxpAFlZsN4bq9BFoZnJSKPekGCKcxyhg0CJ3sNx-gw7VoDO3xcesw7XPYW9qU-jVetN99ijyf7hX2NDSajUfM29TV4R1swZs_zF5h316kPib9yeDNQWQ8pmTG2mUDs5j7VVnOCG4SMBQUDJjUe-JPhnwAjlxhUybTe4p61in86kFFUrB46KDtngIoMzSegP3ogiBi85GZwdbhmzntzKJQrZnnp_lrjvtbKBDLd_NNqaAcLfRHbas-SS08NJuY6YbpTC6ZD65HdulvU6zM3xXeP46TBTBQyYxHHk-HDzxAOeuw_-CuMgC_EZr2zjGO7ABGX-mT9AVRHpzQ9zDASM2jxIoyVTqm8COEdBlukIsUJynlKZQlDsft7T1sJkhtKu95FkcNPa_Ihx9AJNlZO7O9fxx3qW4FUNl-bGiy9JSDCaCT5bXP_574MVMuzsszM8lnR2LmSAi6L20cqfMZazbztKxyY-UBklMtbWWM5ndZJd-8wpbRMfaJ2dWGgFkU4FYugRLcyvPdxzRFW8xj8c_08L_Qsksn5Ap3HcBkXRXaMvmM2f1Povjga14X8r_cfi5XNpVucwkYrqvpYV7H3n4JNX_bYQVcVanymE__cCPCmTpx4N0AtJUG3OEeuTEBWT-5qIhiCqq-0adiE5MJQQbvEDTSgXoFzdq1gX1GoXgP04nPsBY4pB7rEkbgEZvksyKA-vGF_lWgouRNesBd9yrYXpJNzRyyQlSzXtNVnLsi-TYAdrAZWHh5uzkRxMmdbkxctIEZW8T8D4mq-JDFeayd6OKvweoyFm25bz_8QY6qtLpW-yrJoDnT9uUlg-lUUvYIw609cQ6ybVUORhMWk5HMWl-bCiRu4gT7Og93Ykyer0lMZT5mYDaY1co2B7uiAPg8nFymNMGV1mRAoRe89ub1ElUQYj6_b29_RnBAdbZJkgtTDRspB_9gKSU9bU_6uMFkffIuDQKtbG7a8W_vcmb6ISHHwPe1NfLcS27IZa2_3eVsL-EUqjR36xcn6iD89TPYhmJDpeHd02gO5o8Zc6wXCswTQVtSF3mXDDTVufP3bGeTbDQcK8B2JPbeJ87vh2BB0OCZezy_2Myexby6Nc3CNncUy_JE1qsqqSNDc1zh0qa_6zFN5sOS3JOo4-Omk7zb_iObbXWG7kKnDLc41Kg8PGdiVFWBH0kcjBl-tji6WkfUQrVA18D1c-WMDOs0y4hUl0AdXVoEI2guDOt8KruLgZeS3ROiMYuZGcP7vbGRm4fm2Oczj9KtC5YUlZQKw2EEaFggAEhLkaCplKaOXfKuFv5DsL1pZKbBgAQ Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H2 Server 66.102.1.157 , United States, ASN15169 (GOOGLE, US), Reverse DNS wb-in-f157.1e100.net Software cafe / Resource Hash eaed5428ee9f8b0393f0a38b7606ad9ee9a7caaca46331faa164786378c91948 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT content-encoding br x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20722 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT x-server-name app12.ie.303net.net p3p CP="COM NAV INT STA NID OUR IND NOI" location https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNXYE4Kt7zvIpJD3n1MNN4v2Go2vwM0OH0_Aw3cc6aY-wlJfThg&d=CnkAoCZ_4E4egiCwd_PFb0MdRbw_OUVOc728WfkBcaMwuLBEV2y5HmW4c-rs8RPyiBLqVlSYC84P0lM42ByZMxBtvHEloVwsiD-x-hEYdWcWl83Z4FenSFADtxonNFyvA6urvjERoPtdQ46uzMyRVIsi5-n0lpRuJGUIEtkSAKAmf-B5Cba4i3rHtRyrPWh9oiSIiYU0BfzY7fbHIiNi1OVm0YtwbsJ08vPwpDv8mdmyzaM4JRgSFx-i94hN2hxVPFV05Wt18WV3m_uCsuMk8cGqtvNlJyyn3vkAC3n4gfOtIQgGKGia2XLn7V36uIDHefsNEk2CjCDmaQvc2CQSUK4vYLHUa4slJCUJEssdk5rGiCUFUgAfyF6yl9yncOM426ua8FGVawkbSu3XDWZZwMneZ7y6V0InkMwuDoS4wy0lwW02eLOnJwWpV7Iq9zMZCFolKfXflLoSdzHLsQ6SLETMISh3A8HePYN73BHUvHIEAL9GlFAST7XPrq__bbPhiy46Mt9od7qkfHkdbJrg80ySpTC2py5RVqRBM9Ettpma3UF24026_5UDwpAmJkmR7JNu27ewI3E2TBw_vZ4H_H9kp8zfngyWYTQ9rLdzRx_ZefaI9HY4BtEM5g9n67cvZmoR31g06soV4Tsi0JRl2FKNL5fN5wTRP4MmhE67onmdeKgHLmdgO-fqBeFRyum_jrH5g661kqpt-Oj7NpkJQAHwLuW4O1hOY1s8DFxsLNmtMQiROsMrSa5UVwY1iawhraLabLOLY2yK6Lrv_NMIb77LgPDd5uU5qGaWrGXxO0KqhyDfquXO6rwxB2kmK09QNRhUkuqA4lLwZkFfRqZ1WLQ4RQDXAL-zhmLODwT2htv0sNsUDmA42Twe4PEC97uNQgoEWWr9xe1d2RhFTCpPTBz-lRU4pzZh5QYAiW6-FyK79Pl9GBjVhP4z6S-k37d0a8F3Wz8PryTZ7G6zT-vxmvR2oBymHQgJd_lh1OF5du8EhlYY9eZYgwki5YdslEw1LHIxrOVGus600MhquMozzzGj3wYx01LeVrb7Zo5XcuC3mjUU4v45Z9L4kdquGSmUd26CHHZRxi7WKdDsjyfcvkz1AYc1SfPb1r203j9wNlOdbLKHz2eX8wwcpfG3k2GycnLMxRlg2Z42PfX1ckS5kDdEfVPmB4ceE-cQHYexk1Pk6jNH1bvquVO4Xhj8Els57sunHdO3-TnDUeF3nenKqKrrtnSfoz3OALzaGTseQ7633cqt5CawCz6v_Pkg6ibCfh8YPFjOZBcQ43jLbLkd4qk1tilccF80r9zU0bjfV7Sw_bDRDIGVYZe2-zKan3iHinVvrB2G3zrwoPFQ70aUhiHL4zAI02apJePQ4-OSxXi0XFc_B-65ilDifVyozsETc-9OAkeQ-O9FKAM5rTsqlZ5NfhiRsCssUF-SzeIa4KrtaznQzzKxVzjAi3FJMBj7IP3gvVwlD3ckvAKnNr54WwUoqyo_Rjoc0HS14UiiMrOg6nVwhPqUUrg_Mxb8BaA0O6bdZxX2iGm6t2rD1V2yMS7vnOBfQoJVa8gGiegCd5v2g1v4fg3D6_2xa-pE7Y1C8VfIB4q0HpHvDxi6IIWZdQ8u7oqD1foUg2_3iG34Xl5GbKGa8mkKYZH2qM0wgVx5PS6TzBmwHYSOdwxh7-4LGvd4jiIcgQR7ro9l1HJiWPESADxKApnIZZNVF0ADg-mPUoeNAIWZfYFq3GalMQ4In5ua7mVUDA4_0hPRO8m2Uu7JvNbUVnScxi4KDsbpV0Sm6XMrYzNzZ9z4sTdwZmoBUJCmJ-E82XXxfLXMTeYaGIZ98oaxYmvc3_3C0vHPG1LWDmoSawrfdsS3b5pVGAUc1CvbD5j5AyIrTneWp0_RXs5dBr_iM905s5giPThMCOxmga6ry-ORztIPGvdqcwU8xkcleFOMrBDr_HwG497DfZxPpmVVb6p0b5H4P7nKN41ojF6qUYJRK2sUDyWrYGtP28XkNPL-5poTWy9Ibrj-drKIlXwzGcwJyXLdUPB2RFhzoDSuuKK9KErEK5XBBNB8BXe27I6toZKxpAFlZsN4bq9BFoZnJSKPekGCKcxyhg0CJ3sNx-gw7VoDO3xcesw7XPYW9qU-jVetN99ijyf7hX2NDSajUfM29TV4R1swZs_zF5h316kPib9yeDNQWQ8pmTG2mUDs5j7VVnOCG4SMBQUDJjUe-JPhnwAjlxhUybTe4p61in86kFFUrB46KDtngIoMzSegP3ogiBi85GZwdbhmzntzKJQrZnnp_lrjvtbKBDLd_NNqaAcLfRHbas-SS08NJuY6YbpTC6ZD65HdulvU6zM3xXeP46TBTBQyYxHHk-HDzxAOeuw_-CuMgC_EZr2zjGO7ABGX-mT9AVRHpzQ9zDASM2jxIoyVTqm8COEdBlukIsUJynlKZQlDsft7T1sJkhtKu95FkcNPa_Ihx9AJNlZO7O9fxx3qW4FUNl-bGiy9JSDCaCT5bXP_574MVMuzsszM8lnR2LmSAi6L20cqfMZazbztKxyY-UBklMtbWWM5ndZJd-8wpbRMfaJ2dWGgFkU4FYugRLcyvPdxzRFW8xj8c_08L_Qsksn5Ap3HcBkXRXaMvmM2f1Povjga14X8r_cfi5XNpVucwkYrqvpYV7H3n4JNX_bYQVcVanymE__cCPCmTpx4N0AtJUG3OEeuTEBWT-5qIhiCqq-0adiE5MJQQbvEDTSgXoFzdq1gX1GoXgP04nPsBY4pB7rEkbgEZvksyKA-vGF_lWgouRNesBd9yrYXpJNzRyyQlSzXtNVnLsi-TYAdrAZWHh5uzkRxMmdbkxctIEZW8T8D4mq-JDFeayd6OKvweoyFm25bz_8QY6qtLpW-yrJoDnT9uUlg-lUUvYIw609cQ6ybVUORhMWk5HMWl-bCiRu4gT7Og93Ykyer0lMZT5mYDaY1co2B7uiAPg8nFymNMGV1mRAoRe89ub1ElUQYj6_b29_RnBAdbZJkgtTDRspB_9gKSU9bU_6uMFkffIuDQKtbG7a8W_vcmb6ISHHwPe1NfLcS27IZa2_3eVsL-EUqjR36xcn6iD89TPYhmJDpeHd02gO5o8Zc6wXCswTQVtSF3mXDDTVufP3bGeTbDQcK8B2JPbeJ87vh2BB0OCZezy_2Myexby6Nc3CNncUy_JE1qsqqSNDc1zh0qa_6zFN5sOS3JOo4-Omk7zb_iObbXWG7kKnDLc41Kg8PGdiVFWBH0kcjBl-tji6WkfUQrVA18D1c-WMDOs0y4hUl0AdXVoEI2guDOt8KruLgZeS3ROiMYuZGcP7vbGRm4fm2Oczj9KtC5YUlZQKw2EEaFggAEhLkaCplKaOXfKuFv5DsL1pZKbBgAQ cache-control no-cache content-length 0 server nginx
GET H2	200	sca.17.5.12.js Show response static.adsafeprotected.com/ Frame D49D	80 KB 21 KB	74ms 8ms	Script application/javascript	2600:9000:223f:5e00:8:48e:53c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.adsafeprotected.com/sca.17.5.12.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223f:5e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Thu, 19 Aug 2021 18:55:08 GMT content-encoding gzip age 8267354 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-amz-replication-status COMPLETED last-modified Thu, 19 Aug 2021 16:31:24 GMT server AmazonS3 etag W/"9304f57298c3834ff107ea7ccb547996" vary Accept-Encoding x-amz-version-id 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja via 1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront) cache-control max-age=315360000 x-amz-cf-pop FRA56-P5 content-type application/javascript x-amz-cf-id -MtyBYWsFc37_y87sjQjosbkHaSsptcNSrgQGToDIto-_2I1YApFyg==
GET H2	200	dt dt.adsafeprotected.com/ Frame CAB4	43 B 215 B	317ms 99ms	Image image/gif	18.207.27.110 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://dt.adsafeprotected.com/dt?advEntityId=820761&asId=cfd5a702-8e25-c70c-b2c9-199e2b8d9ebb&tv=%7Bc:uMXDak,pingTime:-3,time:41,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:42,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B36~0%5D,as:%5B36~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sPAmpIv+11%7C12%7C13%7C141%7C142%7C143%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C1641%7C1711%7C181%7C19*.820761-57728794%7C191%7C1921%7C1a11%7C1a12%7C1a13%7C1a141%7C1b,idMap:19*,rmeas:1,rend:0,renddet:IMG.us%7D&br=c Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.207.27.110 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-207-27-110.compute-1.amazonaws.com Software nginx / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT x-server-name dt22.va.303net.net p3p CP="COM NAV INT STA NID OUR IND NOI" cache-control no-cache content-type image/gif content-length 43 server nginx
GET H2	200	dt dt.adsafeprotected.com/ Frame CAB4	43 B 216 B	314ms 98ms	Image image/gif	18.207.27.110 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://dt.adsafeprotected.com/dt?advEntityId=820761&asId=cfd5a702-8e25-c70c-b2c9-199e2b8d9ebb&tv=%7Bc:uMXDal,pingTime:-6,time:42,type:i,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:42,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B36~0%5D,as:%5B36~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sPAmpIv+11%7C12%7C13%7C141%7C142%7C143%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C1641%7C1711%7C181%7C19*.820761-57728794%7C191%7C1921%7C1a11%7C1a12%7C1a13%7C1a141%7C1b,idMap:19*,rmeas:1,rend:0,renddet:IMG.us%7D&tpiLookup=ao:mediacyber.id*&br=c Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.207.27.110 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-207-27-110.compute-1.amazonaws.com Software nginx / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT x-server-name dt23.va.303net.net p3p CP="COM NAV INT STA NID OUR IND NOI" cache-control no-cache content-type image/gif content-length 43 server nginx
GET H2	200	dt dt.adsafeprotected.com/ Frame CAB4	43 B 215 B	313ms 98ms	Image image/gif	18.207.27.110 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://dt.adsafeprotected.com/dt?advEntityId=820761&asId=cfd5a702-8e25-c70c-b2c9-199e2b8d9ebb&tv=%7Bc:uMXDao,pingTime:-2,time:45,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1068,beZ:1070,mfA:1072,cmA:1073,inA:1073,inZ:1076,prA:1076,prZ:1082,si:1086,poA:1087,poZ:1104,cmZ:1104,mfZ:1104,loA:1110,loZ:1112,ltA:1113,ltZ:1113%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:45,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B39~0%5D,as:%5B39~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sPAmpIv+11%7C12%7C13%7C141%7C142%7C143%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C1641%7C1711%7C181%7C19*.820761-57728794%7C191%7C1921%7C1a11%7C1a12%7C1a13%7C1a141%7C1b,idMap:19*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:IMG.us,sinceFw:26,readyFired:false%7D&br=c Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.207.27.110 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-207-27-110.compute-1.amazonaws.com Software nginx / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT x-server-name dt24.va.303net.net p3p CP="COM NAV INT STA NID OUR IND NOI" cache-control no-cache content-type image/gif content-length 43 server nginx
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 0C0D	0 20 B	43ms 42ms	Image image/gif	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BPAVaZM-cYdeDMMva7_UPop2o4AMAAAAAOAHgBAI&bg=!UlGlURXNAAZQLpa_UC47ACkAdvg8WvU5cFyTgeRHChRVKrnQr7MAS34920QY0_nGw7ojpkBLcC80ygIAAABvUgAAAAdoAQcKAMcP2np6z5MmAHPBUxAIag41EHq4uwN24wwHWmWFoGqZVi0D0FC-xx2_kCtOoTKdXoVOvos-qmHFwYMEPY5aZWmK9WxquRrulMVLGs44SO0KPOqMzcTLFJHW_RyaiRsU2x4GS3Qyb0O9Cn08xCBtMoL6YOguJBzjU-Xe1XptdB87fj3HG-JUGIgLFS0p5hq7eYeRj0u02qicurDhpromPqopE8_BjcB0SQbfQnFYs8A7GjPXIWbAGTPaFmkSYLc-c_HTtB5fKyDkmQKqxTrsK3CoR0XSbs6t2TvWu4Ot605uSqwsrTC923CWYglWuoCAxP55KoKmQPqOGAztPlQfDTFGYKqPqctPeMtsIRyrFU57A3pNxv0wyXsQlTq735zYdsRBqE6FMy5GAtfcosCbWEd_2P0YjIc_1aAFyFKVxYM5cKOWoy7aBCglIhQAOu4x28Z0yq8hu5a_Cl8rRNo_q5KKfRq9LF7eVz22GRAi8U61HINd0LXiddD6iBnfuiFXccwgpXMkDGqvSJcJ0DZ_3RYQs_alOu8WSkHnz00bavrMtGgWnauPBz6yt7MwSvQ0PJ2o7YWglG0yRiwe5Z7ZXpajRmrQXkPGsBN57cHmZqpY0qDFBZ9YRmnGrnOiOoSIrTqC7wuNVqDpclPpCAc6h8a-0Trs2ahKQ_B-XFF902HQ5NVPbN04I3ciK01xIHKxq1RXHKfBDNaW4LEcOHI-C--9A-Gm3xvhIeI0kffjm-WxmZLLeYRMmeJVUTvANMWtMLMmMqzVcLmfYKYJnbwf6dEtaSVMzIPek68vpI58WN1isJKVg6DEn86FjxSoqJZgEyipHDzG-XPqPAk8xT4RrrTujYeErV-dypasp215eGxGJxbA9ZzB7ibHzEEeW-a0j9cv3M6b0VIsvPRcoqBixe5mWbHfdh6m3waRIzkdz4J2Ve8VAh7edu1l8bQjEHcv9YTfAkym6Z9Xyfmt51jn2mxzKb5ff6j-tv6V20rI9fzj7fXLCKv0LhwAvhddkzYa4adgwSLfqjbbyyZ13DsS624xEhpt7MM8bowRzasXydcMrA29eiBMVTJ1xH11BcNjEnGOG3iQET3CC4RBivS5DROHPkkbm3xijZLrmcQsy3-IR7M-OENkTJ3EBatqX0akNOKXmzUPjrni0eXZ_EENQcBMGbnZBA Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	html_inpage_rendering_lib_200_275.js Show response s0.2mdn.net/879366/ Frame CAB4	169 KB 59 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Origin https://googleads.g.doubleclick.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 10:03:52 GMT content-encoding gzip x-content-type-options nosniff age 4829 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 60173 x-xss-protection 0 last-modified Mon, 27 Sep 2021 18:44:51 GMT server sffe vary Accept-Encoding report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Wed, 24 Nov 2021 10:03:52 GMT
GET H3	200	omrhp.js Show response pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame CAB4	8 KB 3 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp.js Requested by Host: fw.adsafeprotected.com URL: https://fw.adsafeprotected.com/rfw/bgd/820761/57728794/xbbe/creative/adj?p=APEucNXYE4Kt7zvIpJD3n1MNN4v2Go2vwM0OH0_Aw3cc6aY-wlJfThg&d=CnkAoCZ_4E4egiCwd_PFb0MdRbw_OUVOc728WfkBcaMwuLBEV2y5HmW4c-rs8RPyiBLqVlSYC84P0lM42ByZMxBtvHEloVwsiD-x-hEYdWcWl83Z4FenSFADtxonNFyvA6urvjERoPtdQ46uzMyRVIsi5-n0lpRuJGUIEtkSAKAmf-B5Cba4i3rHtRyrPWh9oiSIiYU0BfzY7fbHIiNi1OVm0YtwbsJ08vPwpDv8mdmyzaM4JRgSFx-i94hN2hxVPFV05Wt18WV3m_uCsuMk8cGqtvNlJyyn3vkAC3n4gfOtIQgGKGia2XLn7V36uIDHefsNEk2CjCDmaQvc2CQSUK4vYLHUa4slJCUJEssdk5rGiCUFUgAfyF6yl9yncOM426ua8FGVawkbSu3XDWZZwMneZ7y6V0InkMwuDoS4wy0lwW02eLOnJwWpV7Iq9zMZCFolKfXflLoSdzHLsQ6SLETMISh3A8HePYN73BHUvHIEAL9GlFAST7XPrq__bbPhiy46Mt9od7qkfHkdbJrg80ySpTC2py5RVqRBM9Ettpma3UF24026_5UDwpAmJkmR7JNu27ewI3E2TBw_vZ4H_H9kp8zfngyWYTQ9rLdzRx_ZefaI9HY4BtEM5g9n67cvZmoR31g06soV4Tsi0JRl2FKNL5fN5wTRP4MmhE67onmdeKgHLmdgO-fqBeFRyum_jrH5g661kqpt-Oj7NpkJQAHwLuW4O1hOY1s8DFxsLNmtMQiROsMrSa5UVwY1iawhraLabLOLY2yK6Lrv_NMIb77LgPDd5uU5qGaWrGXxO0KqhyDfquXO6rwxB2kmK09QNRhUkuqA4lLwZkFfRqZ1WLQ4RQDXAL-zhmLODwT2htv0sNsUDmA42Twe4PEC97uNQgoEWWr9xe1d2RhFTCpPTBz-lRU4pzZh5QYAiW6-FyK79Pl9GBjVhP4z6S-k37d0a8F3Wz8PryTZ7G6zT-vxmvR2oBymHQgJd_lh1OF5du8EhlYY9eZYgwki5YdslEw1LHIxrOVGus600MhquMozzzGj3wYx01LeVrb7Zo5XcuC3mjUU4v45Z9L4kdquGSmUd26CHHZRxi7WKdDsjyfcvkz1AYc1SfPb1r203j9wNlOdbLKHz2eX8wwcpfG3k2GycnLMxRlg2Z42PfX1ckS5kDdEfVPmB4ceE-cQHYexk1Pk6jNH1bvquVO4Xhj8Els57sunHdO3-TnDUeF3nenKqKrrtnSfoz3OALzaGTseQ7633cqt5CawCz6v_Pkg6ibCfh8YPFjOZBcQ43jLbLkd4qk1tilccF80r9zU0bjfV7Sw_bDRDIGVYZe2-zKan3iHinVvrB2G3zrwoPFQ70aUhiHL4zAI02apJePQ4-OSxXi0XFc_B-65ilDifVyozsETc-9OAkeQ-O9FKAM5rTsqlZ5NfhiRsCssUF-SzeIa4KrtaznQzzKxVzjAi3FJMBj7IP3gvVwlD3ckvAKnNr54WwUoqyo_Rjoc0HS14UiiMrOg6nVwhPqUUrg_Mxb8BaA0O6bdZxX2iGm6t2rD1V2yMS7vnOBfQoJVa8gGiegCd5v2g1v4fg3D6_2xa-pE7Y1C8VfIB4q0HpHvDxi6IIWZdQ8u7oqD1foUg2_3iG34Xl5GbKGa8mkKYZH2qM0wgVx5PS6TzBmwHYSOdwxh7-4LGvd4jiIcgQR7ro9l1HJiWPESADxKApnIZZNVF0ADg-mPUoeNAIWZfYFq3GalMQ4In5ua7mVUDA4_0hPRO8m2Uu7JvNbUVnScxi4KDsbpV0Sm6XMrYzNzZ9z4sTdwZmoBUJCmJ-E82XXxfLXMTeYaGIZ98oaxYmvc3_3C0vHPG1LWDmoSawrfdsS3b5pVGAUc1CvbD5j5AyIrTneWp0_RXs5dBr_iM905s5giPThMCOxmga6ry-ORztIPGvdqcwU8xkcleFOMrBDr_HwG497DfZxPpmVVb6p0b5H4P7nKN41ojF6qUYJRK2sUDyWrYGtP28XkNPL-5poTWy9Ibrj-drKIlXwzGcwJyXLdUPB2RFhzoDSuuKK9KErEK5XBBNB8BXe27I6toZKxpAFlZsN4bq9BFoZnJSKPekGCKcxyhg0CJ3sNx-gw7VoDO3xcesw7XPYW9qU-jVetN99ijyf7hX2NDSajUfM29TV4R1swZs_zF5h316kPib9yeDNQWQ8pmTG2mUDs5j7VVnOCG4SMBQUDJjUe-JPhnwAjlxhUybTe4p61in86kFFUrB46KDtngIoMzSegP3ogiBi85GZwdbhmzntzKJQrZnnp_lrjvtbKBDLd_NNqaAcLfRHbas-SS08NJuY6YbpTC6ZD65HdulvU6zM3xXeP46TBTBQyYxHHk-HDzxAOeuw_-CuMgC_EZr2zjGO7ABGX-mT9AVRHpzQ9zDASM2jxIoyVTqm8COEdBlukIsUJynlKZQlDsft7T1sJkhtKu95FkcNPa_Ihx9AJNlZO7O9fxx3qW4FUNl-bGiy9JSDCaCT5bXP_574MVMuzsszM8lnR2LmSAi6L20cqfMZazbztKxyY-UBklMtbWWM5ndZJd-8wpbRMfaJ2dWGgFkU4FYugRLcyvPdxzRFW8xj8c_08L_Qsksn5Ap3HcBkXRXaMvmM2f1Povjga14X8r_cfi5XNpVucwkYrqvpYV7H3n4JNX_bYQVcVanymE__cCPCmTpx4N0AtJUG3OEeuTEBWT-5qIhiCqq-0adiE5MJQQbvEDTSgXoFzdq1gX1GoXgP04nPsBY4pB7rEkbgEZvksyKA-vGF_lWgouRNesBd9yrYXpJNzRyyQlSzXtNVnLsi-TYAdrAZWHh5uzkRxMmdbkxctIEZW8T8D4mq-JDFeayd6OKvweoyFm25bz_8QY6qtLpW-yrJoDnT9uUlg-lUUvYIw609cQ6ybVUORhMWk5HMWl-bCiRu4gT7Og93Ykyer0lMZT5mYDaY1co2B7uiAPg8nFymNMGV1mRAoRe89ub1ElUQYj6_b29_RnBAdbZJkgtTDRspB_9gKSU9bU_6uMFkffIuDQKtbG7a8W_vcmb6ISHHwPe1NfLcS27IZa2_3eVsL-EUqjR36xcn6iD89TPYhmJDpeHd02gO5o8Zc6wXCswTQVtSF3mXDDTVufP3bGeTbDQcK8B2JPbeJ87vh2BB0OCZezy_2Myexby6Nc3CNncUy_JE1qsqqSNDc1zh0qa_6zFN5sOS3JOo4-Omk7zb_iObbXWG7kKnDLc41Kg8PGdiVFWBH0kcjBl-tji6WkfUQrVA18D1c-WMDOs0y4hUl0AdXVoEI2guDOt8KruLgZeS3ROiMYuZGcP7vbGRm4fm2Oczj9KtC5YUlZQKw2EEaFggAEhLkaCplKaOXfKuFv5DsL1pZKbBgAQ&adsafe_url=https%3A%2F%2Fmediacyber.id%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7307355418381929%26output%3Dhtml%26h%3D90%26slotname%3D4937810024%26adk%3D457726996%26adf%3D1183505835%26pi%3Dt.ma~as.4937810024%26w%3D728%26lmt%3D1637666659%26psa%3D1%26format%3D728x90%26url%3Dhttps%253A%252F%252Fmediacyber.id%252Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%252F%26flash%3D0%26host%3Dca-host-pub-2644536267352236%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.%26dt%3D1637666659882%26bpp%3D1%26bdt%3D4667%26idt%3D1%26shv%3Dr20211111%26mjsv%3Dm202111110101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253De5f47813f0b7e9b0-221f8b45f6cb00ed%253AT%253D1637666658%253ART%253D1637666658%253AS%253DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA%26prev_fmts%3D0x0%252C696x280%252C696x280%252C535x280%252C1600x1200%252C1005x124%26nras%3D6%26correlator%3D7181080420003%26frm%3D20%26pv%3D1%26ga_vid%3D628370486.1637666658%26ga_sid%3D1637666658%26ga_hid%3D1121670426%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D606%26ady%3D56%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31062938%26oid%3D2%26psts%3DAGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%252CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%252CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%252CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA%26pvsid%3D1351388657282890%26pem%3D434%26tmod%3D419901012%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CaE%257C%26abl%3DCA%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D8%26uci%3Da!8%26fsb%3D1%26xpc%3DkzR4ntWDHD%26p%3Dhttps%253A%2F%2Fmediacyber.id%26dtd%3D4&adsafe_type=d&adsafe_jsinfo=,id:cfd5a702-8e25-c70c-b2c9-199e2b8d9ebb,c:uMXD9W,sl:outOfView,em:true,fr:false,thd:1,mn:app09ie,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:forwrd1,nbld:0,mtim:3,fm:sPAmpIv+11%7C12%7C13%7C141%7C142%7C143%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C1641%7C1711%7C181%7C19*.820761-57728794%7C191%7C1921%7C1a11%7C1a12%7C1a13%7C1a141%7C1b,idMap:19*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:18,oid:e751d60c-4c4f-11ec-a1e5-0ae761671616,v:19.8.270,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:16:16 GMT content-encoding gzip x-content-type-options nosniff age 485 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 3140 x-xss-protection 0 server cafe etag 17163059639670574047 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:16:16 GMT
GET H3	200	abg_lite.js Show response pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame CAB4	24 KB 9 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js Requested by Host: fw.adsafeprotected.com URL: https://fw.adsafeprotected.com/rfw/bgd/820761/57728794/xbbe/creative/adj?p=APEucNXYE4Kt7zvIpJD3n1MNN4v2Go2vwM0OH0_Aw3cc6aY-wlJfThg&d=CnkAoCZ_4E4egiCwd_PFb0MdRbw_OUVOc728WfkBcaMwuLBEV2y5HmW4c-rs8RPyiBLqVlSYC84P0lM42ByZMxBtvHEloVwsiD-x-hEYdWcWl83Z4FenSFADtxonNFyvA6urvjERoPtdQ46uzMyRVIsi5-n0lpRuJGUIEtkSAKAmf-B5Cba4i3rHtRyrPWh9oiSIiYU0BfzY7fbHIiNi1OVm0YtwbsJ08vPwpDv8mdmyzaM4JRgSFx-i94hN2hxVPFV05Wt18WV3m_uCsuMk8cGqtvNlJyyn3vkAC3n4gfOtIQgGKGia2XLn7V36uIDHefsNEk2CjCDmaQvc2CQSUK4vYLHUa4slJCUJEssdk5rGiCUFUgAfyF6yl9yncOM426ua8FGVawkbSu3XDWZZwMneZ7y6V0InkMwuDoS4wy0lwW02eLOnJwWpV7Iq9zMZCFolKfXflLoSdzHLsQ6SLETMISh3A8HePYN73BHUvHIEAL9GlFAST7XPrq__bbPhiy46Mt9od7qkfHkdbJrg80ySpTC2py5RVqRBM9Ettpma3UF24026_5UDwpAmJkmR7JNu27ewI3E2TBw_vZ4H_H9kp8zfngyWYTQ9rLdzRx_ZefaI9HY4BtEM5g9n67cvZmoR31g06soV4Tsi0JRl2FKNL5fN5wTRP4MmhE67onmdeKgHLmdgO-fqBeFRyum_jrH5g661kqpt-Oj7NpkJQAHwLuW4O1hOY1s8DFxsLNmtMQiROsMrSa5UVwY1iawhraLabLOLY2yK6Lrv_NMIb77LgPDd5uU5qGaWrGXxO0KqhyDfquXO6rwxB2kmK09QNRhUkuqA4lLwZkFfRqZ1WLQ4RQDXAL-zhmLODwT2htv0sNsUDmA42Twe4PEC97uNQgoEWWr9xe1d2RhFTCpPTBz-lRU4pzZh5QYAiW6-FyK79Pl9GBjVhP4z6S-k37d0a8F3Wz8PryTZ7G6zT-vxmvR2oBymHQgJd_lh1OF5du8EhlYY9eZYgwki5YdslEw1LHIxrOVGus600MhquMozzzGj3wYx01LeVrb7Zo5XcuC3mjUU4v45Z9L4kdquGSmUd26CHHZRxi7WKdDsjyfcvkz1AYc1SfPb1r203j9wNlOdbLKHz2eX8wwcpfG3k2GycnLMxRlg2Z42PfX1ckS5kDdEfVPmB4ceE-cQHYexk1Pk6jNH1bvquVO4Xhj8Els57sunHdO3-TnDUeF3nenKqKrrtnSfoz3OALzaGTseQ7633cqt5CawCz6v_Pkg6ibCfh8YPFjOZBcQ43jLbLkd4qk1tilccF80r9zU0bjfV7Sw_bDRDIGVYZe2-zKan3iHinVvrB2G3zrwoPFQ70aUhiHL4zAI02apJePQ4-OSxXi0XFc_B-65ilDifVyozsETc-9OAkeQ-O9FKAM5rTsqlZ5NfhiRsCssUF-SzeIa4KrtaznQzzKxVzjAi3FJMBj7IP3gvVwlD3ckvAKnNr54WwUoqyo_Rjoc0HS14UiiMrOg6nVwhPqUUrg_Mxb8BaA0O6bdZxX2iGm6t2rD1V2yMS7vnOBfQoJVa8gGiegCd5v2g1v4fg3D6_2xa-pE7Y1C8VfIB4q0HpHvDxi6IIWZdQ8u7oqD1foUg2_3iG34Xl5GbKGa8mkKYZH2qM0wgVx5PS6TzBmwHYSOdwxh7-4LGvd4jiIcgQR7ro9l1HJiWPESADxKApnIZZNVF0ADg-mPUoeNAIWZfYFq3GalMQ4In5ua7mVUDA4_0hPRO8m2Uu7JvNbUVnScxi4KDsbpV0Sm6XMrYzNzZ9z4sTdwZmoBUJCmJ-E82XXxfLXMTeYaGIZ98oaxYmvc3_3C0vHPG1LWDmoSawrfdsS3b5pVGAUc1CvbD5j5AyIrTneWp0_RXs5dBr_iM905s5giPThMCOxmga6ry-ORztIPGvdqcwU8xkcleFOMrBDr_HwG497DfZxPpmVVb6p0b5H4P7nKN41ojF6qUYJRK2sUDyWrYGtP28XkNPL-5poTWy9Ibrj-drKIlXwzGcwJyXLdUPB2RFhzoDSuuKK9KErEK5XBBNB8BXe27I6toZKxpAFlZsN4bq9BFoZnJSKPekGCKcxyhg0CJ3sNx-gw7VoDO3xcesw7XPYW9qU-jVetN99ijyf7hX2NDSajUfM29TV4R1swZs_zF5h316kPib9yeDNQWQ8pmTG2mUDs5j7VVnOCG4SMBQUDJjUe-JPhnwAjlxhUybTe4p61in86kFFUrB46KDtngIoMzSegP3ogiBi85GZwdbhmzntzKJQrZnnp_lrjvtbKBDLd_NNqaAcLfRHbas-SS08NJuY6YbpTC6ZD65HdulvU6zM3xXeP46TBTBQyYxHHk-HDzxAOeuw_-CuMgC_EZr2zjGO7ABGX-mT9AVRHpzQ9zDASM2jxIoyVTqm8COEdBlukIsUJynlKZQlDsft7T1sJkhtKu95FkcNPa_Ihx9AJNlZO7O9fxx3qW4FUNl-bGiy9JSDCaCT5bXP_574MVMuzsszM8lnR2LmSAi6L20cqfMZazbztKxyY-UBklMtbWWM5ndZJd-8wpbRMfaJ2dWGgFkU4FYugRLcyvPdxzRFW8xj8c_08L_Qsksn5Ap3HcBkXRXaMvmM2f1Povjga14X8r_cfi5XNpVucwkYrqvpYV7H3n4JNX_bYQVcVanymE__cCPCmTpx4N0AtJUG3OEeuTEBWT-5qIhiCqq-0adiE5MJQQbvEDTSgXoFzdq1gX1GoXgP04nPsBY4pB7rEkbgEZvksyKA-vGF_lWgouRNesBd9yrYXpJNzRyyQlSzXtNVnLsi-TYAdrAZWHh5uzkRxMmdbkxctIEZW8T8D4mq-JDFeayd6OKvweoyFm25bz_8QY6qtLpW-yrJoDnT9uUlg-lUUvYIw609cQ6ybVUORhMWk5HMWl-bCiRu4gT7Og93Ykyer0lMZT5mYDaY1co2B7uiAPg8nFymNMGV1mRAoRe89ub1ElUQYj6_b29_RnBAdbZJkgtTDRspB_9gKSU9bU_6uMFkffIuDQKtbG7a8W_vcmb6ISHHwPe1NfLcS27IZa2_3eVsL-EUqjR36xcn6iD89TPYhmJDpeHd02gO5o8Zc6wXCswTQVtSF3mXDDTVufP3bGeTbDQcK8B2JPbeJ87vh2BB0OCZezy_2Myexby6Nc3CNncUy_JE1qsqqSNDc1zh0qa_6zFN5sOS3JOo4-Omk7zb_iObbXWG7kKnDLc41Kg8PGdiVFWBH0kcjBl-tji6WkfUQrVA18D1c-WMDOs0y4hUl0AdXVoEI2guDOt8KruLgZeS3ROiMYuZGcP7vbGRm4fm2Oczj9KtC5YUlZQKw2EEaFggAEhLkaCplKaOXfKuFv5DsL1pZKbBgAQ&adsafe_url=https%3A%2F%2Fmediacyber.id%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-7307355418381929%26output%3Dhtml%26h%3D90%26slotname%3D4937810024%26adk%3D457726996%26adf%3D1183505835%26pi%3Dt.ma~as.4937810024%26w%3D728%26lmt%3D1637666659%26psa%3D1%26format%3D728x90%26url%3Dhttps%253A%252F%252Fmediacyber.id%252Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%252F%26flash%3D0%26host%3Dca-host-pub-2644536267352236%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.%26dt%3D1637666659882%26bpp%3D1%26bdt%3D4667%26idt%3D1%26shv%3Dr20211111%26mjsv%3Dm202111110101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253De5f47813f0b7e9b0-221f8b45f6cb00ed%253AT%253D1637666658%253ART%253D1637666658%253AS%253DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA%26prev_fmts%3D0x0%252C696x280%252C696x280%252C535x280%252C1600x1200%252C1005x124%26nras%3D6%26correlator%3D7181080420003%26frm%3D20%26pv%3D1%26ga_vid%3D628370486.1637666658%26ga_sid%3D1637666658%26ga_hid%3D1121670426%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D606%26ady%3D56%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31062938%26oid%3D2%26psts%3DAGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%252CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%252CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%252CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA%26pvsid%3D1351388657282890%26pem%3D434%26tmod%3D419901012%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CaE%257C%26abl%3DCA%26pfx%3D0%26fu%3D0%26bc%3D31%26ifi%3D8%26uci%3Da!8%26fsb%3D1%26xpc%3DkzR4ntWDHD%26p%3Dhttps%253A%2F%2Fmediacyber.id%26dtd%3D4&adsafe_type=d&adsafe_jsinfo=,id:cfd5a702-8e25-c70c-b2c9-199e2b8d9ebb,c:uMXD9W,sl:outOfView,em:true,fr:false,thd:1,mn:app09ie,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:forwrd1,nbld:0,mtim:3,fm:sPAmpIv+11%7C12%7C13%7C141%7C142%7C143%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C1641%7C1711%7C181%7C19*.820761-57728794%7C191%7C1921%7C1a11%7C1a12%7C1a13%7C1a141%7C1b,idMap:19*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:18,oid:e751d60c-4c4f-11ec-a1e5-0ae761671616,v:19.8.270,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:22:42 GMT content-encoding gzip x-content-type-options nosniff age 99 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 9475 x-xss-protection 0 server cafe etag 15988442915344899701 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Tue, 07 Dec 2021 11:22:42 GMT
GET H3	200	cookie_push_onload.html Show response pagead2.googlesyndication.com/pagead/s/ Frame C998	1 KB 749 B	8ms 7ms	Document text/html	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin * cross-origin-resource-policy cross-origin vary Accept-Encoding date Mon, 22 Nov 2021 13:26:12 GMT expires Tue, 23 Nov 2021 13:26:12 GMT content-type text/html; charset=UTF-8 etag 48472445140208031 x-content-type-options nosniff content-encoding gzip server cafe content-length 724 x-xss-protection 0 age 79089 cache-control public, max-age=86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
GET DATA	200 OK	truncated / Frame CAB4	215 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b329f394c41cc262fb00739380d11b90b36952127fde3b3140eb1fa26c9fda55 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET H3	200	728x90.html Show response s0.2mdn.net/sadbundle/9821004190292377600/ Frame DCD3	46 KB 16 KB	15ms 15ms	Document text/html	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/sadbundle/9821004190292377600/728x90.html?e=69&leftOffset=0&topOffset=0&c=fRgIXHJi9F&t=1&renderingType=2 Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 49556f75c5d2a75fee824d7041c1e42b07cf5c21f66e88b3b48d2d933a2bd713 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ Response headers accept-ranges bytes vary Accept-Encoding content-type text/html access-control-allow-origin * cross-origin-resource-policy cross-origin cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} timing-allow-origin * date Tue, 23 Nov 2021 11:24:21 GMT expires Wed, 23 Nov 2022 11:24:21 GMT cache-control public, max-age=31536000 last-modified Wed, 13 Oct 2021 15:19:14 GMT x-content-type-options nosniff x-dns-prefetch-control off content-encoding gzip server sffe x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
POST H3	200	view googleads4.g.doubleclick.net/pcs/ Frame CAB4	0 23 B	43ms 43ms	Ping image/gif	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu2G1ouYc5qCheYbHa9K8DUYX0PXhZ97NaotA-AwEbl-6PdP3Ex_wM9-s4uzcPFcnPgda1bjJ9rxKJcidvNCuEOkHHKur_fXxfkTYOHwJVPfNSiOoVdEanam9OdLXIuPJHX0q0dWAdE73ORQ_rPjmrn&sai=AMfl-YSOWXaRc4M7lFYVfxCfGuHs8jDpUDO4q_MUJYhnJP4KV-3MhAJA4xzuywslpaoRdU8B-Ct6U-yKxPGWdS3pilmezMUIT6htngQ&sig=Cg0ArKJSzKUYAjT-eUpdEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=47&cbvp=1&cstd=45&cisv=r20211111.15528&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl= Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:21 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe
GET H2	200	m secure-gg.imrworldwide.com/cgi-bin/ Frame CAB4	0 297 B	139ms 36ms	Image text/plain	34.254.53.235 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://secure-gg.imrworldwide.com/cgi-bin/m?ca=nlsn298945&cr=159762225&ce=N773418.3116036AFFIPERFDE-773418&pc=316775236&ci=nlsnci1193&am=1&at=view&rt=banner&st=image&gdpr=&gdpr_consent=&r=186575556&C78=G1,DCM&uoo=0 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.254.53.235 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-254-53-235.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT server nginx access-control-allow-methods POST, OPTIONS p3p P3P policyref="http://secure-gg.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM" access-control-allow-origin * cache-control no-cache cross-origin-resource-policy cross-origin content-length 0 expires Thu, 01 Dec 1994 16:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame C998 Redirect Chain https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEG6Upos2TcJFOl_PKi9_gA&google_cver=1&google_push=AYg5qPKwLy04UHfKOfrDPt3YaJSw1u08eaBQemxGm-tBYcVUqJbCcJ3ZMQ... https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKwLy04UHfKOfrDPt3YaJSw1u08eaBQemxGm-tBYcVUqJbCcJ3ZMQB9h-JpPL5zhm919pmf__JkLBCyLJVyBU041qnqEAG7&google_hm=WIE-di...	170 B 188 B	17ms 16ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKwLy04UHfKOfrDPt3YaJSw1u08eaBQemxGm-tBYcVUqJbCcJ3ZMQB9h-JpPL5zhm919pmf__JkLBCyLJVyBU041qnqEAG7&google_hm=WIE-dil3j-zEZZV005wK6Q Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKwLy04UHfKOfrDPt3YaJSw1u08eaBQemxGm-tBYcVUqJbCcJ3ZMQB9h-JpPL5zhm919pmf__JkLBCyLJVyBU041qnqEAG7&google_hm=WIE-dil3j-zEZZV005wK6Q pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT cache-control private, no-cache, no-store, proxy-revalidate content-length 0 strict-transport-security max-age=86400 expires Fri, 04 Aug 1978 12:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame C998 Redirect Chain https://d.agkn.com/pixel/2175/?google_gid=CAESECBDJKLlvDPSLea7LO_mQR8&google_cver=1&google_push=AYg5qPISzIVQJjp7YxaOv2tgxsTR7PaNsV-4ByFkhx4igVnnxr-glHQa04bX3S_ocwnQPlt-74op0sllWTvIjLRLh0tezabN-3Fv https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPISzIVQJjp7YxaOv2tgxsTR7PaNsV-4ByFkhx4igVnnxr-glHQa04bX3S_ocwnQPlt-74op0sllWTvIjLRLh0tezabN-3Fv&google_hm=Q0FFU0VDQkRKS0xsdkRQU...	170 B 188 B	33ms 32ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPISzIVQJjp7YxaOv2tgxsTR7PaNsV-4ByFkhx4igVnnxr-glHQa04bX3S_ocwnQPlt-74op0sllWTvIjLRLh0tezabN-3Fv&google_hm=Q0FFU0VDQkRKS0xsdkRQU0xlYTdMT19tUVI4 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers Pragma no-cache Date Tue, 23 Nov 2021 11:24:21 GMT Server Apache-Coyote/1.1 P3P CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Location https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPISzIVQJjp7YxaOv2tgxsTR7PaNsV-4ByFkhx4igVnnxr-glHQa04bX3S_ocwnQPlt-74op0sllWTvIjLRLh0tezabN-3Fv&google_hm=Q0FFU0VDQkRKS0xsdkRQU0xlYTdMT19tUVI4 Cache-Control no-cache, must-revalidate Connection keep-alive Content-Length 0 Expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	466606.gif id.rlcdn.com/ Frame C998	42 B 304 B	17ms 15ms	Image image/gif	35.244.174.68 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPI0sG9rij2DObqKZwykwgr6y4ACoE069LxrUEBj3mDoeQ7X7URQpjdTKK_iYCLd18_fgqK_7kG6qwlNmxTBuxXGjy8v8RIw&google_gid=CAESEP1pWyX3UzlsbliU1tvmKNM&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:21 GMT via 1.1 google p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" cache-control no-cache, no-store content-type image/gif alt-svc clear content-length 42
GET H2	200	sync odr.mookie1.com/t/v2/ Frame C998	43 B 106 B	17ms 16ms	Image image/gif	34.98.67.61 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEEZuGljDEzmR-G7qP4O3QAA&google_push=AYg5qPJbQrjONRsGTi3Oj7oKSN6051RjMMP9XilKs8SgxvFea8wHAwXCrgtFGRCnE3p6kXP9LU2N-zX6ACfhyQ1FMKyz7HjU2uO8&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 61.67.98.34.bc.googleusercontent.com Software Apache / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT via 1.1 google server Apache p3p CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml" cache-control no-cache, no-store, must-revalidate content-type image/gif;charset=UTF-8 alt-svc clear content-length 43 x-application-context application expires Thu, 01 Jan 1970 00:00:00 GMT
GET H3	200	pixel cm.g.doubleclick.net/ Frame C998 Redirect Chain https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%... https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...	170 B 188 B	33ms 32ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKIsfyRZQTxV61TNdbgMqzLWZxZJRuT25LUqM0GF2nCnd28DyvoC3VowQmcxhsmXR5OqpKVs3Hdzc0BkPkyJdEcpll3cHxT Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=bLjnwK8ZQdWBhaulqaJagQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKIsfyRZQTxV61TNdbgMqzLWZxZJRuT25LUqM0GF2nCnd28DyvoC3VowQmcxhsmXR5OqpKVs3Hdzc0BkPkyJdEcpll3cHxT date Tue, 23 Nov 2021 11:24:19 GMT p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" content-length 0 content-type text/html; charset=UTF-8
GET		pixel cm.g.doubleclick.net/ Frame C998 Redirect Chain https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1&googl... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb... https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhb...	0 0
GET H3	200	pixel cm.g.doubleclick.net/ Frame C998 Redirect Chain https://ag.innovid.com/trk?tid=11711&google_gid=CAESENod3C7X6o3nwGwCl63srVg&google_cver=1&google_push=AYg5qPKurOdiv-hUPXoA09VqG4DPlV5BSWpeOA1qljuAPgOXF5bXocPJW829TyZ5witC3nvGYGhsAJ5dvLaEniq_YAA-eiD... https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPKurOdiv-hUPXoA09VqG4DPlV5BSWpeOA1qljuAPgOXF5bXocPJW829TyZ5witC3nvGYGhsAJ5dvLaEniq_YAA-eiDyk54&google_hm=Blw9gadxQTOAiGljI...	170 B 188 B	32ms 31ms	Image image/png	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPKurOdiv-hUPXoA09VqG4DPlV5BSWpeOA1qljuAPgOXF5bXocPJW829TyZ5witC3nvGYGhsAJ5dvLaEniq_YAA-eiDyk54&google_hm=Blw9gadxQTOAiGljI0xPcA Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers location https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPKurOdiv-hUPXoA09VqG4DPlV5BSWpeOA1qljuAPgOXF5bXocPJW829TyZ5witC3nvGYGhsAJ5dvLaEniq_YAA-eiDyk54&google_hm=Blw9gadxQTOAiGljI0xPcA pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT cache-control no-cache content-length 0 request-time 0 expires -1
GET H3	204	attr cm.g.doubleclick.net/pixel/ Frame C998	0 12 B	15ms 15ms	Image text/html	142.250.186.162 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L2I0V8XJPggRL-sX38xHcD-9KpZXzXSGWvbf1fmujJxRdSCgcziS1JGhd499-WvxY62VRt Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7307355418381929&output=html&h=90&slotname=4937810024&adk=457726996&adf=1183505835&pi=t.ma~as.4937810024&w=728&lmt=1637666659&psa=1&format=728x90&url=https%3A%2F%2Fmediacyber.id%2Fcomeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1637666659882&bpp=1&bdt=4667&idt=1&shv=r20211111&mjsv=m202111110101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De5f47813f0b7e9b0-221f8b45f6cb00ed%3AT%3D1637666658%3ART%3D1637666658%3AS%3DALNI_MYkG2I1A3RgjFDlgCk7G4LlPA9eJA&prev_fmts=0x0%2C696x280%2C696x280%2C535x280%2C1600x1200%2C1005x124&nras=6&correlator=7181080420003&frm=20&pv=1&ga_vid=628370486.1637666658&ga_sid=1637666658&ga_hid=1121670426&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=606&ady=56&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062938&oid=2&psts=AGkb-H_Bb9VOSVZ1x6KT-fAsBTqu2V8y3HN080Lkims0MsQVpdmLDlp18QcjoXcqClWK_dLQ8Ptn1xIF3I2ZHjarLrOd1XsDO5YklS8fpfM%2CAGkb-H-f0PJ-m-O4E9Jx_s4HWwSwp59FSscBlF6LRymCl3XW8cQuWVKus3840icOE7P9azhzYWUbMbIMtmo%2CAGkb-H9eqWgI_qsj_wrlvtR-tanm1SxMinOD2cUBQhsoB6OhW2y7t0b3KWpWEjS0v_eQtICM_EHagNUV3xzfgWJwPQ%2CAGkb-H-9h60MmNDvdZ7ujoJxRvjjsqtmRKvxDU9aRtS-U6ffIYPaOlb5LtSnqvfPDEVyvvVLd6Vfn8jgbEA&pvsid=1351388657282890&pem=434&tmod=419901012&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaE%7C&abl=CA&pfx=0&fu=0&bc=31&ifi=8&uci=a!8&fsb=1&xpc=kzR4ntWDHD&p=https%3A//mediacyber.id&dtd=4 Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.186.162 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://pagead2.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:21 GMT server HTTP server (unknown) alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 content-type text/html
GET H3	200	Enabler_01_247.js Show response s0.2mdn.net/879366/ Frame DCD3	118 KB 40 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/879366/Enabler_01_247.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/9821004190292377600/728x90.html?e=69&leftOffset=0&topOffset=0&c=fRgIXHJi9F&t=1&renderingType=2 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/9821004190292377600/728x90.html?e=69&leftOffset=0&topOffset=0&c=fRgIXHJi9F&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 03:01:28 GMT content-encoding gzip x-content-type-options nosniff age 30173 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 41099 x-xss-protection 0 last-modified Mon, 27 Sep 2021 18:45:07 GMT server sffe vary Accept-Encoding report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Wed, 24 Nov 2021 03:01:28 GMT
GET H3	200	gsap_3.5.1_min.js Show response s0.2mdn.net/ads/studio/cached_libs/ Frame DCD3	60 KB 24 KB	16ms 16ms	Script text/javascript	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/sadbundle/9821004190292377600/728x90.html?e=69&leftOffset=0&topOffset=0&c=fRgIXHJi9F&t=1&renderingType=2 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/9821004190292377600/728x90.html?e=69&leftOffset=0&topOffset=0&c=fRgIXHJi9F&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:21 GMT content-encoding gzip x-content-type-options nosniff age 0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 24155 x-xss-protection 0 last-modified Mon, 31 Aug 2020 21:23:17 GMT server sffe vary Accept-Encoding report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=0 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 11:24:21 GMT
POST H3	200	view googleads4.g.doubleclick.net/pcs/ Frame CAB4	0 23 B	43ms 42ms	Ping image/gif	142.250.185.66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu2G1ouYc5qCheYbHa9K8DUYX0PXhZ97NaotA-AwEbl-6PdP3Ex_wM9-s4uzcPFcnPgda1bjJ9rxKJcidvNCuEOkHHKur_fXxfkTYOHwJVPfNSiOoVdEanam9OdLXIuPJHX0q0dWAdE73ORQ_rPjmrn&sai=AMfl-YSOWXaRc4M7lFYVfxCfGuHs8jDpUDO4q_MUJYhnJP4KV-3MhAJA4xzuywslpaoRdU8B-Ct6U-yKxPGWdS3pilmezMUIT6htngQ&sig=Cg0ArKJSzKUYAjT-eUpdEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=106&vt=11&dtpt=59&dett=3&cstd=45&cisv=r20211111.15528&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl= Requested by Host: mediacyber.id URL: https://mediacyber.id/comeback-botnet-emotet-didalangi-oleh-geng-conti-ransomware/ Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.185.66 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s48-in-f2.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:21 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe
GET H3	200	sodar Show response pagead2.googlesyndication.com/getconfig/ Frame DCD3	7 KB 5 KB	22ms 22ms	XHR application/json	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/Enabler_01_247.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 05b9b9f9dc57afe70e533dc1b75143c7fc423c7bc39672c5e8b58954ec645e2c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers timing-allow-origin * date Tue, 23 Nov 2021 11:24:21 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type application/json; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5120 x-xss-protection 0
GET H3	200	sodar2.js Show response tpc.googlesyndication.com/sodar/ Frame DCD3	17 KB 6 KB	21ms 20ms	Script text/javascript	2a00:1450:4001:80f::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: s0.2mdn.net URL: https://s0.2mdn.net/879366/Enabler_01_247.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:24:21 GMT content-encoding gzip x-content-type-options nosniff server sffe etag "1624308425655142" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 6467 x-xss-protection 0 cross-origin-opener-policy-report-only same-origin; report-to="adspam-signals-scs" expires Tue, 23 Nov 2021 11:24:21 GMT
GET H2	200	dt dt.adsafeprotected.com/ Frame CAB4	43 B 215 B	98ms 98ms	Image image/gif	18.207.27.110 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://dt.adsafeprotected.com/dt?advEntityId=820761&asId=cfd5a702-8e25-c70c-b2c9-199e2b8d9ebb&tv=%7Bc:uMXDg7,pingTime:-10,time:400,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Ni4wLjQ2NjQuNDUgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1637666661354%7C%7Cf8615043bc6a555b7b3c3341c93ecbdd%7C%7Cb4088f046bf9a570f2964ffc86d258ff%7C%7C8e5069751551efd138939458cd7e6d60%7C%7C06ed0745b7a2bf7b5c5c42ca554dbbf2%7C%7Ca6b62947f86d161e0d69dd816c3e4743%7C%7C2e64d84ba4a09773dd4673bbda4d1242%7C%7Cde429148a18cfdd5c3cb880e215db941%7C%7C1629390669%7D Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.207.27.110 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-207-27-110.compute-1.amazonaws.com Software nginx / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT x-server-name dt27.va.303net.net p3p CP="COM NAV INT STA NID OUR IND NOI" cache-control no-cache content-type image/gif content-length 43 server nginx
GET H3	200	OnAir-Light.woff s0.2mdn.net/creatives/assets/4140742/ Frame DCD3	47 KB 47 KB	8ms 8ms	Font font/woff	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 13bd57daeae4ac228a38b69192328985424585894d8eadb4cdddf490356f4872 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://s0.2mdn.net/sadbundle/9821004190292377600/728x90.html?e=69&leftOffset=0&topOffset=0&c=fRgIXHJi9F&t=1&renderingType=2 Origin https://s0.2mdn.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:16:58 GMT x-content-type-options nosniff age 443 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 48448 x-xss-protection 0 last-modified Thu, 29 Apr 2021 08:02:51 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type font/woff access-control-allow-origin * cache-control public, max-age=900 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 11:31:58 GMT
GET H3	200	OnAir-Bold.woff s0.2mdn.net/creatives/assets/4140742/ Frame DCD3	48 KB 48 KB	9ms 9ms	Font font/woff	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2c4c07430eaa8ecb3adb6ffc0b09adf5d5fce88f386c247b1163120751d25414 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://s0.2mdn.net/sadbundle/9821004190292377600/728x90.html?e=69&leftOffset=0&topOffset=0&c=fRgIXHJi9F&t=1&renderingType=2 Origin https://s0.2mdn.net Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:16:56 GMT x-content-type-options nosniff age 445 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 49468 x-xss-protection 0 last-modified Thu, 29 Apr 2021 08:02:41 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type font/woff access-control-allow-origin * cache-control public, max-age=900 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 11:31:56 GMT
GET H3	200	60005582_20211014071532603_IMG_flight04_neu.png s0.2mdn.net/ads/richmedia/studio/60005582/ Frame DCD3	111 KB 111 KB	11ms 11ms	Image image/png	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211014071532603_IMG_flight04_neu.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 79513e01a6c85ddda69db1d8376a69db1a77e3b9808738ab596de57b9f707846 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/9821004190292377600/728x90.html?e=69&leftOffset=0&topOffset=0&c=fRgIXHJi9F&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 22 Nov 2021 17:23:17 GMT x-content-type-options nosniff age 64864 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 113546 x-xss-protection 0 last-modified Thu, 14 Oct 2021 14:15:32 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=86400 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 17:23:17 GMT
GET H3	200	Stoerer-2x_flight03.png s0.2mdn.net/creatives/assets/4206591/ Frame DCD3	44 KB 44 KB	10ms 9ms	Image image/png	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/creatives/assets/4206591/Stoerer-2x_flight03.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2ac782a1877e995aa98899666bfbcd6018d2d17e5d3e2685290c2c749b51adfc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/9821004190292377600/728x90.html?e=69&leftOffset=0&topOffset=0&c=fRgIXHJi9F&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:16:58 GMT x-content-type-options nosniff age 443 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 45217 x-xss-protection 0 last-modified Thu, 23 Sep 2021 09:04:13 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=900 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 11:31:58 GMT
GET H/1.1	200 OK	postview.gif portal.o2online.de/nws/img/ Frame DCD3	43 B 609 B	26ms 9ms	Image image/gif	82.113.101.132 TDDE-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_REA_HAV_14105_PV&mediacode=26626666_4307561_316775236_159762225_-0&ref=26626666_4307561_316775236_159762225_-0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 82.113.101.132 Offenbach, Germany, ASN6805 (TDDE-ASN1, DE), Reverse DNS portal.o2online.de Software Apache / Resource Hash e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 11:24:21 GMT Last-Modified Wed, 26 Aug 2020 10:11:24 GMT Server Apache ETag "2b-5adc50abeeb00" P3P policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Connection close Accept-Ranges bytes Content-Type image/gif Content-Length 43
GET H3	200	Erupt-Bubble_Spritesheet.png s0.2mdn.net/creatives/assets/4161357/ Frame DCD3	154 KB 154 KB	10ms 10ms	Image image/png	2a00:1450:4001:827::2006 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://s0.2mdn.net/creatives/assets/4161357/Erupt-Bubble_Spritesheet.png Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 594b8d496a6296d9193215c0319c947e4298a4ac59b7b68cccdba2730e8b79ed Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://s0.2mdn.net/sadbundle/9821004190292377600/728x90.html?e=69&leftOffset=0&topOffset=0&c=fRgIXHJi9F&t=1&renderingType=2 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:17:00 GMT x-content-type-options nosniff age 441 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 157284 x-xss-protection 0 last-modified Mon, 17 May 2021 08:20:27 GMT server sffe report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} content-type image/png access-control-allow-origin * cache-control public, max-age=900 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" expires Tue, 23 Nov 2021 11:32:00 GMT
GET H3	200	lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response pagead2.googlesyndication.com/bg/ Frame 7DC9	35 KB 13 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 11:17:06 GMT content-encoding br x-content-type-options nosniff age 435 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13508 x-xss-protection 0 last-modified Mon, 08 Nov 2021 11:58:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 23 Nov 2022 11:17:06 GMT
GET H2	200	dt dt.adsafeprotected.com/ Frame CAB4	43 B 215 B	98ms 98ms	Image image/gif	18.207.27.110 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://dt.adsafeprotected.com/dt?advEntityId=820761&asId=cfd5a702-8e25-c70c-b2c9-199e2b8d9ebb&tv=%7Bc:uMXDiE,time:557,type:e,im:%7Bpci:%7Btdr:505%7D%7D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:557,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B552~0%5D,as:%5B552~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:103,fm:sPAmpIv+11%7C12%7C13%7C141%7C142%7C143%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C1641%7C1711%7C181%7C19*.820761-57728794%7C191%7C1921%7C1a11%7C1a12%7C1a13%7C1a141%7C1b,idMap:19*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.207.27.110 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-207-27-110.compute-1.amazonaws.com Software nginx / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:21 GMT x-server-name dt05.va.303net.net p3p CP="COM NAV INT STA NID OUR IND NOI" cache-control no-cache content-type image/gif content-length 43 server nginx
GET H2	200	Emotet-map.jpg i1.wp.com/mediacyber.id/wp-content/uploads/2021/11/	7 KB 7 KB	8ms 7ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i1.wp.com/mediacyber.id/wp-content/uploads/2021/11/Emotet-map.jpg?fit=1200%2C600&ssl=1&resize=350%2C200 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i0.wp.com Software nginx / Resource Hash a8759daf40dbd928d0ec22f7b6650d003b71eb619b0219130f81ff422b448be0 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 4 date Tue, 23 Nov 2021 11:24:21 GMT x-content-type-options nosniff last-modified Tue, 23 Nov 2021 08:44:46 GMT server nginx etag "d8f289925f7428ee" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://mediacyber.id/wp-content/uploads/2021/11/Emotet-map.jpg>; rel="canonical" content-length 7464 expires Thu, 23 Nov 2023 20:44:46 GMT
GET H2	200	Emotet.jpg i1.wp.com/mediacyber.id/wp-content/uploads/2021/01/	10 KB 10 KB	8ms 7ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i1.wp.com/mediacyber.id/wp-content/uploads/2021/01/Emotet.jpg?fit=1200%2C469&ssl=1&resize=350%2C200 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i0.wp.com Software nginx / Resource Hash ccb443a4ad73ccce6d21f3ed018dbc2f8f65889ff217ac68850d99f602768d4a Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 3 date Tue, 23 Nov 2021 11:24:21 GMT x-content-type-options nosniff last-modified Tue, 23 Nov 2021 08:44:46 GMT server nginx etag "e7234e66c47af6cf" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://mediacyber.id/wp-content/uploads/2021/01/Emotet.jpg>; rel="canonical" content-length 10224 expires Thu, 23 Nov 2023 20:44:46 GMT
GET H2	200	Emotet-map.jpg i0.wp.com/mediacyber.id/wp-content/uploads/2021/01/	7 KB 7 KB	9ms 8ms	Image image/webp	192.0.77.2 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://i0.wp.com/mediacyber.id/wp-content/uploads/2021/01/Emotet-map.jpg?fit=1200%2C600&ssl=1&resize=350%2C200 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS i0.wp.com Software nginx / Resource Hash d657f71582a4d01813828e3d7bd6925497e604e57355eca30c3c9ca49a393062 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://mediacyber.id/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-nc HIT hhn 2 date Tue, 23 Nov 2021 11:24:21 GMT x-content-type-options nosniff last-modified Tue, 23 Nov 2021 06:17:50 GMT server nginx etag "ff03158c97819d9b" vary Accept access-control-allow-methods GET, HEAD content-type image/webp access-control-allow-origin * cache-control public, max-age=63115200 timing-allow-origin * link <https://mediacyber.id/wp-content/uploads/2021/01/Emotet-map.jpg>; rel="canonical" content-length 7460 expires Thu, 23 Nov 2023 18:17:50 GMT
GET H3	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame CAB4	42 B 64 B	42ms 42ms	Fetch image/gif	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssOep0RSJG5Yj1Pm-zonmC1-BUsq5qoOAOL4nw4jYnnp4NOdcJuW0bzl5uC0skr5HHmspwSRZ7Z_F7Zr8UY4HGs5vYIqGkxu9S--dQ1&sai=AMfl-YThYemc50Y5rRfRB5GiissxE8LFl36803F2gMPprry-sa8fJ8dx1YQoMIQGxW9aQ_9tE2QjnwJ4QbsWVJv0CF173QMZfmQ0Os_WJb8Vgd5Yq2EM5CSzZV6D4ox_&sig=Cg0ArKJSzMZSD6kPgcAFEAE&cid=CAASEuRoKmUpo5d8q4W_kOwvWlkpsA&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=457726996&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637666659887&rpt=1283&met=ce&wmsd=0 Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:22 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	dt dt.adsafeprotected.com/ Frame CAB4	43 B 215 B	100ms 99ms	Image image/gif	18.207.27.110 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://dt.adsafeprotected.com/dt?advEntityId=820761&asId=cfd5a702-8e25-c70c-b2c9-199e2b8d9ebb&tv=%7Bc:uMXDL7,pingTime:1,time:2322,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:1321%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:1321,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1315~0,1~100%5D,as:%5B1316~728.90%5D%7D%7D,%7Bsl:i,t:1321,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:100,fm:sPAmpIv+11%7C12%7C13%7C141%7C142%7C143%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C1641%7C1711%7C181%7C19*.820761-57728794%7C191%7C1921%7C1a11%7C1a12%7C1a13%7C1a141%7C1b,idMap:19*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.207.27.110 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-207-27-110.compute-1.amazonaws.com Software nginx / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:23 GMT x-server-name dt40.va.303net.net p3p CP="COM NAV INT STA NID OUR IND NOI" cache-control no-cache content-type image/gif content-length 43 server nginx
GET H2	200	dt dt.adsafeprotected.com/ Frame CAB4	43 B 215 B	100ms 100ms	Image image/gif	18.207.27.110 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://dt.adsafeprotected.com/dt?advEntityId=820761&asId=cfd5a702-8e25-c70c-b2c9-199e2b8d9ebb&tv=%7Bc:uMXDL8,pingTime:1,time:2323,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:1321%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1002,o:1321,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1315~0,1~100%5D,as:%5B1316~728.90%5D%7D%7D,%7Bsl:i,t:1321,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:100,fm:sPAmpIv+11%7C12%7C13%7C141%7C142%7C143%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C1641%7C1711%7C181%7C19*.820761-57728794%7C191%7C1921%7C1a11%7C1a12%7C1a13%7C1a141%7C1b,idMap:19*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.207.27.110 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-207-27-110.compute-1.amazonaws.com Software nginx / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:23 GMT x-server-name dt01.va.303net.net p3p CP="COM NAV INT STA NID OUR IND NOI" cache-control no-cache content-type image/gif content-length 43 server nginx
GET H2	200	dt dt.adsafeprotected.com/ Frame CAB4	43 B 215 B	100ms 100ms	Image image/gif	18.207.27.110 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://dt.adsafeprotected.com/dt?advEntityId=820761&asId=cfd5a702-8e25-c70c-b2c9-199e2b8d9ebb&tv=%7Bc:uMXDL8,pingTime:1,time:2323,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:1321%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1002,o:1321,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1315~0,1~100%5D,as:%5B1316~728.90%5D%7D%7D,%7Bsl:i,t:1321,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:100,fm:sPAmpIv+11%7C12%7C13%7C141%7C142%7C143%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C1641%7C1711%7C181%7C19*.820761-57728794%7C191%7C1921%7C1a11%7C1a12%7C1a13%7C1a141%7C1b,idMap:19*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,metricId:forwrd1,cmr:t%7D&br=c Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.207.27.110 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-18-207-27-110.compute-1.amazonaws.com Software nginx / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers pragma no-cache date Tue, 23 Nov 2021 11:24:23 GMT x-server-name dt09.va.303net.net p3p CP="COM NAV INT STA NID OUR IND NOI" cache-control no-cache content-type image/gif content-length 43 server nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

cm.g.doubleclick.net

URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPLKZcIK2nDxjWhAOhbAQbhs2YbgQQJJWrWaaeaW-oPGmh7zJ_HACeXgI2AvV1Wb3Ekz1OEkCTX37Obo84CiTAfc7uqYdua-&google_gid=CAESENnbVhl7aqEYWoXyUyIoL5g&google_cver=1

Domain

cm.g.doubleclick.net

URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPJUyiadqXylyU7mWQSwHK6m4PK5UX-NgI2uERb9v2qxEQfrCJePgB9jFVVNiLaf6_iyg4E8WeP4co9GfR9tRMcMaLSior4&google_gid=CAESEGnEd0-Kkfk5QV2VDK_Wtb0&google_cver=1

Domain

cm.g.doubleclick.net

URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_push=AYg5qPLhb1QvJAGci89uZHEz3MkXsCkdWcXL4-WSlbv2wKv-95RMJqrAjnT5drg9p_3fBGMyex1LNZqC_dGPI1YYZp2JDjdMY50&google_cver=1&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI

Domain

cm.g.doubleclick.net

URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPY3tyTaZ_2WbeD14QlgAABJcAAAAB&google_cver=1&google_push=AYg5qPJP-uoRBNMaQwSXLH3RnzimykhFaHU5LU84qXrAoF0pX62M48YhEBV5WxI2SGVyuKLXpVcrFTJQ4bt6dmSJ_tpwQ0DqGAM&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI

Domain

cm.g.doubleclick.net

URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YZzPZLWtp9-63UaR_7QnbwAABJcAAAAB&google_push=AYg5qPIQo6bBLRVzWZUVymPjjsu-P0To57dZvIylwmBggEutmNEIBQSSjC7CRSG9quqHAi4CQ6PGI8QtaWkf5sKUhbddit2ueAR8&google_gid=CAESELUCy_HlFNdnA5bdPRCTSfI&google_cver=1