www.cyberscoop.com Open in urlscan Pro
65.9.96.26 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/TCQ1mTcmuZ
Effective URL:
https://www.cyberscoop.com/fin7-ransomware-mandiant/
Submission: On April 11 via api (April 11th 2022, 5:57:16 pm UTC) from US — Scanned from DE

Summary HTTP 251 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 45 IPs in 5 countries across 34 domains to perform 251 HTTP transactions. The main IP is 65.9.96.26, located in United States and belongs to AMAZON-02, US. The main domain is www.cyberscoop.com. The Cisco Umbrella rank of the primary domain is 323609.
TLS certificate: Issued by Amazon on October 27th 2021. Valid for: a year.

This is the only time www.cyberscoop.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
4 33	65.9.96.26 65.9.96.26	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	151.101.1.44 151.101.1.44	54113 (FASTLY) (FASTLY)
25	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
16	52.216.178.149 52.216.178.149	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:b849	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
4	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
3	2606:4700:10:... 2606:4700:10::6816:47c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5605	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:7::17d8:4dcb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6811:d5cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
30	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
33	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1	192.0.78.23 192.0.78.23	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400c:c08::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:47b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
1 4	34.255.51.86 34.255.51.86	16509 (AMAZON-02) (AMAZON-02)
15	2a00:1450:400... 2a00:1450:4001:82f::2006	15169 (GOOGLE) (GOOGLE)
2	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
4	2600:9000:20e... 2600:9000:20e8:7e00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	65.9.96.20 65.9.96.20	16509 (AMAZON-02) (AMAZON-02)
2	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1 2	52.212.211.89 52.212.211.89	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	104.244.36.20 104.244.36.20	7415 (ADSAFE-1) (ADSAFE-1)
2	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	99.84.158.127 99.84.158.127	16509 (AMAZON-02) (AMAZON-02)
251	45

2 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 65.9.96.26 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: server-65-9-96-26.prg50.r.cloudfront.net

www.cyberscoop.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 52.216.178.149 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:b849 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6816:47c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5605 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:7::17d8:4dcb (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d5cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

e5f7949e794df49880be7af97a867473.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
609276d1eeba0ce441bcca168b54f909.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
919587ec7067bac034576aed656b7bb5.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
8a9dfb0f2a0fc5349577f67c14a4264d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.23 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:47b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.255.51.86 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-51-86.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:82f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:20e8:7e00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.96.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-96-20.prg50.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.211.89 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-211-89.eu-west-1.compute.amazonaws.com

verizon.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.244.36.20 (United States)

ASN7415 (ADSAFE-1, US)
PTR: nyidt.adsafeprotected.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 99.84.158.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-158-127.txl52.r.cloudfront.net

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
64	googlesyndication.com e5f7949e794df49880be7af97a867473.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 128 609276d1eeba0ce441bcca168b54f909.safeframe.googlesyndication.com 919587ec7067bac034576aed656b7bb5.safeframe.googlesyndication.com fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com 8a9dfb0f2a0fc5349577f67c14a4264d.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98	516 KB
33	cyberscoop.com 4 redirects www.cyberscoop.com — Cisco Umbrella Rank: 323609	568 KB
29	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 stats.g.doubleclick.net — Cisco Umbrella Rank: 95 ad.doubleclick.net — Cisco Umbrella Rank: 196 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 293	791 KB
18	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 780 static.adsafeprotected.com — Cisco Umbrella Rank: 565 pixel.adsafeprotected.com — Cisco Umbrella Rank: 573 dt.adsafeprotected.com — Cisco Umbrella Rank: 517	132 KB
16	amazonaws.com s3.amazonaws.com	68 KB
15	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 262	170 KB
15	google.com adservice.google.com — Cisco Umbrella Rank: 77 www.google.com — Cisco Umbrella Rank: 4	4 KB
13	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 176	382 KB
6	google.de adservice.google.de — Cisco Umbrella Rank: 7579 www.google.de — Cisco Umbrella Rank: 5383	2 KB
5	trustarc.com choices.trustarc.com — Cisco Umbrella Rank: 737	16 KB
5	gstatic.com fonts.gstatic.com	103 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 482 www.linkedin.com — Cisco Umbrella Rank: 603 px4.ads.linkedin.com — Cisco Umbrella Rank: 4702	3 KB
4	wp.com stats.wp.com — Cisco Umbrella Rank: 2657 pixel.wp.com — Cisco Umbrella Rank: 2521	7 KB
3	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3990	59 KB
3	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 1059 trc-events.taboola.com — Cisco Umbrella Rank: 1698	18 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	2 KB
2	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2374	1 KB
2	demdex.net 1 redirects verizon.demdex.net — Cisco Umbrella Rank: 11340	2 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	315 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 138	114 KB
2	t.co t.co — Cisco Umbrella Rank: 476	779 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 238	2 KB
1	truste.com choices.truste.com — Cisco Umbrella Rank: 722	8 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2289	16 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2287	20 KB
1	wordpress.com public-api.wordpress.com — Cisco Umbrella Rank: 7152	3 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 524	459 B
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2436	896 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 619	6 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 913	3 KB
1	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4897	5 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	60 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6966	145 KB
251	34

	Domain	Requested by
33	tpc.googlesyndication.com	securepubads.g.doubleclick.net fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com tpc.googlesyndication.com t.co www.cyberscoop.com
33	www.cyberscoop.com	4 redirects t.co www.cyberscoop.com
25	pagead2.googlesyndication.com	securepubads.g.doubleclick.net www.cyberscoop.com tpc.googlesyndication.com ad.doubleclick.net www.googletagservices.com fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
25	securepubads.g.doubleclick.net	www.cyberscoop.com securepubads.g.doubleclick.net t.co www.googletagservices.com fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
16	s3.amazonaws.com	www.cyberscoop.com
15	s0.2mdn.net	t.co s0.2mdn.net fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
13	www.googletagservices.com	www.cyberscoop.com securepubads.g.doubleclick.net fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com www.googletagservices.com
10	dt.adsafeprotected.com	fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
10	www.google.com	securepubads.g.doubleclick.net www.cyberscoop.com tpc.googlesyndication.com
5	choices.trustarc.com	choices.truste.com
5	adservice.google.com	securepubads.g.doubleclick.net
5	adservice.google.de	securepubads.g.doubleclick.net
5	fonts.gstatic.com	fonts.googleapis.com
4	static.adsafeprotected.com	fw.adsafeprotected.com fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
3	static.addtoany.com	www.cyberscoop.com static.addtoany.com
3	fonts.googleapis.com	www.cyberscoop.com js.hsforms.net
2	track.hubspot.com
2	verizon.demdex.net	1 redirects fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	t.co
2	pixel.adsafeprotected.com	s0.2mdn.net fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
2	trc-events.taboola.com	cdn.taboola.com
2	fw.adsafeprotected.com	1 redirects t.co
2	fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.facebook.com	www.cyberscoop.com
2	px.ads.linkedin.com	2 redirects
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	t.co connect.facebook.net
2	pixel.wp.com	www.cyberscoop.com
2	stats.wp.com	www.cyberscoop.com
2	t.co	www.cyberscoop.com
1	cdnjs.cloudflare.com	s0.2mdn.net
1	choices.truste.com	s0.2mdn.net
1	ad.doubleclick.net	www.googletagservices.com
1	8a9dfb0f2a0fc5349577f67c14a4264d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	919587ec7067bac034576aed656b7bb5.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	609276d1eeba0ce441bcca168b54f909.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	www.google.de	www.cyberscoop.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	public-api.wordpress.com	www.cyberscoop.com
1	analytics.twitter.com	static.ads-twitter.com
1	px4.ads.linkedin.com	www.cyberscoop.com
1	www.linkedin.com	1 redirects
1	e5f7949e794df49880be7af97a867473.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	js.hs-scripts.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	forms.hsforms.com	js.hsforms.net
1	www.googletagmanager.com	www.cyberscoop.com
1	js.hsforms.net	www.cyberscoop.com
1	cdn.taboola.com	www.cyberscoop.com
251	52

This site contains links to these domains. Also see Links.

Domain
cyberscoop.com
scoopnewsgroup.com
www.mandiant.com
therecord.media
www.wsj.com
www.facebook.com
twitter.com
www.linkedin.com
www.instagram.com
fedscoop.com
statescoop.com
edscoop.com
workscoop.com
www.scoopnewsgroup.com
www.addtoany.com
jetpack.com

Subject Issuer	Validity	Valid
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
defensescoop.com Amazon	`2021-10-27` - `2022-11-25`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-06-23` - `2022-07-24`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-16` - `2022-07-15`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-19` - `2022-04-19`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-12` - `2022-11-14`	2 years	crt.sh
www.google.de GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.truste.com Amazon	`2022-01-17` - `2023-02-15`	a year	crt.sh
*.adsafeprotected.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-26` - `2022-06-17`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh

This page contains 33 frames:

Primary Page: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Frame ID: FC31E9FF1B30D428D06C4C5887F29DF8
Requests: 94 HTTP requests in this frame

Frame: https://www.cyberscoop.com/advertising/?id=leaderboard&parent_id=ad-7fMKFVjPxd-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Frame ID: E70849768D661FF51A7E12264B9C5ADA
Requests: 9 HTTP requests in this frame

Frame: https://www.cyberscoop.com/advertising/?id=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Frame ID: D77E6300DDD85D9ED8E5F71C730FC67C
Requests: 9 HTTP requests in this frame

Frame: https://www.cyberscoop.com/advertising/?id=skyscraper&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Frame ID: 696435F8D4F92DFAC520A0898DE911BE
Requests: 9 HTTP requests in this frame

Frame: https://www.cyberscoop.com/advertising/?id=billboard&position=bottom&parent_id=ad-dD6vT26D2k-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Frame ID: 7D8DD53091C064BDC2CF6850350BF12C
Requests: 9 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.23.html
Frame ID: 6519A5C0E1936DDB62C0586BCCD19E8A
Requests: 1 HTTP requests in this frame

Frame: https://e5f7949e794df49880be7af97a867473.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E352BED2D0C94CC4B8D2B38D384EC1A9
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsveeS37vfDAIfbbVpbekQ8KbYbPzPEEWds6Xt2lWlE0FQSIgqXOo_cO56YfLNWpTBGNdnKQAB9U7K-pDhhRQIq9oeHXXr_8atRzMZqi1UNLn_TcTaY-tZ0IoH3DrdyboJxNJl8secplsRrvh1-HSBxIx_RwzDoIXolBXop00CqhMdBXXXAPPAYtDLDx3qIlxg_VlB2t-oqmyjaL2r2CM_bk1PTiA8iiWGW98sj_iR3ovCuZIMURvP31btluHCy6-tjD6Ve5YeWg1hgBFGlKiWYjp74TrPhCfkHZYYL5MwOoA3lyQ-xjsVY_DwHHCQUW&sai=AMfl-YRx9iAp_KbG5g75bUyxiBEsAhIeyKMJ-YYWQBv0x-lJSr8XpNdiWSsP-UL0A-PpQ0Wg3EWN6P_kFWCa7ewF5Z5cfFji9Ih4DmBvOx01q_bbsykrO-cXiurOWFIMAZKB&sig=Cg0ArKJSzNJB3cCR60QWEAE&uach_m=[UACH]&adurl=
Frame ID: 3C637E67C4CCAD42D7E1674185E7F6EE
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsudoRrqHbDce68uNggr6i4MkgOdVbMValxXszXa2MsAO5mDu6DYBzeNXSCNgK9cMwWTazb7lK3wJWyVyOljSjorvUmdl2hBib6rWe4UmTsJ8x-0lkQx64HnRJAxJ0Aqj9yxoLR3Zt6sknAfjCTuNr53-G3fRUMQh-Aku690ktUvaGHHSgR3JnkPLUTxEXZRkeez4h5hM0CHStQKKb6o22SrVVVUB79Kof0piv7OwsgS6mezE9KDyK-Jnp-GNNDHOxe7Xy6iGNxjfKstwdgK1ZpltCOv_-EpERL1Ms6RzTvyO52829ZAtMHb&sai=AMfl-YRSB8q44_hhFc0uRAH1JWCo9oQlZKRODVl60-ilRzr_c_Jmd_ZPn0IJKAEAZy4K_sHbiSr8wtBC0YiGtJw_6BftqL8eNz-z0_xpPe7fuFz716bv42Gmv3DsoosrLjlF&sig=Cg0ArKJSzNmIr2y5AVxSEAE&uach_m=[UACH]&adurl=
Frame ID: EB4BB7841273352FAAF862E007989A71
Requests: 9 HTTP requests in this frame

Frame: https://609276d1eeba0ce441bcca168b54f909.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 0D342B3443A2A8D6557651C9919D338F
Requests: 1 HTTP requests in this frame

Frame: https://919587ec7067bac034576aed656b7bb5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 2AA2F16B3F2FB0F2C7C273C9CABF44CD
Requests: 1 HTTP requests in this frame

Frame: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 1DEB72CAEF940954FB442F38EC305A6C
Requests: 1 HTTP requests in this frame

Frame: https://8a9dfb0f2a0fc5349577f67c14a4264d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 784A833091833B74E75133E357100B61
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvK3JwQsjrkR4A1nfBlZ36Bz-01ZdHBNlkGBW052qKGZHb_zuownHcu63ZnUIZS8N-DdmgzXY6MnqQAtABocJF138k-O_xHZKBYqZ0KPFAOIPvVK6jH7JBQFldrer575H_ws9rMics3xRgEHEdMztik4micv02v3oMDPt6pVzjM9qoF5lC7Q1XGWt55uVOpijoA2SyGrxM5rk7iPs-h-egJM2PNiLMBlmfAUYP0CXLDvHidz1Xuph4FaDJr2cCobGBdrQ9ZpjyBZ8K-xeUrJzZqPsMld_j2VuQRHCCTpQBonnkgMyIOSB8UOKdHjmV4l3t8a0rfSbmVSxyOIEnaoP9RdKSzSg&sig=Cg0ArKJSzGt3lvNScaD_EAE&uach_m=[UACH]&adurl=
Frame ID: 7B88F4609BE3C7611A2D939517ADD573
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvDyBuZnqAjrU0Baqo4ZuFf8GEyl2V9VMBfO-M6prH8Vv1HcHSWuJMwpRNhnXaqqs6Cwe9ForGug8l_bRAEvVZPGp1DVC_l9TmxtJi_D7GWT7Eg76GjhtOuBdgLD8HRaMj1vzQ2X65sEPHTQCdYbknLzWnWen78cbQFR6NqIC2M6jspytOgN2GJR-oOzTQKNn1FyC-5KlWc-xA3pXMOy5C1lG867Q9efUKcFDSdZqY_Rt2_ch8PAlPkxbTAMF-fHPT5FrK3VUKPTCyjH5qI4uiPPelUOXn_bXSsc-PI5KBTV0s1GgjEgMzRv5eCyjqWzEfTb5EzTL-IVUuXEwtYkQE6jr5z&sig=Cg0ArKJSzKcV8NwkIndzEAE&uach_m=[UACH]&adurl=
Frame ID: 545FE693B9533D8FEB2B3EB8B0BED377
Requests: 7 HTTP requests in this frame

Frame: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 91CAF4FE7A5827AC912A2929A78ED969
Requests: 34 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvQYDr8NkD2-7uCD3n_mHctAFyWkNduj5jU4ClSELXD4M1X8RVHTACGNCTkBuQ-7wgQ2hKMHKbYAXDoe_LmyoUUaJcodPJxPbgRtFlQsPCQTSTOiAAOQiml1aNyRiWeGL53CC9bFarEvkOLTQzCs51jI0TAyZgWFK84iDWiu_Yt4QDG04Sl_iqYgDDhue-PuQ6YPHBZxaMfHb_wYbmvYAQ8RyFXlL4LtGtSwfVt5ywR8lRZFBciSoPBaRI02BPQBKcQkzz0j7pGFp3TBxJs4SXARr9_JtaTGXysBqBbTBHGSbZoVLJ6_uvCd6MN-yFyXvP4ZX2m1F-agBBY&sig=Cg0ArKJSzGHFAM5RGME3EAE&uach_m=[UACH]&adurl=
Frame ID: F8021D5CEA1CA4D1334024C3E6817EE5
Requests: 8 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: A2CC4F7A4277C711C4DB17EDACDA2FD5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9CAF632C5410D704BB1D278FBAFAB55D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5DA7ACB1D1C817C15BE5847A7E3AC18F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9F30BBE2DD9B501B1DE314C0BE0611C4
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5D9884B3B425B07536B8D88161EFFDE3
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 12F8ADEF2F0380F6299F0E7D71D0BBDA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C2A27B155A7C6DD2115D9B34FE4BD88B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BF2BCA2D38E6C4447741C7F44B0AE7F7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DFF8A21ECE23CB005B3052E0FCB9012F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1799078355C285F9AF569BDD479E08A9
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
Frame ID: FC8BA74A23097497B26992936FC2D85B
Requests: 15 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: F310BA73BD429B7B6EA27463C3E1D7F8
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 81E144A4B1732EF6B53C2DC70FF456E4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 65D9D7E3FD7AA88898D51AA8C3FD956E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CFE7BD55F25FB9CC0C236D5CA15F5862
Requests: 2 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Frame ID: 5E9077C0369EDF16A2A104B83939145F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Notorious hacking group FIN7 adds ransomware to its repertoire - CyberScoopMagnifying GlassClose search resultsTag

Page URL History Show full URLs

https://t.co/TCQ1mTcmuZ Page URL
https://www.cyberscoop.com/fin7-ransomware-mandiant/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Wink (Mobile Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:_base/js/base|wink).*\.js

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Page Statistics

251
Requests

99 %
HTTPS

60 %
IPv6

34
Domains

52
Subdomains

45
IPs

5
Countries

3242 kB
Transfer

8329 kB
Size

27
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://cyberscoop.com/

Search URL Search Domain Scan URL

URL: http://scoopnewsgroup.com/?__hstc=143679850.e65b40838eef48940ffc453ec8bca1de.1649699829045.1649699829045.1649699829045.1&__hssc=143679850.1.1649699829045&__hsfp=1541009889
Title: Brought to you by

Search URL Search Domain Scan URL

URL: https://www.mandiant.com/resources/evolution-of-fin7
Title: according to researchers at security firm Mandiant

Search URL Search Domain Scan URL

URL: https://therecord.media/cybercrime-gang-sets-up-fake-company-to-hire-security-experts-to-aid-in-ransomware-attacks/
Title: researchers at Recorded Future

Search URL Search Domain Scan URL

URL: https://www.wsj.com/articles/ransomware-gang-masquerades-as-real-company-to-recruit-tech-talent-11634819400
Title: believe

Search URL Search Domain Scan URL

URL: https://www.facebook.com/cyberscoop

Search URL Search Domain Scan URL

URL: https://twitter.com/cyberscoopnews

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/4847467

Search URL Search Domain Scan URL

URL: https://www.instagram.com/cyberscoopnews

Search URL Search Domain Scan URL

URL: https://scoopnewsgroup.com/?__hstc=143679850.e65b40838eef48940ffc453ec8bca1de.1649699829045.1649699829045.1649699829045.1&__hssc=143679850.1.1649699829045&__hsfp=1541009889

Search URL Search Domain Scan URL

URL: https://fedscoop.com/?__hstc=143679850.e65b40838eef48940ffc453ec8bca1de.1649699829045.1649699829045.1649699829045.1&__hssc=143679850.1.1649699829045&__hsfp=1541009889

Search URL Search Domain Scan URL

URL: https://statescoop.com/?__hstc=143679850.e65b40838eef48940ffc453ec8bca1de.1649699829045.1649699829045.1649699829045.1&__hssc=143679850.1.1649699829045&__hsfp=1541009889

Search URL Search Domain Scan URL

URL: https://edscoop.com/?__hstc=143679850.e65b40838eef48940ffc453ec8bca1de.1649699829045.1649699829045.1649699829045.1&__hssc=143679850.1.1649699829045&__hsfp=1541009889

Search URL Search Domain Scan URL

URL: https://workscoop.com/?__hstc=143679850.e65b40838eef48940ffc453ec8bca1de.1649699829045.1649699829045.1649699829045.1&__hssc=143679850.1.1649699829045&__hsfp=1541009889

Search URL Search Domain Scan URL

URL: https://www.scoopnewsgroup.com/privacy?__hstc=143679850.e65b40838eef48940ffc453ec8bca1de.1649699829045.1649699829045.1649699829045.1&__hssc=143679850.1.1649699829045&__hsfp=1541009889
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://scoopnewsgroup.com/privacy?__hstc=143679850.e65b40838eef48940ffc453ec8bca1de.1649699829045.1649699829045.1649699829045.1&__hssc=143679850.1.1649699829045&__hsfp=1541009889
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

URL: https://jetpack.com/search?utm_source=poweredby
Title: Search powered by Jetpack

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/TCQ1mTcmuZ Page URL
https://www.cyberscoop.com/fin7-ransomware-mandiant/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://www.cyberscoop.com/advertising/?id=leaderboard&page=article&parent_id=ad-7fMKFVjPxd-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk HTTP 301
https://www.cyberscoop.com/advertising/?id=leaderboard&parent_id=ad-7fMKFVjPxd-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Request Chain 37

https://www.cyberscoop.com/advertising/?id=article&page=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk HTTP 301
https://www.cyberscoop.com/advertising/?id=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Request Chain 38

https://www.cyberscoop.com/advertising/?id=skyscraper&page=article&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk HTTP 301
https://www.cyberscoop.com/advertising/?id=skyscraper&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Request Chain 43

https://www.cyberscoop.com/advertising/?id=billboard&page=article&position=bottom&parent_id=ad-dD6vT26D2k-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk HTTP 301
https://www.cyberscoop.com/advertising/?id=billboard&position=bottom&parent_id=ad-dD6vT26D2k-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Request Chain 79

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649699826976&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D50036%26time%3D1649699826976%26url%3Dhttps%253A%252F%252Fwww.cyberscoop.com%252Ffin7-ransomware-mandiant%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649699826976&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649699826976&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&liSync=true&e_ipv6=AQJ2oP4N2NIZKwAAAYAZxa5hPKhlaln5u_r51yv5fbLVcYBtqOOnAkO422f-OYcFtrHhv4wj

Request Chain 202

https://verizon.demdex.net/event?d_event=imp&d_src=125851&d_site=6067357&d_creative=169315568&d_bu=9847203&d_placement=330934913&d_campaign=27401599 HTTP 302
https://verizon.demdex.net/firstevent?d_event=imp&d_src=125851&d_site=6067357&d_creative=169315568&d_bu=9847203&d_placement=330934913&d_campaign=27401599

Request Chain 207

https://fw.adsafeprotected.com/rfw/st/982525/62068897/skeleton.js?adsafe_url=https%3A%2F%2Fwww.cyberscoop.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.cyberscoop.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Ffc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Ffc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:7eea6233-62ea-5cfd-7d29-97415106f7e8,c:9v5Jvx,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-785cc8cc8c-d8dvp,rg:ie,pt:1-5-15,br:c,abv:na,an:n,oam:0,nbld:0,mtim:193,fm:t2IImej+111%7C112%7C113%7C121%7C122%7C123%7C131%7C132%7C133%7C141*.982525-62068897%7C14111%7C1412%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:141*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:209,oid:cdf72c46-b9c0-11ec-8b0b-b64c3fd5b966,v:19.8.299,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

251 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 TCQ1mTcmuZ
t.co/ 312 B
528 B 140ms
125ms Document
text/html 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/TCQ1mTcmuZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 196
content-type: text/html; charset=utf-8
date: Mon, 11 Apr 2022 17:57:05 GMT
expires: Mon, 11 Apr 2022 18:02:06 GMT
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: fcfe313a69bf0be42c0c2d8f226d79a72bbda4d7f4607b8a5ea51cb7a8cfe39e
x-response-time: 119
x-xss-protection: 0

GET
H2 200 Primary Request / Show response
www.cyberscoop.com/fin7-ransomware-mandiant/ 66 KB
17 KB 121ms
55ms Document
text/html 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Requested by: Host: t.co
URL: https://t.co/TCQ1mTcmuZ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx / WordPress VIP <https://wpvip.com>
Resource Hash: 0f692d9e90592480cf72b587de172ab8e5aaba41d6ad256b0988162ef5e4c6c4

Request headers

Referer: https://t.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 265
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:52:41 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://www.cyberscoop.com/wp-json/>; rel="https://api.w.org/" <https://www.cyberscoop.com/wp-json/wp/v2/posts/64077>; rel="alternate"; type="application/json" <https://www.cyberscoop.com/?p=64077>; rel=shortlink
server: nginx
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
x-amz-cf-id: EgoRmINj42ryZbg4RSNlSoSoXiIH23YWqgP0K9Me88HP9b_ox__2Dw==
x-amz-cf-pop: PRG50-C1
x-cache: Hit from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: hhn1 0 4 9980

GET
H2 200 /
www.cyberscoop.com/_static/ 96 KB
14 KB 74ms
73ms Stylesheet
text/css 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/_static/??-eJyNy0EKgCAQheELZVMkQYvoLKZDTI0WjhHePjdB7Vr+vPfBdSgKlk+HAlYEHEmCmXe7KaY5mphBUmasPYW6HCp4i1XAoyODjB5D+sTBJmNUjIux+R8v27sfNPmx7fWgddO13Q2HlkGk
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 061473d06c676e692148c9e53870122e472f133abc759c56e871a162e79b9376

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-rq: hhn1 0 4 9980
last-modified: Fri, 08 Apr 2022 17:51:53 GMT
server: nginx
age: 256458
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css;charset=utf-8
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
content-encoding: gzip
content-length: 14166
x-amz-cf-id: tqEBOPNVcbMojNBqxoGJs4HKLbFxPZk1Bqh-GLLcKt2A2GvbRSDlhQ==

GET
H2 200 /
www.cyberscoop.com/_static/ 168 KB
27 KB 59ms
57ms Stylesheet
text/css 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 5c701ab2009c0c01911be3dbb373cea9edd337b25e43cd2a917caf28486ff83c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-rq: hhn1 0 4 9980
last-modified: Tue, 05 Apr 2022 15:39:00 GMT
server: nginx
age: 420248
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css;charset=utf-8
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
content-encoding: gzip
content-length: 27224
x-amz-cf-id: m3R9lX4yen-tKwmhdyu9ajfDUJD-cZiGC-H5yeUYBFKJXs_pTg3KaA==

GET
H2 200 css
fonts.googleapis.com/ 8 KB
804 B 137ms
50ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Fira+Sans%3A300%2C400%2C500%2C700&subset=latin-ext&ver=5.9.3

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3097429612cadf41c8c2f08d5cbe3bce1a77aaf73296e1217ad3b29949d6deb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 17:57:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 11 Apr 2022 17:57:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 11 Apr 2022 17:57:06 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 135ms
48ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald%3A300%2C400%2C700&subset=latin-ext&ver=5.9.3

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

932fb1ec913f2d1071db9656b9bc7e8c4fc150d7d8b48d8b4b66c3d82a2e020e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 16:20:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 11 Apr 2022 17:57:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 11 Apr 2022 17:57:06 GMT

GET
H2 200 /
www.cyberscoop.com/_static/ 88 KB
17 KB 95ms
94ms Stylesheet
text/css 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/_static/??/wp-content/plugins/add-to-any/addtoany.min.css,/wp-content/mu-plugins/jetpack-10.8/css/jetpack.css?m=1649689594
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: e8aa641f970d7f8010d991990de0cac0ed2f8136c931b5a14cbe8607c6c7fb9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-rq: hhn1 0 4 9980
last-modified: Mon, 11 Apr 2022 15:06:34 GMT
server: nginx
age: 9123
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css;charset=utf-8
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
content-encoding: gzip
content-length: 17254
x-amz-cf-id: BMVtMPmnabqjCTZfwAXa2tieoByM6v41D7gpZUr9StpCf8c_1axHkg==

GET
H2 200 / Show response
www.cyberscoop.com/_static/ 265 KB
82 KB 50ms
49ms Script
application/javascript 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/_static/??-eJyVkWFOwzAMhS9EFsYqJH4gLsEF0sTr3KZ2sZ1NuT3ZxAQ/oKKSJT/F73uKbH9ZHFLMJYH6sdVHAalfbTcj7UZ98GsmN+MgweCnOTIZkHk7wdyQ9nJTLtYeRCPzco3pM9L0jpZhG6dIQwaNwjlvJA3jVHs0/e23Sy4D0g0uCuLCOVgQH1TB1B9zsKXh8q22hyhkiPZ072sBISVn7ALVqzRu4q97JFTzZ6DE4gUGIGgHYXFSyHCG/2BttHCuR2wrXbOfmKf78t7m1/1z99J1j4f9YfwEnLrbkw==
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 62ef6ff7641456aa2d94443dff7578d154236f12dcbb2e3dea4e519b0153a468

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-rq: hhn1 0 4 9980
last-modified: Fri, 08 Apr 2022 17:51:53 GMT
server: nginx
age: 256458
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
content-encoding: gzip
content-length: 83160
x-amz-cf-id: v4fsKJDEld5op8NX4yVChUV6FAbJ-ZHZNLtJUBXo7o-aV5BV7PM4ow==

GET
H2 200 i18n.min.js Show response
www.cyberscoop.com/wp-includes/js/dist/ 10 KB
4 KB 71ms
70ms Script
application/javascript 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
age: 1814098
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 3968
x-rq: hhn1 0 4 9980
last-modified: Fri, 18 Mar 2022 14:57:07 GMT
server: nginx
etag: W/"62349dc3-28a7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-amz-cf-id: Fw-SsNSKxTDtIHbmfTGS9aXWB0YFrsjebJ3UCEiky5nzkadBEh25Jw==
expires: Tue, 11 Apr 2023 17:57:06 GMT

GET
H2 200 i18n-loader.js Show response
www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-assets/build/ 6 KB
3 KB 69ms
68ms Script
application/javascript 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-assets/build/i18n-loader.js?minify=true&ver=7b3aca48d6809a4527c8a9bc9c7a1d1c
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 40905beca0f8b5ff867fa2f103e951dd2416853df1e8f7d7453a74708d779277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
age: 346896
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 2428
x-rq: hhn1 0 4 9980
last-modified: Thu, 07 Apr 2022 17:16:16 GMT
server: nginx
etag: W/"624f1c60-17ac"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-amz-cf-id: muEYwukdanV63ZpT_ilGTtQv-aFVpZhN9ZQ8Fpr7FwgRydIushdvvQ==
expires: Tue, 11 Apr 2023 17:57:06 GMT

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/fedscoop-sc/ 55 KB
17 KB 124ms
104ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/fedscoop-sc/tfa.js?ver=5.9.3
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: db236586fe21257e3d9b959bdeb2e6883f01a09718c3ab73728e21f7a96c5ba0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: hD7ihgKeI7jv_ka6ffTkMBHiSWVwlMGH
content-encoding: gzip
etag: "b6d806962ac8eecdcdb3343909aebea8"
fastly-original-body-size: 0
age: 0
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 17361
x-amz-id-2: 3A3gQLYGhq8/gfCsoMph0h1S9zTOvAgzMIKHJb6iTHrL19bsbMorbms5h6D2XM9CIYkeJEaeUSM=
x-served-by: cache-hhn4081-HHN
last-modified: Sun, 10 Apr 2022 11:16:14 GMT
server: AmazonS3
x-timer: S1649699826.451804,VS0,VE98
date: Mon, 11 Apr 2022 17:57:06 GMT
vary: Accept-Encoding
x-amz-request-id: NAJDYWYBZ3102GJS
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 53
x-cache-hits: 1

GET
H2 200 / Show response
www.cyberscoop.com/_static/ 151 KB
47 KB 89ms
88ms Script
application/javascript 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/_static/??-eJzTLy/QTc7PK0nNK9EvyUjNTS3WB4qAWbrJlUmpRcXJ+fkF+lnF+pl5mSW6JYlJ+fk5iXpZxTr6ROtMLCggTUNual4pUId9rq2hmYmlobmxoYlBFgBj/z5I
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: ef06bc5e3cc158037771e3ed0d13f75694ffe052cc8b442e02082e85cf85aec2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-rq: hhn1 0 4 9980
last-modified: Tue, 05 Apr 2022 15:39:00 GMT
server: nginx
age: 420249
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
content-encoding: gzip
content-length: 48037
x-amz-cf-id: GFOumGmIg7p26Y2qZ1Pg6cCtbSpEw9SriPmVjivzojTm7Fb1RvrwWw==

GET
H2 404 ads.js
www.cyberscoop.com/wp-content/themes/cyberscoop/js/ 0
0 88ms
87ms Script
text/html 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/themes/cyberscoop/js/ads.js
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
x-rq: hhn1 0 4 9980
server: nginx
age: 65
x-cache: Error from cloudfront
content-type: text/html
x-amz-cf-pop: PRG50-C1
content-length: 146
x-amz-cf-id: NMx1BLjECzVPHPlEuHGLuVD8RC9HvG108jV6O7jtiB8DIrfrtmd_nA==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 82 KB
28 KB 121ms
46ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

13cec7b80effcf5f705c615043d81274bebf1e9af6ea8fc711cfc95a2e136e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28348
x-xss-protection: 0
server: sffe
etag: "1185 / 859 of 1000 / last-modified: 1649675564"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 11 Apr 2022 17:57:06 GMT

GET
H/1.1 200
OK cyberscoop-interstitial.svg
s3.amazonaws.com/sng-global-web-assets/logo/ 2 KB
3 KB 418ms
117ms Image
image/svg+xml 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/cyberscoop-interstitial.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: b534f367f11c24f3709e27fdb539f308475d495eaafed8f7681a5c96dfacc537

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:07 GMT
Last-Modified: Wed, 10 Feb 2021 15:47:32 GMT
Server: AmazonS3
x-amz-request-id: QKS95V32CEAED974
ETag: "b3250d52680549abc7222f71b2dce836"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 2375
x-amz-id-2: kI7lwov86fufIoCJcMDOg6AO9SMpcpvTijFIyQAG+yMFVkeNPu8XAUbaig0PwanvquSEaxArd3s=

GET
H/1.1 200
OK closex.png
s3.amazonaws.com/sng-global-web-assets/logo/ 5 KB
5 KB 418ms
118ms Image
image/png 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/closex.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: d5d4228a3e80d57bcf6ee1f6080fbc4c65dba96e81d2364535fa49e3d27e9131

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:07 GMT
Last-Modified: Tue, 12 May 2020 13:43:08 GMT
Server: AmazonS3
x-amz-request-id: QKS4TWP334DYY10H
ETag: "6fa9505df4b1d86476aef77673f3b330"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 4658
x-amz-id-2: BUwh3iOvOOnYqLvY68un5wDeWYmk6Ac3d7GE1uLsuq1+gSZ3ZwRs8D1h2WGnTeMGV9Pue6jj+tU=

GET
H/1.1 200
OK twitter.svg
s3.amazonaws.com/sng-global-web-assets/images/shared-icons/ 2 KB
2 KB 421ms
121ms Image
image/svg+xml 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/images/shared-icons/twitter.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: ca2e99ffb3730e887ee7389e499993e912e5e47ec6f28c991a692cd78746edf5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:07 GMT
Last-Modified: Wed, 24 Oct 2018 21:24:01 GMT
Server: AmazonS3
x-amz-request-id: QKS2QX71K99ZRYM3
ETag: "0bab5422023490b09b2590482b10e983"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 2172
x-amz-id-2: t+y2atJRwSi4cH56lRB+XQEnFN2VYMAAT6eGlDVGS8aZMxP9MzxMVpWTZgWBMlO0Y5rjGc++cCg=

GET
H/1.1 200
OK facebook.svg
s3.amazonaws.com/sng-global-web-assets/images/shared-icons/ 1 KB
2 KB 526ms
107ms Image
image/svg+xml 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/images/shared-icons/facebook.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 51c40fb52547a14a895a2425e94a53886ced172e90c70d5418890fb67517701b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:08 GMT
Last-Modified: Wed, 24 Oct 2018 21:24:01 GMT
Server: AmazonS3
x-amz-request-id: 3DRFD3HAT1YBN5ZT
ETag: "0bb97e47c732a1645d42198a7b8b1397"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1272
x-amz-id-2: oVJQq3IlufnmoJ9pPs+akB7VQQkiFlj89hnVBeNdhj4BjU8Kshi0y768PRXcejFZQwoRxILFa48=

GET
H/1.1 200
OK linkedin.svg
s3.amazonaws.com/sng-global-web-assets/images/shared-icons/ 2 KB
2 KB 527ms
108ms Image
image/svg+xml 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/images/shared-icons/linkedin.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4d8d48a3f00d424f5083a310bcfbcc1ad35d02e02793a9f459e9938879d8a675

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:08 GMT
Last-Modified: Wed, 24 Oct 2018 21:24:01 GMT
Server: AmazonS3
x-amz-request-id: 3DRDK0XT88ZEGHGN
ETag: "b05a15a980fa7ad56a297860e33c6327"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1857
x-amz-id-2: pQIzRsYznXESD/pnTWNpVE0aT85YR+yi23IxFFYwUUzbxvAWL+YVTiqYUjzouJUfLbBJwAWXzfI=

GET
H/1.1 200
OK reddit.svg
s3.amazonaws.com/sng-global-web-assets/images/shared-icons/ 6 KB
7 KB 525ms
106ms Image
image/svg+xml 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/images/shared-icons/reddit.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 55de2f543e24f0c3655be2f344491b2e73ae61350f58a2bb9ebf4ad1326e8fba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:08 GMT
Last-Modified: Wed, 24 Oct 2018 21:24:01 GMT
Server: AmazonS3
x-amz-request-id: 3DR5YJ61JTAT4Z2A
ETag: "8095452e62fa3cbcbdaf4ed982477485"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 6390
x-amz-id-2: OFeWBIPNl3L87ZfzNboR0KrjjTl+yfSljXQXUAxCRjux/CuxHRfK9WHvsNRhc3sp/kv7Y85CnG0=

GET
H/1.1 200
OK gmail.svg
s3.amazonaws.com/sng-global-web-assets/images/shared-icons/ 1 KB
2 KB 198ms
126ms Image
image/svg+xml 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/images/shared-icons/gmail.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 0d281aa7b07dfcb1bc05e2cdd051aa34fb915616590b834374148a1768ce3440

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:07 GMT
Last-Modified: Wed, 24 Oct 2018 21:24:01 GMT
Server: AmazonS3
x-amz-request-id: QKS1Q8M31K90B30E
ETag: "e5d4decd16518b9f60451876256ea22f"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1181
x-amz-id-2: Kh4yHZMlur1bWEg70mwkTWyZ/bVluD6quvgCd1mUOf+L2k7ViZ1gt78GRvHiKjbcTaJFpfTq6AA=

GET
H/1.1 200
OK close_purple.svg
s3.amazonaws.com/sng-global-web-assets/logo/ 991 B
1 KB 109ms
108ms Image
image/svg+xml 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/close_purple.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: fe9df7af9647a824fe66cae1f452ecb318d9f9ad3b2e09ef0623f0c6af50a0ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:08 GMT
Last-Modified: Fri, 22 Jan 2021 00:05:15 GMT
Server: AmazonS3
x-amz-request-id: 3DR6MQR95RDEJNTE
ETag: "cde4ecef61a0a35571e737da5276b5e7"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 991
x-amz-id-2: T3gZl20JAigL1hC3i6vm2Jgk7o4NyDm9OjLyXsjhZM8/re+O9Vzu+ub5/HU2fow+J04Lq5UtWBg=

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 567 KB
145 KB 88ms
46ms Script
application/javascript 2606:4700::6811:b849
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b849 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a79363f0bf9c3752bb3c339d84e951de983be806af2ed5b9d618ff0b46f95559

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
via: 1.1 3500e6db5ae43764ed5ca43fc6d56058.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 486
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 08 Apr 2022 02:21:29 UTC
server: cloudflare
etag: W/"081e8e8c4e2f30556d358396fe1eb009"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKbBqB7Z6lsvDu7gXtOYhBIQgjL5lvwbBAwvzdeBzuDUjz4bQ0EOe0hfK6qwsqThA0uwOrTfOhrKWNH%2FSqHeZpYoEqYMKpbsxNFxyYFNL1XjXDLCAgaZbKQuxz5%2FuAC5g71wnno7tXp7qBQ5"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: Qil8tmwOgih4NDI1ZUYfrWspr.py6EWB
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
cf-ray: 6fa59a4c4a805c92-FRA
x-amz-cf-id: 4pYYRpkpvzmdZtNlC01TAlcyNaiFbdpjesX8uQP7lXzZx225ogw-Ug==
x-hs-target-asset: FormsNext/static-5.474/bundles/project_with_deps.js

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 82 KB
28 KB 136ms
47ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05a7c7b8afab781586d1052479ccb01ed38a11d57f8a79e1e44fdfc9f2f69ce1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28347
x-xss-protection: 0
server: sffe
etag: "1185 / 575 of 1000 / last-modified: 1649675379"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 11 Apr 2022 17:57:06 GMT

GET
H2 200 / Show response
www.cyberscoop.com/_static/ 10 KB
3 KB 46ms
45ms Script
application/javascript 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/_static/??/wp-content/themes/wp-theme-cyberscoop/js/ads.js,/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?m=1649173140j
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 14c742642de9c8f39467c54a34b08f124d3eb6ae49356d9b9f8a158424e77192

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-rq: hhn1 0 4 9980
last-modified: Tue, 05 Apr 2022 15:39:00 GMT
server: nginx
age: 420219
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
content-encoding: gzip
content-length: 2703
x-amz-cf-id: hs7cMJQzvYUrD7i-euSzwqlnZuw7Ld6yIIAWc8tIVBUeUnP-WSoP5A==

GET
H2 200 jp-search.js Show response
www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/ 7 KB
3 KB 44ms
42ms Script
application/javascript 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=8654f1efea7bf1b79584c07f1d458382
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: fe1bd3df8f20fe537d1ad985ecd7b169c10e1d0e2cc0860bc4b4c326d152420f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
age: 346896
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 3036
x-rq: hhn1 0 4 9980
last-modified: Thu, 07 Apr 2022 17:16:17 GMT
server: nginx
etag: W/"624f1c61-1c38"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-amz-cf-id: t9WK5HaSMf3i7oTPYLXcdRS7LyOGsk5vNRUCGq72WPJYKM_eFwYV9w==
expires: Tue, 11 Apr 2023 17:57:06 GMT

GET
H2 200 w.js Show response
stats.wp.com/ 11 KB
4 KB 26ms
6ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/w.js?ver=202215
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ec7c4c90e31092c6253cddb718655a1e3ac5f4f83425b1e16d54b25ff80f263f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 11 Apr 2022 17:57:06 GMT
content-encoding: br
server: nginx
etag: W/"61dc645f-2a3d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Thu, 06 Apr 2023 06:09:45 GMT

GET
H2 200 e-202215.js Show response
stats.wp.com/ 9 KB
3 KB 6ms
6ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202215.js
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 11 Apr 2022 17:57:06 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 03 Apr 2023 07:40:23 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 166 KB
60 KB 146ms
60ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ce18c6b177e998a5bcbe6798b4ce658a34e07ee5faf88feea058221e1430ea4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61311
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 17:03:27 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 11 Apr 2022 17:57:06 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.cyberscoop.com/wp-includes/js/ 18 KB
5 KB 48ms
47ms Script
application/javascript 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
age: 420248
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 4926
x-rq: hhn1 0 4 9980
last-modified: Tue, 05 Apr 2022 23:38:53 GMT
server: nginx
etag: W/"624cd30d-4705"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-amz-cf-id: zsPfjgkSbM_xSv8uV6yfoK0bYuMKP81i4ov9AW_OKfo5SN0YK97elw==
expires: Tue, 11 Apr 2023 17:57:06 GMT

GET
H2 200 lightslider.min.css
www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/css/ 5 KB
2 KB 50ms
50ms Stylesheet
text/css 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/css/lightslider.min.css
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: a060aca1def4e45da8730e2c6052fb1efbe9b1bdd305c14ea86c8c5152ebd593

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
age: 1814098
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 1360
x-rq: hhn1 0 4 9980
last-modified: Mon, 14 Mar 2022 21:37:55 GMT
server: nginx
etag: W/"622fb5b3-14b3"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-amz-cf-id: DYPGfiL6BEvjZZF1y2UCj-318865NKlDCE7p1wsbvZXCDsxVkZ12Zg==
expires: Tue, 11 Apr 2023 17:57:06 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 72 KB
26 KB 89ms
46ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 119938
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 01 Dec 2021 08:23:25 GMT
server: cloudflare
etag: W/"11ee2-5d2116348919c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=172800
cf-ray: 6fa59a4cea589a21-FRA
cf-bgj: minify

GET
H/1.1 200
OK CyberScoop_Color.svg
s3.amazonaws.com/sng-global-web-assets/logo/ 2 KB
3 KB 406ms
119ms Image
image/svg+xml 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/CyberScoop_Color.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: b534f367f11c24f3709e27fdb539f308475d495eaafed8f7681a5c96dfacc537

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:07 GMT
Last-Modified: Thu, 21 Jan 2021 21:02:05 GMT
Server: AmazonS3
x-amz-request-id: QKS1TBTQ74AHQD86
ETag: "b3250d52680549abc7222f71b2dce836"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 2375
x-amz-id-2: iO3Wjx5xcEhPKvyhKr3+3W5vKvgeOjHaK/WdkXc7t4eUonxiNDlGdvJRvgGKFimGRFV6eKjonR8=

GET
H/1.1 200
OK SNG-RGB-Color.svg
s3.amazonaws.com/sng-global-web-assets/logo/ 5 KB
6 KB 404ms
118ms Image
image/svg+xml 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/SNG-RGB-Color.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4b8dd50e462d914dd8609e8a566ce6bce0ab94088a4bf958b57c4cdb6ab54868

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:07 GMT
Last-Modified: Thu, 21 Jan 2021 21:02:05 GMT
Server: AmazonS3
x-amz-request-id: QKS5S7XZF217M8D5
ETag: "61428dbcecc23b1679236e221c5228d4"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 5545
x-amz-id-2: r/i/eb+s6V7EXY/4WIP2vPDkHd5URNmyvYKxt4py9qdmhmN1781Z/mgOZgwvVcNh3oiGRNO0r+Q=

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb6a7f39d0982d1605492df9ffaa28989d1829fdf91037053e4af527ae5ed797

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2
fonts.gstatic.com/s/firasans/v15/ 22 KB
22 KB 164ms
77ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/firasans/v15/va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fira+Sans%3A300%2C400%2C500%2C700&subset=latin-ext&ver=5.9.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a90f9c307d889844f7286c11a9e8596c9a41b2e91123ab49cca0fbaa4b48dc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyberscoop.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 19:33:04 GMT
x-content-type-options: nosniff
age: 426242
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22760
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:05:58 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 06 Apr 2023 19:33:04 GMT

GET
H2 200 PuristaMedium.woff
www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/fonts/ 37 KB
37 KB 42ms
41ms Font
font/woff 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/fonts/PuristaMedium.woff
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: c0758721ba3b41bf0236a10348f8ad1ceb3336894bfbaca0b9d77fb366b585c1

Request headers

Referer: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Origin: https://www.cyberscoop.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
content-encoding: gzip
age: 202
x-cache: Miss from cloudfront
content-length: 37579
x-rq: hhn1 0 4 9980
last-modified: Tue, 05 Apr 2022 15:39:00 GMT
server: nginx
etag: W/"624c6294-9340"
access-control-allow-methods: GET, HEAD
content-type: font/woff
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
access-control-allow-origin: *
x-amz-cf-id: 9u9bOJShmz38V60bBAU6l6Bie3zJuumkPv011Rw-yNqERtyeSbg7HQ==
expires: Tue, 11 Apr 2023 17:57:06 GMT

GET
H2

200

/ Show response
www.cyberscoop.com/advertising/ Frame E708
Redirect Chain

https://www.cyberscoop.com/advertising/?id=leaderboard&page=article&parent_id=ad-7fMKFVjPxd-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cra...
https://www.cyberscoop.com/advertising/?id=leaderboard&parent_id=ad-7fMKFVjPxd-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

2 KB
1 KB

276ms
276ms

Document
text/html

65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/advertising/?id=leaderboard&parent_id=ad-7fMKFVjPxd-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx / WordPress VIP <https://wpvip.com>
Resource Hash: cc50444045f7083d7354e874d8337cb1ab047d99cbc170cae834e4cca203396e

Request headers

Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:57:07 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://www.cyberscoop.com/wp-json/>; rel="https://api.w.org/" <https://www.cyberscoop.com/wp-json/wp/v2/pages/5054>; rel="alternate"; type="application/json" <https://www.cyberscoop.com/?p=5054>; rel=shortlink
server: nginx
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
x-amz-cf-id: iX3byvYhwN_rqpg5wgpWEUvb3KCFbPfpyST4zU7NvW8vh5mIE0P9Hg==
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: hhn1 0 4 9980

Redirect headers

age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:57:06 GMT
host-header: a9130478a60e5f9135f765b23f26593b
location: https://www.cyberscoop.com/advertising/?id=leaderboard&parent_id=ad-7fMKFVjPxd-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
server: nginx
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
x-amz-cf-id: Js1cXBDnaNXA9o580zWSdFLjVDM87E-VCaB9eIKAxReZ84nutU2sYg==
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-redirect-by: WordPress
x-rq: hhn1 0 4 9980

GET
H2

200

/ Show response
www.cyberscoop.com/advertising/ Frame D77E
Redirect Chain

https://www.cyberscoop.com/advertising/?id=article&page=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
https://www.cyberscoop.com/advertising/?id=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

1 KB
1 KB

273ms
273ms

Document
text/html

65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/advertising/?id=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx / WordPress VIP <https://wpvip.com>
Resource Hash: 91a964487ecdaf0bf35faf0abd1b59ecc875f724b761c38046309f47b58d37da

Request headers

Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:57:07 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://www.cyberscoop.com/wp-json/>; rel="https://api.w.org/" <https://www.cyberscoop.com/wp-json/wp/v2/pages/5054>; rel="alternate"; type="application/json" <https://www.cyberscoop.com/?p=5054>; rel=shortlink
server: nginx
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
x-amz-cf-id: qSWlDY3MQYQWCeMQYYnGmtQMjApqUbcVqnqNWKeK5Wn8vr8NXoAf2w==
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: hhn1 0 4 9980

Redirect headers

age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:57:06 GMT
host-header: a9130478a60e5f9135f765b23f26593b
location: https://www.cyberscoop.com/advertising/?id=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
server: nginx
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
x-amz-cf-id: hRFCnVB1GBeR6bFgK0pIOcurBEzxZ6uUX_HBjjE6yNjtt6Ocgwzr-g==
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-redirect-by: WordPress
x-rq: hhn1 0 4 9980

GET
H2

200

/ Show response
www.cyberscoop.com/advertising/ Frame 6964
Redirect Chain

https://www.cyberscoop.com/advertising/?id=skyscraper&page=article&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
https://www.cyberscoop.com/advertising/?id=skyscraper&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

2 KB
1 KB

282ms
282ms

Document
text/html

65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/advertising/?id=skyscraper&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx / WordPress VIP <https://wpvip.com>
Resource Hash: 0b6a75c8a008114b5b09931e2e66fbe56e85f0043d653393dac6e38b91b3bded

Request headers

Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:57:07 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://www.cyberscoop.com/wp-json/>; rel="https://api.w.org/" <https://www.cyberscoop.com/wp-json/wp/v2/pages/5054>; rel="alternate"; type="application/json" <https://www.cyberscoop.com/?p=5054>; rel=shortlink
server: nginx
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
x-amz-cf-id: AQ5SaHXryYkGWzgELITVQGXqGpu7POIgxoYAQK8HyOzmE01CWCpGPg==
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: hhn1 0 4 9980

Redirect headers

age: 0
content-encoding: gzip
content-length: 20
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:57:06 GMT
host-header: a9130478a60e5f9135f765b23f26593b
location: https://www.cyberscoop.com/advertising/?id=skyscraper&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
server: nginx
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
x-amz-cf-id: V67fs7OXgjp9m0GpCo37xbtoJxs5sQLji_vWpa-9pmt4JiUga9mCyg==
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-redirect-by: WordPress
x-rq: hhn1 0 4 9980

GET
H2 200 GettyImages-1188634858.jpg
www.cyberscoop.com/wp-content/uploads/sites/3/2019/12/ 205 KB
206 KB 43ms
42ms Image
image/webp 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/uploads/sites/3/2019/12/GettyImages-1188634858.jpg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: c443762880d9d8b4faabb5d63205228757c7e6c9eeaaa404ac801f3046e80589

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-rq: hhn1 109 139 443
last-modified: Mon, 04 Apr 2022 19:08:40 GMT
server: nginx
x-amz-cf-pop: PRG50-C1
etag: "7fd20b7048fa3985"
x-cache: Miss from cloudfront
content-type: image/webp
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 209898
x-amz-cf-id: FKVASFguYhOT0IGZ59uZJzLSPEwsKWQH1Ck39K7-cNvdjE0-jR6hVQ==
expires: Tue, 04 Apr 2023 19:08:40 GMT

GET
H2 200 va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2
fonts.gstatic.com/s/firasans/v15/ 23 KB
24 KB 111ms
41ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/firasans/v15/va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fira+Sans%3A300%2C400%2C500%2C700&subset=latin-ext&ver=5.9.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51aa1f55f3d344d82ece24055a31012cf77d10cc4a2f9307f5dea293118d40f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyberscoop.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 19:32:11 GMT
x-content-type-options: nosniff
age: 426295
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23724
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:06:37 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 06 Apr 2023 19:32:11 GMT

GET
H2 200 TK3iWkUHHAIjg752GT8G.woff2
fonts.gstatic.com/s/oswald/v47/ 25 KB
25 KB 166ms
96ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v47/TK3iWkUHHAIjg752GT8G.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald%3A300%2C400%2C700&subset=latin-ext&ver=5.9.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63e0f1d4d244fa557ae96c648168b0620a4f5ad3dbb653fc979a1b3ea0000699

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyberscoop.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 23:27:02 GMT
x-content-type-options: nosniff
age: 325804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25384
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 07 Apr 2023 23:27:02 GMT

GET
H2 200 va9E4kDNxMZdWfMOD5Vvl4jL.woff2
fonts.gstatic.com/s/firasans/v15/ 22 KB
22 KB 187ms
116ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/firasans/v15/va9E4kDNxMZdWfMOD5Vvl4jL.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fira+Sans%3A300%2C400%2C500%2C700&subset=latin-ext&ver=5.9.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea03bd5d723c75f6d0a9419d4f9651afd78ea2a4abfcee7f926cbde0681a2671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyberscoop.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 19:32:11 GMT
x-content-type-options: nosniff
age: 426295
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22592
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:05:52 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 06 Apr 2023 19:32:11 GMT

GET
H2

200

/ Show response
www.cyberscoop.com/advertising/ Frame 7D8D
Redirect Chain

https://www.cyberscoop.com/advertising/?id=billboard&page=article&position=bottom&parent_id=ad-dD6vT26D2k-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2...
https://www.cyberscoop.com/advertising/?id=billboard&position=bottom&parent_id=ad-dD6vT26D2k-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cranso...

2 KB
1 KB

273ms
273ms

Document
text/html

65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/advertising/?id=billboard&position=bottom&parent_id=ad-dD6vT26D2k-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx / WordPress VIP <https://wpvip.com>
Resource Hash: 3c5dae73bfdca848d14aa5cb8bc364b479e92c469f78a7234eb521501b53ec70

Request headers

Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:57:07 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://www.cyberscoop.com/wp-json/>; rel="https://api.w.org/" <https://www.cyberscoop.com/wp-json/wp/v2/pages/5054>; rel="alternate"; type="application/json" <https://www.cyberscoop.com/?p=5054>; rel=shortlink
server: nginx
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
x-amz-cf-id: tSz8dFQOt3LwbFyiD6xoH-5ui6QbObuzQC_kDxrjfbxLfAWAnvapDA==
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: hhn1 0 4 9980

Redirect headers

age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:57:06 GMT
host-header: a9130478a60e5f9135f765b23f26593b
location: https://www.cyberscoop.com/advertising/?id=billboard&position=bottom&parent_id=ad-dD6vT26D2k-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
server: nginx
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
x-amz-cf-id: kWtXnfQbYu7tyYXft42e2KF3pHpU2DD8TUbqZlRKyqIbBxTE_W7alw==
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-redirect-by: WordPress
x-rq: hhn1 0 4 9980

GET
H2 200 GettyImages-1186593421.jpg
www.cyberscoop.com/wp-content/uploads/sites/3/2022/04/ 21 KB
21 KB 111ms
109ms Image
image/webp 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/uploads/sites/3/2022/04/GettyImages-1186593421.jpg?w=257
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: deafbabde299246dad329a0f8ce7ec682ef8a1de7926811e7a2db9a27b745a24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-rq: hhn1 109 195 443
last-modified: Mon, 11 Apr 2022 13:55:57 GMT
server: nginx
x-amz-cf-pop: PRG50-C1
etag: "5b1255fbb44b3134"
x-cache: Miss from cloudfront
content-type: image/webp
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 21602
x-amz-cf-id: ienWN2ccBhHlZ8zgX0_zORWjaS9HOtgHEraHogBma7__8epi8ey_5g==
expires: Tue, 11 Apr 2023 13:55:57 GMT

GET
H2 200 GettyImages-1389898678.jpg
www.cyberscoop.com/wp-content/uploads/sites/3/2022/04/ 15 KB
15 KB 50ms
48ms Image
image/webp 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/uploads/sites/3/2022/04/GettyImages-1389898678.jpg?w=257
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 4be6258bf1ecf7fc9af2fd62a01c10ebc029b3973932838a7b32d51e395ba519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-rq: hhn1 109 83 443
last-modified: Mon, 11 Apr 2022 13:00:13 GMT
server: nginx
x-amz-cf-pop: PRG50-C1
etag: "a87a9d537963acaf"
x-cache: Miss from cloudfront
content-type: image/webp
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 15160
x-amz-cf-id: EvPxRtJyuNOhChC8j7AUSkKSsW5qjp_O4XmhmslPcmh8RMgod-RhGA==
expires: Tue, 11 Apr 2023 13:00:13 GMT

GET
H2 200 GettyImages-1239829997.jpg
www.cyberscoop.com/wp-content/uploads/sites/3/2022/04/ 10 KB
10 KB 51ms
49ms Image
image/webp 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/uploads/sites/3/2022/04/GettyImages-1239829997.jpg?w=257
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 5d0bcf86bdafd80020b30534c6f961807989c12f56226dc0dadcb7785f619393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-rq: hhn1 109 83 443
last-modified: Fri, 08 Apr 2022 18:28:20 GMT
server: nginx
x-amz-cf-pop: PRG50-C1
etag: "b4cdc7e1041e7770"
x-cache: Miss from cloudfront
content-type: image/webp
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 9804
x-amz-cf-id: SIpf5mmc2uwmem9B362NUIesr6A1nNvORTL9rJaBcki-11_oOSY_Vw==
expires: Sat, 08 Apr 2023 18:28:20 GMT

GET
H2 200 facebook_logo_white.png
www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/ 361 B
745 B 53ms
51ms Image
image/png 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/facebook_logo_white.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 34b8701fdcbd5b7f4b776178cf1c52b3754f60027bf85af5a8573c3208f77890

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-rq: hhn1 0 4 9980
last-modified: Mon, 14 Mar 2022 21:37:55 GMT
server: nginx
age: 1814043
etag: "622fb5b3-169"
x-cache: Miss from cloudfront
content-type: image/png
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
content-length: 361
x-amz-cf-id: _TehNUKVWq6a4flQO-0VvIVkpADnwlVGEKK1sLJ4z9TZ1LKSRO_qsA==
expires: Tue, 11 Apr 2023 17:57:06 GMT

GET
H2 200 twitter_logo_white.png
www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/ 481 B
864 B 51ms
50ms Image
image/png 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/twitter_logo_white.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: ea7c3c1fb429c64a75b15bc3d82e99987c40229c3275a5d0c37deb6143e4cf6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-rq: hhn1 0 4 9980
last-modified: Mon, 14 Mar 2022 21:37:55 GMT
server: nginx
age: 1814043
etag: "622fb5b3-1e1"
x-cache: Miss from cloudfront
content-type: image/png
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
content-length: 481
x-amz-cf-id: vdtZtj0hvLtStvXCNbng-9pRUPRdd5rRpsvqP16v7qjHqGAW3QSjww==
expires: Tue, 11 Apr 2023 17:57:06 GMT

GET
H2 200 linkedin_logo_white.png
www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/ 946 B
1 KB 53ms
52ms Image
image/png 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/linkedin_logo_white.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: eecc78f834649472672438efb8854e77ac8571a4c901d3c102a2554c3059ba7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
age: 1814043
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 969
x-rq: hhn1 0 4 9980
last-modified: Mon, 14 Mar 2022 21:37:55 GMT
server: nginx
etag: W/"622fb5b3-3b2"
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-amz-cf-id: 3OLYrTZE-jLjbZ94JOgSh550ukscseRi5jCyHe9qWzR17rq77yrUHg==
expires: Tue, 11 Apr 2023 17:57:06 GMT

GET
H2 200 instagram_logo_white.svg
www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/ 2 KB
1 KB 51ms
50ms Image
image/svg+xml 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/instagram_logo_white.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: e55b5cba1f8e7604687c4f99ab7b1c3bf971ab991ec0fae83fb221b98daf07c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
content-encoding: gzip
age: 129
x-cache: Miss from cloudfront
content-length: 669
x-rq: hhn1 0 4 9980
last-modified: Tue, 05 Apr 2022 15:39:00 GMT
server: nginx
etag: W/"624c6294-625"
content-type: image/svg+xml
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-amz-cf-id: QcCCPTYVFDA-ZqUcJiJo6cy-9A-HPAqagScOXVVKKkFnENrPeUd8mg==
expires: Tue, 11 Apr 2023 17:57:06 GMT

GET
H/1.1 200
OK Stacked_SNG.png
s3.amazonaws.com/sng-global-web-assets/logo/ 12 KB
12 KB 112ms
112ms Image
image/png 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/Stacked_SNG.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 942e44b1cef3a0678c306625f42ea1cd180d9ee9fbe443ed98fc1076c07493a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:08 GMT
Last-Modified: Thu, 21 Jan 2021 23:37:33 GMT
Server: AmazonS3
x-amz-request-id: 3DR7ZG4J7C25132M
ETag: "793107aa127f2349e0bb9d0df99cd240"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 11864
x-amz-id-2: iPhGGb9YhyhvWSl/YJfhxJ8j9YrSLBGTN4tTuKIQc5YDMXjnFClOOG1MguO7Gryp8dXvxop+fTg=

GET
H/1.1 200
OK Stacked_CyberScoop.png
s3.amazonaws.com/sng-global-web-assets/logo/ 5 KB
5 KB 112ms
112ms Image
image/png 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/Stacked_CyberScoop.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 96b8a4481da526ff5a1a77c312a2aa83df0d0821e90dc91ccfad3fa53526a163

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:08 GMT
Last-Modified: Thu, 21 Jan 2021 23:37:33 GMT
Server: AmazonS3
x-amz-request-id: 3DR38F5HNSAA0PM2
ETag: "6b8717aa8156bf0573b498232d63b71f"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 5199
x-amz-id-2: Dyj1NaOHc6nQHecaRDvUUk686MmYeh/thIHPOvpXlwKn/20xHm1KOsf8qrC2jU+UbIcQVzYIvAo=

GET
H/1.1 200
OK Stacked_FedScoop.png
s3.amazonaws.com/sng-global-web-assets/logo/ 4 KB
4 KB 111ms
111ms Image
image/png 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/Stacked_FedScoop.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 9146f6ec02b7c1db65d152424e1d5e5f3a5d7d6ca91d1282a7e678150683876f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:08 GMT
Last-Modified: Thu, 21 Jan 2021 23:37:33 GMT
Server: AmazonS3
x-amz-request-id: 3DR5RHV0HVP35FY2
ETag: "da067ed314fa2f647e16efb7331759de"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 4000
x-amz-id-2: lXPE73fJZCKRB9pYXp5vLM3beZwi5rMHbyX2nO2j1ChF9GX2n10t0h3Z0hwBT0gkTSQ322Gho9w=

GET
H/1.1 200
OK Stacked_StateScoop.png
s3.amazonaws.com/sng-global-web-assets/logo/ 5 KB
5 KB 109ms
108ms Image
image/png 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/Stacked_StateScoop.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: ccd21ebd19b259d979d4ddf5af0751f6fae149746ae2e7a164beec2a600682be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:08 GMT
Last-Modified: Thu, 21 Jan 2021 23:37:33 GMT
Server: AmazonS3
x-amz-request-id: 3DRA4BNZYRPAA2AE
ETag: "62c167ae878c0c3b3a41b50025cacba7"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 4872
x-amz-id-2: eEMwApfFX9By55X7l/wuFFFdD8uehwbm5CEM9ifIDoFZVSxc2F6y7XQVZgJSmaRj0oH4iai4N1Y=

GET
H/1.1 200
OK Stacked_EdScoop.png
s3.amazonaws.com/sng-global-web-assets/logo/ 4 KB
4 KB 106ms
106ms Image
image/png 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/Stacked_EdScoop.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 7f134de2e6859c8b9a8acb3f07c54f04c9fbe04c3381e137d85e2f0cb08a526b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:08 GMT
Last-Modified: Wed, 25 Aug 2021 20:12:45 GMT
Server: AmazonS3
x-amz-request-id: 3DR1A6S9ZWZGWK78
ETag: "779a62747ba1fe2dfac41aa83a03313c"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 3934
x-amz-id-2: rmU8HDMJpJzQzel7hi5KyEkQjL862ae2JQjZDCK9Isn6ciuZvzreaKl5ru1sJoyzr4BzU4I9j3k=

GET
H/1.1 200
OK Stacked_WorkScoop.png
s3.amazonaws.com/sng-global-web-assets/logo/ 5 KB
6 KB 108ms
108ms Image
image/png 52.216.178.149
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/Stacked_WorkScoop.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.178.149 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 3046ab26982b61a2fc0f0fae7ed7f416e9113f924db911efa97b5b80ae16726d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:08 GMT
Last-Modified: Wed, 25 Aug 2021 20:12:37 GMT
Server: AmazonS3
x-amz-request-id: 3DR6HNX07Y3CKF7H
ETag: "b5d5b8c0479b1963324ebca52c96a43b"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 5349
x-amz-id-2: VxOpdj9HnXSOGfWESojt0UltYfECqyeNjFN8kIpq2gzE5adU4l+JQ4K6UHu1v3c/Ou9+xSomdD8=

GET
H2 200 20762415-8082-48f0-b243-36443c93d852 Show response
forms.hsforms.com/embed/v3/form/2153467/ 20 KB
5 KB 180ms
161ms Script
application/javascript 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/2153467/20762415-8082-48f0-b243-36443c93d852?callback=hs_reqwest_0&hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88f1e898bf2bd32d5e8f01a28152a2b04f022ea09a939d6aff8c337b25a42c5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 11 Apr 2022 17:57:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: b21a6be0-0c2c-4557-a95a-c2038bd02860
content-disposition: attachment; filename=no-rfd.txt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-robots-tag: none
server: cloudflare
x-trace: 2BDC3972633C178209FDA1DA066D92CEA75B2A69F1000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 6fa59a4d1f7491ed-FRA
access-control-expose-headers: X-Origin-Hublet

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 9ms
5ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.41660581384007034
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 11 Apr 2022 17:57:06 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
75 B 6ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.8&blog=200379745&post=64077&tz=-4&srv=www.cyberscoop.com&hp=vip&host=www.cyberscoop.com&ref=https%3A%2F%2Ft.co%2F&rand=0.39715011100849495
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 11 Apr 2022 17:57:06 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 454.js Show response
www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/ 50 KB
18 KB 49ms
49ms Script
application/javascript 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/454.js?minify=false&ver=948c2c9d7b88a153508e
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=8654f1efea7bf1b79584c07f1d458382
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 3d5c432ac1f87c116b88388348b78c08278195f455202173393b9c0576bfb6ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
age: 346896
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 17719
x-rq: hhn1 0 4 9980
last-modified: Thu, 07 Apr 2022 17:16:17 GMT
server: nginx
etag: W/"624f1c61-c704"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-amz-cf-id: kuLYdmRSqvXMkTd3X0lgeWgKu9gxNlV3xLcZCshBRkR9jLvKhGOzJQ==
expires: Tue, 11 Apr 2023 17:57:06 GMT

GET
H2 200 jp-search.chunk-main-payload.css
www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/ 31 KB
5 KB 48ms
47ms Stylesheet
text/css 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=aaceb2477698617460cf
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=8654f1efea7bf1b79584c07f1d458382
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: c8c35e0f00ccdca409b0b7340bb4c008649529b40a786a51e6d732cbf4f845e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
age: 346896
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 4299
x-rq: hhn1 0 4 9980
last-modified: Thu, 07 Apr 2022 17:16:17 GMT
server: nginx
etag: W/"624f1c61-7d7c"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-amz-cf-id: vD1W8WTZ7YzJN3YsSbSVGnlPXNEegrKa3Xmsmev4kiWIxenpiD4nKw==
expires: Tue, 11 Apr 2023 17:57:06 GMT

GET
H2 200 jp-search.chunk-main-payload.js Show response
www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/ 74 KB
19 KB 44ms
43ms Script
application/javascript 65.9.96.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=6ffb9dd4678b2461bfeb
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=8654f1efea7bf1b79584c07f1d458382
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-26.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: e448366ba538d2d65714f62ae1af89f2f5dd3ccc64af549bb3a84d9cea541dcb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
via: 1.1 91afcef6d5c7e90d0a4bb2c3a456c690.cloudfront.net (CloudFront)
age: 346896
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 19052
x-rq: hhn1 0 4 9980
last-modified: Thu, 07 Apr 2022 17:16:17 GMT
server: nginx
etag: W/"624f1c61-1260c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-pop: PRG50-C1
accept-ranges: bytes
x-amz-cf-id: PQVEs7UUo7V6reQovFZEZejmrK-gYx-ULBRdszj5c7laFnZMzJvpVQ==
expires: Tue, 11 Apr 2023 17:57:06 GMT

GET
H2 200 pubads_impl_2022040701.js Show response
securepubads.g.doubleclick.net/gpt/ 368 KB
125 KB 37ms
37ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

4eba10304f45a9ca7d6b3b882e564a5dd00d3900dc515fbe6137765ed0fb45a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 13:12:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17101
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127673
x-xss-protection: 0
last-modified: Thu, 07 Apr 2022 08:34:53 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 11 Apr 2023 13:12:05 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 40 B
78 B 87ms
43ms XHR
application/json 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

51e841ae906f8d9003aa8487c11792ceceaac3259e068c2cadceabfe7ede15b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54
x-xss-protection: 0
expires: Mon, 11 Apr 2022 17:57:06 GMT

GET
H2 200 sm.23.html Show response
static.addtoany.com/menu/ Frame 6519 741 B
554 B 41ms
40ms Document
text/html 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.23.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1767407
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 6fa59a4dbc2e9a21-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 11 Apr 2022 17:57:06 GMT
etag: W/"2e5-5cc9e128a4c38"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Wed, 22 Sep 2021 23:42:51 GMT
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e4s
x-content-type-options: nosniff

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 icons.30.svg.js Show response
static.addtoany.com/menu/svg/ 77 KB
33 KB 48ms
48ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.30.svg.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3657290
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 10 Nov 2021 01:49:04 GMT
server: cloudflare
etag: W/"132a9-5d0656e4a26b3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 6fa59a4dcc609a21-FRA
cf-bgj: minify

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 32ms
13ms Script
application/x-javascript 2a02:26f0:3500:7::17d8:4dcb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dcb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:57:06 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 Mar 2022 23:45:34 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=63922
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3104

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 34ms
6ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
content-encoding: gzip
last-modified: Tue, 29 Mar 2022 00:09:12 GMT
fastly-original-body-size: 5410
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kjyo7100092-IAD, cache-hhn11581-HHN

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 22ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: t.co
URL: https://t.co/TCQ1mTcmuZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26311
x-xss-protection: 0
pragma: public
x-fb-debug: jCB60IYV+uXFtsUKF6xopVoSgQWSuEBWm3Twnr8go3c/5YskANc5V3TJdIIxAGaLXO22txfmKNSeKcEieg4UEg==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Mon, 11 Apr 2022 17:57:06 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 2153467.js Show response
js.hs-scripts.com/ 964 B
896 B 465ms
432ms Script
application/javascript 2606:4700::6811:d5cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/2153467.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d5cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83284ba72baf6ba2d179eb63d4b2b3c42ca408dfacf8a63ee15d05131828621a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
x-hubspot-correlation-id: fd764048-bc08-4aa9-9788-ed597fa3a02e
last-modified: Mon, 11 Apr 2022 17:40:21 GMT
server: cloudflare
x-trace: 2B10EF8FF96576C161D039251C897314E6F23F3C93000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.cyberscoop.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 6fa59a4e69fb9013-FRA
expires: Mon, 11 Apr 2022 17:58:07 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 125ms
39ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5996
date: Mon, 11 Apr 2022 16:17:11 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 11 Apr 2022 18:17:11 GMT

GET
H3 200 css
fonts.googleapis.com/ 2 KB
521 B 95ms
48ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9fc929f9d307cf53bea691c3794c5ee2874ff5e1d2c7d308d71120ae3aa8c788

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 16:55:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 11 Apr 2022 17:57:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 11 Apr 2022 17:57:06 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 143ms
52ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 141ms
50ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 49 KB
19 KB 93ms
92ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1635650226212206&correlator=645797204044899&eid=31066023%2C31067023&output=ldjh&gdfp_req=1&vrg=2022040701&ptt=17&impl=fif&iu_parts=18430785%2Ccswelcome&enc_prev_ius=%2F0%2F1&prev_iu_szs=640x480&ifi=1&adks=113530204&sfv=1-0-38&ecs=20220411&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1649699826961&lmt=1649699826&dlt=1649699826411&idt=530&biw=1600&bih=1200&adxs=480&adys=365&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=640x532&msz=640x480&fws=4&ohw=1600&ga_vid=1355176345.1649699827&ga_sid=1649699827&ga_hid=1505984011&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

600173740f15cb74dc62a3a8bc4588546fad4cd6854b175983c11aee21b9680d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19585
x-xss-protection: 0
google-lineitem-id: 5906615028
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138379759400
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 49 KB
19 KB 87ms
87ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1635650226212206&correlator=645797204044899&eid=31066023%2C31067023&output=ldjh&gdfp_req=1&vrg=2022040701&ptt=17&impl=fif&iu_parts=18430785%2Ccswelcomemobile&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=2&adks=3498381169&sfv=1-0-38&ecs=20220411&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1649699826965&lmt=1649699826&dlt=1649699826411&idt=530&biw=1600&bih=1200&adxs=-12245933&adys=-12245933&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&ref=https%3A%2F%2Ft.co%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=640x532&msz=300x250&fws=132&ohw=1600&ga_vid=1355176345.1649699827&ga_sid=1649699827&ga_hid=1505984011&ga_fc=false&btvi=-1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

620ee15cf6b9d1178f05cd6a362ccb48f1d6e05180dad241700488bb33e68cab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19816
x-xss-protection: 0
google-lineitem-id: 5968296710
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138386533697
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
e5f7949e794df49880be7af97a867473.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E352 6 KB
4 KB 175ms
46ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e5f7949e794df49880be7af97a867473.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:57:07 GMT
expires: Tue, 11 Apr 2023 17:57:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649699826976&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D50036%26time%3D1649699826976%26url%3Dhttps%253A%252F%252Fwww.cyberscoop.com%252Ff...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649699826976&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649699826976&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&liSync=true&e_ipv6=AQJ2oP4N2NIZKwAAAYAZxa5hPKhlaln5u_...

0
266 B

126ms
108ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649699826976&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&liSync=true&e_ipv6=AQJ2oP4N2NIZKwAAAYAZxa5hPKhlaln5u_r51yv5fbLVcYBtqOOnAkO422f-OYcFtrHhv4wj
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 4ADD42E3956C4B2D9ED7052D96CB0F49 Ref B: FRAEDGE0920 Ref C: 2022-04-11T17:57:07Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXcZKwy6k6QVCNBCsYPXw==
x-li-fabric: prod-lva1

Redirect headers

date: Mon, 11 Apr 2022 17:57:06 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 16133A29422242978BE128FF11DAFB9F Ref B: FRAEDGE1420 Ref C: 2022-04-11T17:57:07Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649699826976&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&liSync=true&e_ipv6=AQJ2oP4N2NIZKwAAAYAZxa5hPKhlaln5u_r51yv5fbLVcYBtqOOnAkO422f-OYcFtrHhv4wj
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXcZKwwsmlFs1t55rMrmw==

GET
H3 200 896395920528126 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 66ms
55ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/896395920528126?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

742d2f7f43e3eb8c7e5a12f24afcd4dcc03e11a31223060eb03d95b91ec07cc7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: uMh6ejS5iPa4htgj4S6SdPocsJuYCzQmWavc80su3LvN9cPedGKdPCmkUj6PNYveygUkVQc7zQNf931mqEYuJg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 11 Apr 2022 17:57:07 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
459 B 129ms
112ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nv8sr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=cdff630a-a81f-4940-b0f0-1616abfd0411&tw_document_href=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time: 105
date: Mon, 11 Apr 2022 17:57:06 GMT
content-encoding: gzip
server: tsa_o
strict-transport-security: max-age=631138519
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 0cbfe973e4b0f0793d47a11c878d1a52a3250f40e5783b22bd08df43626a55ef
content-type: application/javascript;charset=utf-8
content-length: 57

GET
H2 200 adsct
t.co/i/ 43 B
251 B 111ms
110ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nv8sr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=cdff630a-a81f-4940-b0f0-1616abfd0411&tw_document_href=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time: 103
date: Mon, 11 Apr 2022 17:57:06 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: fcfe313a69bf0be42c0c2d8f226d79a72bbda4d7f4607b8a5ea51cb7a8cfe39e
content-length: 43

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 92ms
45ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1505984011&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&dr=https%3A%2F%2Ft.co%2F&dp=%2Fwelcome%2Ffin7-ransomware-mandiant%2F&ul=en-us&de=UTF-8&dt=Notorious%20hacking%20group%20FIN7%20adds%20ransomware%20to%20its%20repertoire%20-%20CyberScoop&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAEABAAAAAC~&jid=688989255&gjid=380526060&cid=1355176345.1649699827&tid=UA-80491860-1&_gid=1081241638.1649699827&_r=1&gtm=2wg460KR697BF&z=1687863151

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberscoop.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3C63 0
0 69ms
68ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsveeS37vfDAIfbbVpbekQ8KbYbPzPEEWds6Xt2lWlE0FQSIgqXOo_cO56YfLNWpTBGNdnKQAB9U7K-pDhhRQIq9oeHXXr_8atRzMZqi1UNLn_TcTaY-tZ0IoH3DrdyboJxNJl8secplsRrvh1-HSBxIx_RwzDoIXolBXop00CqhMdBXXXAPPAYtDLDx3qIlxg_VlB2t-oqmyjaL2r2CM_bk1PTiA8iiWGW98sj_iR3ovCuZIMURvP31btluHCy6-tjD6Ve5YeWg1hgBFGlKiWYjp74TrPhCfkHZYYL5MwOoA3lyQ-xjsVY_DwHHCQUW&sai=AMfl-YRx9iAp_KbG5g75bUyxiBEsAhIeyKMJ-YYWQBv0x-lJSr8XpNdiWSsP-UL0A-PpQ0Wg3EWN6P_kFWCa7ewF5Z5cfFji9Ih4DmBvOx01q_bbsykrO-cXiurOWFIMAZKB&sig=Cg0ArKJSzNJB3cCR60QWEAE&uach_m=[UACH]&adurl=

Requested by

Host: t.co
URL: https://t.co/TCQ1mTcmuZ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame 3C63 19 KB
8 KB 127ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
server: cafe
etag: 3330746967810570135
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:53:16 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 3C63 3 KB
1 KB 138ms
50ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:55:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:55:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3C63 119 KB
36 KB 131ms
85ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649247338736001"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3C63 0
0 135ms
47ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTjZvQ8PUwZqLuDpiL2DxK06nhcTXqgJJi0idUrHr3wXvAVuCFms0vDFjJ3KDYMjs6IngfXJ9P38Rklu6u7_pAR5aJHZA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H2 200 11905553150061083031
tpc.googlesyndication.com/simgad/ Frame 3C63 34 KB
34 KB 195ms
108ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11905553150061083031

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6da910cac661707f7fff5c164ebd92424bcdd4a4f6117be5f562b683796ff768

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 13:04:15 GMT
x-content-type-options: nosniff
age: 17572
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34413
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 14:54:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 11 Apr 2023 13:04:15 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EB4B 0
0 71ms
71ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsudoRrqHbDce68uNggr6i4MkgOdVbMValxXszXa2MsAO5mDu6DYBzeNXSCNgK9cMwWTazb7lK3wJWyVyOljSjorvUmdl2hBib6rWe4UmTsJ8x-0lkQx64HnRJAxJ0Aqj9yxoLR3Zt6sknAfjCTuNr53-G3fRUMQh-Aku690ktUvaGHHSgR3JnkPLUTxEXZRkeez4h5hM0CHStQKKb6o22SrVVVUB79Kof0piv7OwsgS6mezE9KDyK-Jnp-GNNDHOxe7Xy6iGNxjfKstwdgK1ZpltCOv_-EpERL1Ms6RzTvyO52829ZAtMHb&sai=AMfl-YRSB8q44_hhFc0uRAH1JWCo9oQlZKRODVl60-ilRzr_c_Jmd_ZPn0IJKAEAZy4K_sHbiSr8wtBC0YiGtJw_6BftqL8eNz-z0_xpPe7fuFz716bv42Gmv3DsoosrLjlF&sig=Cg0ArKJSzNmIr2y5AVxSEAE&uach_m=[UACH]&adurl=

Requested by

Host: t.co
URL: https://t.co/TCQ1mTcmuZ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame EB4B 19 KB
8 KB 125ms
44ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
server: cafe
etag: 3330746967810570135
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:53:16 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame EB4B 3 KB
1 KB 132ms
52ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:55:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:55:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EB4B 119 KB
36 KB 93ms
54ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649247338736001"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame EB4B 0
0 95ms
47ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSPn44uFyBONoclqjDM6PeX_UND8B_5gdOaP24zRQssGU0y2LBgcVbQsYb3_vmlQ4nXaW2Jnpdd71y1-xjrkjva1ZnBBg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H2 200 2925869316104628456
tpc.googlesyndication.com/simgad/ Frame EB4B 46 KB
47 KB 128ms
52ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2925869316104628456

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

602560270f30813536069d6a3a7608e497c6c7c1e6c99b3e51fe8f8300973615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 16:44:07 GMT
x-content-type-options: nosniff
age: 4380
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47414
x-xss-protection: 0
last-modified: Tue, 01 Feb 2022 15:00:33 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 11 Apr 2023 16:44:07 GMT

GET
H2 200 search Show response
public-api.wordpress.com/rest/v1.3/sites/200379745/ 11 KB
3 KB 303ms
289ms Fetch
application/json 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/rest/v1.3/sites/200379745/search?fields%5B0%5D=date&fields%5B1%5D=permalink.url.raw&fields%5B2%5D=tag.name.default&fields%5B3%5D=category.name.default&fields%5B4%5D=post_type&fields%5B5%5D=shortcode_types&highlight_fields%5B0%5D=title&highlight_fields%5B1%5D=content&highlight_fields%5B2%5D=comments&query=&sort=score_default&size=10

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=6ffb9dd4678b2461bfeb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c92d7a688062444ef6aafdd178387a6274b7024ddebed48bc26d9ce58ff289b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-hacker: Oh, Awesome: Opossum
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: false
x-ac: 1.hhn _dca
strict-transport-security: max-age=15552000
host-header: WordPress.com
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 22ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=896395920528126&ev=PageView&dl=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&rl=https%3A%2F%2Ft.co%2F&if=false&ts=1649699827099&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1649699827099.1564593980&it=1649699826983&coo=false&rqm=GET

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Mon, 11 Apr 2022 17:57:07 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
444 B 57ms
19ms XHR
text/plain 2a00:1450:400c:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-80491860-1&cid=1355176345.1649699827&jid=688989255&gjid=380526060&_gid=1081241638.1649699827&_u=YAhAAEAAAAAAAC~&z=1723595697

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberscoop.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 11 Apr 2022 17:57:07 GMT
content-type: text/plain
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame E708 82 KB
28 KB 75ms
75ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/advertising/?id=leaderboard&parent_id=ad-7fMKFVjPxd-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05a7c7b8afab781586d1052479ccb01ed38a11d57f8a79e1e44fdfc9f2f69ce1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28347
x-xss-protection: 0
server: sffe
etag: "1185 / 453 of 1000 / last-modified: 1649675379"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 123ms
74ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-80491860-1&cid=1355176345.1649699827&jid=688989255&_u=YAhAAEAAAAAAAC~&z=67904488

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 160ms
74ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-80491860-1&cid=1355176345.1649699827&jid=688989255&_u=YAhAAEAAAAAAAC~&z=67904488

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame D77E 82 KB
28 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/advertising/?id=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05a7c7b8afab781586d1052479ccb01ed38a11d57f8a79e1e44fdfc9f2f69ce1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28347
x-xss-protection: 0
server: sffe
etag: "1185 / 266 of 1000 / last-modified: 1649675379"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
DATA 200
OK truncated
/ Frame EB4B 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8855884e825acc57217741b04fa22e8385b95ebd7337ea14ce0465c1bf5eb017

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 7D8D 82 KB
28 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/advertising/?id=billboard&position=bottom&parent_id=ad-dD6vT26D2k-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05a7c7b8afab781586d1052479ccb01ed38a11d57f8a79e1e44fdfc9f2f69ce1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28347
x-xss-protection: 0
server: sffe
etag: "1185 / 519 of 1000 / last-modified: 1649675379"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 6964 82 KB
28 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/advertising/?id=skyscraper&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b9d57be73aa8f7f41bee396a02038d1e5433481622916854268481040e2c63b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28348
x-xss-protection: 0
server: sffe
etag: "1185 / 702 of 1000 / last-modified: 1649675564"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 pubads_impl_2022040601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame E708 369 KB
125 KB 32ms
32ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

e39d8d1a1f8935d9609168b378a0caf1697fff05bfb0ade214447b65071f1f3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 13:46:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 447049
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128287
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 09:49:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Apr 2023 13:46:18 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EB4B 0
0 67ms
66ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuXAH7rbdOv44fRcgwkbS7vVdE0YwL1Igqb7DzcGGf6YhOCYWILU8NO2haD8e7_q5v8KsjTY3kpxqAnKUqAa9ABeJriCXTwR-G1ut-sMv5C2iQjcf_49DqbC089cyJAROcA5ENj-4WvEcF-9n_GvytMxvPp0rHrArickuwYBewE6iiARy9422x-SsLA0E-xN0--jpPjQTNb92eNzhRnIyNbS--KvlpoHJbVVgnewUnze4upC-PlnLrPe50bU6Jb4u1zbAyrHoJftp4SJDYfz7FGxFu9uzc5G-5_1CymBhH5pJsQdN9d0Z_Eqrw&sai=AMfl-YTDlDB968BVl85-oRR2hetxagRoS80ytFZ00Ft2Uz3gS-M9vCzMeXtWN7ysGXdnLp1kE_yND4LTOWg-ciDQ0_qvidsisXyCe3iewpUOba7--DFFjD8DFKPTDxg2DDo_&sig=Cg0ArKJSzDhnmTYGj0uzEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 pubads_impl_2022040601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame D77E 369 KB
125 KB 40ms
40ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

e39d8d1a1f8935d9609168b378a0caf1697fff05bfb0ade214447b65071f1f3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 13:46:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 447049
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128287
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 09:49:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Apr 2023 13:46:18 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3C63 0
0 68ms
68ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstPOC704rfiFt3F-JF31thFx3Tl0AtC1jsyiccKXWBPDBgc-2-rFH3BUncpChjM-vQaxpw_HPlJ22cB41PYo7lmuO_YSFERJvHMe2iHGQAwaO23HbetIBpqOOovSsLUvL-q2w3eWEqCbngx3vFlTK3cQobxlPGJa5Rflpk7xx91QVjG9Qc0Zk5ulHGxa9XNs1Me-57KVntityxpjCWod0pkmnVqIbbvT1tP7KiZgRf6my0ORMylZCo1DvtC92ekSh3L1Uk6c9cl8yNel9t0eVu5IsdpsXPk0Rk6dDdgQNVCnmA2fDoixw2LWtKwwr5eDQo&sai=AMfl-YRDrIpQ8DN29xJVXgiIwLTSYqug8ae_V70pnyUJKtkbyb6VsfZQPJPsLCs3wR5q1zv3Dy6DEWSoeXQsEJSeugtqd31_hGYWag0r51fZ-XpD6O0D5JmOVLGfXJOXkcpO&sig=Cg0ArKJSzFF51EIRcyLsEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 pubads_impl_2022040601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 7D8D 369 KB
125 KB 44ms
44ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

e39d8d1a1f8935d9609168b378a0caf1697fff05bfb0ade214447b65071f1f3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 13:46:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 447049
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128287
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 09:49:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 06 Apr 2023 13:46:18 GMT

GET
H3 200 pubads_impl_2022040601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 6964 369 KB
125 KB 52ms
51ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js?cb=31067022

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

e39d8d1a1f8935d9609168b378a0caf1697fff05bfb0ade214447b65071f1f3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:42:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 896
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128287
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 09:49:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 11 Apr 2023 17:42:11 GMT

GET
H2 200 2153467.js Show response
js.hs-analytics.net/analytics/1649699700000/ 62 KB
20 KB 230ms
197ms Script
text/javascript 2606:4700::6811:47b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1649699700000/2153467.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2153467.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e9ce5f71d5199340f9f109561dc1a65bcbba9d4d1ac51546e04ae69f2695784

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 3DRFPKEJ0RBAGQG4
x-amz-server-side-encryption: AES256
cf-ray: 6fa59a5148946951-FRA
x-amz-id-2: yb7aCAIJcCt35M+3a8GAbYSyHCRYeDQnDJM6ZEZhaiELXJCJ+lJT7/FWHZy452PJ6c09LG+qX/E=
last-modified: Thu, 24 Feb 2022 12:07:10 GMT
server: cloudflare
etag: W/"1fa5c84f0d8dafc6fe327ea7de52c297"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Mon, 11 Apr 2022 18:02:07 GMT

GET
H2 200 2153467.js Show response
js.hs-banner.com/ 61 KB
16 KB 508ms
470ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/2153467.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2153467.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a2814888079619c511d69af17514a0c7bb4f942be94784bcbf85f68fcea6f7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: GJHF79D2QHFT6QED
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: cvFvT6k7JSpEJp1b8mAVOR+bn00jm4RiAZlOEfqvNS9VfDzXk4DoqHHTBMBOtvNXt7wPWjh+YGI=
timing-allow-origin: *
last-modified: Thu, 17 Feb 2022 20:45:11 GMT
server: cloudflare
etag: W/"fe1f8d01c1ccff5464f811298450eadd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: P7RL02J__oOn5v952CjOhmYEuyztTg7c
access-control-allow-origin: https://www.fedscoop.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 6fa59a515b939b82-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Mon, 11 Apr 2022 18:02:07 GMT

GET
H3 200 TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
fonts.gstatic.com/s/oswald/v47/ 10 KB
10 KB 87ms
40ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v47/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a354f3d28b56276cc1c16d970f65ddb3ecec48cb1b79a1a32e0e3929e584607

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyberscoop.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 23:35:55 GMT
x-content-type-options: nosniff
age: 325272
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9828
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:03:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 07 Apr 2023 23:35:55 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame E708 107 B
122 B 116ms
67ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame E708 107 B
122 B 117ms
68ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame E708 51 KB
20 KB 105ms
105ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2128260776335679&correlator=1461613191029747&output=ldjh&gdfp_req=1&vrg=2022040601&ptt=17&impl=fif&iu_parts=18430785%2CCyberScoop_Article_Leaderboard_970x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=980x250%7C970x250%7C728x90%7C970x90&ifi=1&adks=13849420&sfv=1-0-38&ecs=20220411&fsapi=false&prev_scp=Tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&sc=1&cookie=ID%3De11af6816a2d6b47-2228f0f574cd007b%3AT%3D1649699826%3AS%3DALNI_MYiyWZnzxIh7rXKiiWsJ16L5fgb8g&cdm=www.cyberscoop.com&abxe=1&dt=1649699827429&lmt=1649699827&dlt=1649699827166&idt=248&biw=1600&bih=1200&isw=1600&ish=150&adxs=0&adys=170&ucis=1af5dz64dcdp&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fwww.cyberscoop.com%2Fadvertising%2F%3Fid%3Dleaderboard%26parent_id%3Dad-7fMKFVjPxd-leaderboard%26categories%3Dthreats%26tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&ref=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&top=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&frm=23&vis=1&scr_x=0&scr_y=0&psz=1600x150&msz=970x-1&fws=0&ohw=0&ga_vid=1355176345.1649699827&ga_sid=1649699827&ga_hid=141490928&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

2448c013f4c29878b245f3fc4d33aa25fb8b074edc10aaf09c717628f9d9d45b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20238
x-xss-protection: 0
google-lineitem-id: 5968296710
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138386533898
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
609276d1eeba0ce441bcca168b54f909.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0D34 6 KB
3 KB 73ms
46ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://609276d1eeba0ce441bcca168b54f909.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:57:07 GMT
expires: Tue, 11 Apr 2023 17:57:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame D77E 107 B
122 B 82ms
59ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame D77E 107 B
122 B 83ms
58ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame D77E 51 KB
20 KB 91ms
91ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1035443979159835&correlator=917755777218576&eid=31066948&output=ldjh&gdfp_req=1&vrg=2022040601&ptt=17&impl=fif&iu_parts=18430785%2CCyberScoop_Article_Left_Rail_300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=1&adks=4064999910&sfv=1-0-38&ecs=20220411&fsapi=false&prev_scp=position%3Dstatic%26Tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk%26categories%3Dthreats&sc=1&cookie=ID%3De11af6816a2d6b47-2228f0f574cd007b%3AT%3D1649699826%3AS%3DALNI_MYiyWZnzxIh7rXKiiWsJ16L5fgb8g&cdm=www.cyberscoop.com&abxe=1&dt=1649699827451&lmt=1649699827&dlt=1649699827212&idt=232&biw=1600&bih=1200&isw=310&ish=250&adxs=983&adys=1340&ucis=qb10i4yzfp5h&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fwww.cyberscoop.com%2Fadvertising%2F%3Fid%3Darticle%26position%3Dstatic%26category%3Dthreats%26tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&ref=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&top=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&frm=23&vis=1&scr_x=0&scr_y=0&psz=310x250&msz=300x-1&fws=256&ohw=0&ea=0&ga_vid=1355176345.1649699827&ga_sid=1649699827&ga_hid=267417257&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

f2ede6e484d21f1c3c0f255c66fad1617575d290d010b6aa279cece2197b7698

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20116
x-xss-protection: 0
google-lineitem-id: 5968296710
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138386533697
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
919587ec7067bac034576aed656b7bb5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2AA2 6 KB
3 KB 65ms
46ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://919587ec7067bac034576aed656b7bb5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:57:07 GMT
expires: Tue, 11 Apr 2023 17:57:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 7D8D 107 B
122 B 59ms
48ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 7D8D 107 B
122 B 61ms
48ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 7D8D 20 KB
9 KB 81ms
81ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4304073529666621&correlator=2686551203715213&output=ldjh&gdfp_req=1&vrg=2022040601&ptt=17&impl=fif&iu_parts=18430785%2CCyberScoop_Cat_Art_Bottom_980x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=980x250%7C970x250%7C728x90%7C970x90&ifi=1&adks=3048910702&sfv=1-0-38&ecs=20220411&fsapi=false&prev_scp=position%3Dbottom%26categories%3Dthreats%26Tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&sc=1&cookie=ID%3De11af6816a2d6b47-2228f0f574cd007b%3AT%3D1649699826%3AS%3DALNI_MYiyWZnzxIh7rXKiiWsJ16L5fgb8g&cdm=www.cyberscoop.com&abxe=1&dt=1649699827462&lmt=1649699827&dlt=1649699827237&idt=220&biw=1600&bih=1200&isw=980&ish=250&adxs=0&adys=3374&ucis=abv9v1aiztjt&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fwww.cyberscoop.com%2Fadvertising%2F%3Fid%3Dbillboard%26position%3Dbottom%26parent_id%3Dad-dD6vT26D2k-billboard%26category%3Dthreats%26tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&ref=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&top=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&frm=23&vis=1&scr_x=0&scr_y=0&psz=980x250&msz=980x-1&fws=256&ohw=0&ea=0&ga_vid=1355176345.1649699827&ga_sid=1649699827&ga_hid=1753502869&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

7709fc29d41f4362ad6f8e064e3cfdd83b2c94a2edafe586a816fe94a8a3aee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9192
x-xss-protection: 0
google-lineitem-id: 5978757319
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138387610034
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1DEB 6 KB
3 KB 62ms
47ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:57:07 GMT
expires: Tue, 11 Apr 2023 17:57:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 6964 107 B
122 B 61ms
61ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js?cb=31067022

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 6964 107 B
122 B 62ms
62ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js?cb=31067022

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6964 51 KB
20 KB 92ms
91ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1170578067673967&correlator=2570061156023159&eid=31064836%2C31065714%2C31066023%2C31067022&output=ldjh&gdfp_req=1&vrg=2022040601&ptt=17&impl=fif&iu_parts=18430785%2CCyberScoop_HalfPage_300x600&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&ifi=1&adks=2863372106&sfv=1-0-38&ecs=20220411&fsapi=false&prev_scp=Tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&sc=1&cookie=ID%3De11af6816a2d6b47-2228f0f574cd007b%3AT%3D1649699826%3AS%3DALNI_MYiyWZnzxIh7rXKiiWsJ16L5fgb8g&cdm=www.cyberscoop.com&abxe=1&dt=1649699827483&lmt=1649699827&dlt=1649699827245&idt=224&biw=1600&bih=1200&isw=300&ish=600&adxs=983&adys=1605&ucis=rlkpdvxn3qun&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fwww.cyberscoop.com%2Fadvertising%2F%3Fid%3Dskyscraper%26position%3Dsticky%26categories%3Dthreats%26tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&ref=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&top=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&frm=23&vis=1&scr_x=0&scr_y=0&psz=300x600&msz=300x-1&fws=256&ohw=0&ea=0&ga_vid=1355176345.1649699827&ga_sid=1649699827&ga_hid=663127827&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js?cb=31067022

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

037c543a8819c3f8c8f9b08a89fb356df7829d6b94b7fb1d71e01b44783214b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20141
x-xss-protection: 0
google-lineitem-id: 5968296710
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138386533748
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
8a9dfb0f2a0fc5349577f67c14a4264d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 784A 0
0 62ms
47ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8a9dfb0f2a0fc5349577f67c14a4264d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js?cb=31067022

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:57:07 GMT
expires: Tue, 11 Apr 2023 17:57:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 7D8D 14 KB
11 KB 144ms
53ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022040601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d30b2cb5c48b25a71600ddd028db634774dbf8bb833a69003237704f626912be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10558
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D77E 14 KB
10 KB 152ms
61ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022040601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

39255065d04420da4614211fbaf9177d28831d4a0b0188b78b3f515c5ea91bad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10680
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7B88 0
0 69ms
69ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvK3JwQsjrkR4A1nfBlZ36Bz-01ZdHBNlkGBW052qKGZHb_zuownHcu63ZnUIZS8N-DdmgzXY6MnqQAtABocJF138k-O_xHZKBYqZ0KPFAOIPvVK6jH7JBQFldrer575H_ws9rMics3xRgEHEdMztik4micv02v3oMDPt6pVzjM9qoF5lC7Q1XGWt55uVOpijoA2SyGrxM5rk7iPs-h-egJM2PNiLMBlmfAUYP0CXLDvHidz1Xuph4FaDJr2cCobGBdrQ9ZpjyBZ8K-xeUrJzZqPsMld_j2VuQRHCCTpQBonnkgMyIOSB8UOKdHjmV4l3t8a0rfSbmVSxyOIEnaoP9RdKSzSg&sig=Cg0ArKJSzGt3lvNScaD_EAE&uach_m=[UACH]&adurl=

Requested by

Host: t.co
URL: https://t.co/TCQ1mTcmuZ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame 7B88 19 KB
8 KB 96ms
46ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
server: cafe
etag: 3330746967810570135
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:53:16 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 7B88 3 KB
1 KB 159ms
109ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:55:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:55:20 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7B88 0
0 47ms
47ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQP__hq1nVmPXboAOM8xX1V7i_jzFgfqGtOyIqbR3MdFhr1BoXfBfM0xzSvnXWw9iyxVmdnc1Fy9zExvujesqELUjjLMA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7B88 119 KB
36 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649247338736001"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 17685938242786572475
tpc.googlesyndication.com/simgad/ Frame 7B88 26 KB
26 KB 101ms
52ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17685938242786572475

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8a139b98f6ecab8ac64f9f3efeaf20dcf249d2ea7a8107ecf542773dafbf43c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 06:06:50 GMT
x-content-type-options: nosniff
age: 42617
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26440
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 14:55:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/content-ads-owners
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 11 Apr 2023 06:06:50 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 545F 0
0 70ms
68ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvDyBuZnqAjrU0Baqo4ZuFf8GEyl2V9VMBfO-M6prH8Vv1HcHSWuJMwpRNhnXaqqs6Cwe9ForGug8l_bRAEvVZPGp1DVC_l9TmxtJi_D7GWT7Eg76GjhtOuBdgLD8HRaMj1vzQ2X65sEPHTQCdYbknLzWnWen78cbQFR6NqIC2M6jspytOgN2GJR-oOzTQKNn1FyC-5KlWc-xA3pXMOy5C1lG867Q9efUKcFDSdZqY_Rt2_ch8PAlPkxbTAMF-fHPT5FrK3VUKPTCyjH5qI4uiPPelUOXn_bXSsc-PI5KBTV0s1GgjEgMzRv5eCyjqWzEfTb5EzTL-IVUuXEwtYkQE6jr5z&sig=Cg0ArKJSzKcV8NwkIndzEAE&uach_m=[UACH]&adurl=

Requested by

Host: t.co
URL: https://t.co/TCQ1mTcmuZ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 11905553150061083031
tpc.googlesyndication.com/simgad/ Frame 545F 34 KB
34 KB 91ms
67ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11905553150061083031

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6da910cac661707f7fff5c164ebd92424bcdd4a4f6117be5f562b683796ff768

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 13:04:15 GMT
x-content-type-options: nosniff
age: 17572
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34413
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 14:54:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 11 Apr 2023 13:04:15 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame 545F 19 KB
8 KB 63ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
server: cafe
etag: 3330746967810570135
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:53:16 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 545F 3 KB
1 KB 62ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:55:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:55:20 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 545F 119 KB
36 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649247338736001"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 container.html Show response
fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 91CA 6 KB
3 KB 89ms
40ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:57:07 GMT
expires: Tue, 11 Apr 2023 17:57:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F802 0
0 68ms
68ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvQYDr8NkD2-7uCD3n_mHctAFyWkNduj5jU4ClSELXD4M1X8RVHTACGNCTkBuQ-7wgQ2hKMHKbYAXDoe_LmyoUUaJcodPJxPbgRtFlQsPCQTSTOiAAOQiml1aNyRiWeGL53CC9bFarEvkOLTQzCs51jI0TAyZgWFK84iDWiu_Yt4QDG04Sl_iqYgDDhue-PuQ6YPHBZxaMfHb_wYbmvYAQ8RyFXlL4LtGtSwfVt5ywR8lRZFBciSoPBaRI02BPQBKcQkzz0j7pGFp3TBxJs4SXARr9_JtaTGXysBqBbTBHGSbZoVLJ6_uvCd6MN-yFyXvP4ZX2m1F-agBBY&sig=Cg0ArKJSzGHFAM5RGME3EAE&uach_m=[UACH]&adurl=

Requested by

Host: t.co
URL: https://t.co/TCQ1mTcmuZ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame F802 19 KB
8 KB 76ms
76ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js?cb=31067022

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
server: cafe
etag: 3330746967810570135
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:53:16 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame F802 3 KB
1 KB 102ms
102ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js?cb=31067022

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:55:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:55:20 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame F802 0
0 47ms
46ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ1uEKiefnqEruZPvNFWvNR4E5Jts7D3wcOllP64jcxzEwcY1vUo6kUzsz7zrxti3ksKKJPGdnArX557XfPi7o4OddsIQ
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js?cb=31067022
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F802 119 KB
36 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js?cb=31067022

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649247338736001"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 3257625637723061202
tpc.googlesyndication.com/simgad/ Frame F802 92 KB
92 KB 105ms
105ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3257625637723061202

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js?cb=31067022

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2521694437d8a950eebbb438b81744a054a28465e77c3dea25a39794da581b45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 11:32:56 GMT
x-content-type-options: nosniff
age: 23051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94222
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 14:55:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 11 Apr 2023 11:32:56 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame A2CC 0
18 B 17ms
7ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.cyberscoop.com
Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.cyberscoop.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:57:07 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
DATA 200
OK truncated
/ Frame 545F 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 430f885750bdec47578f2b28d237418d02cddbf35587dac07cffc480506dbedd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7B88 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 314f9e672636d983dd21e14a13a60f6e32563fdf9a52cda18195ccf9ffe2d694

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7B88 0
0 68ms
67ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvheCeos14foglkY0ClqFHrd4D2w_SPTbkOqFFGtYJXcGsKGV_yb2PclJ2MGEOQmmpBrcDH96Wswbe3TaO3AMf5mL90coHraIdejj1CVFt8x4FCVLc4Tg7QI1_6yTpLr9-vYOkYgukKYX9Za3_rerr-Uxd3VWXisnKd7QZHIeTfKEqB_742LHIOWg7i68etUKEqeqP7TJwd6aEthe7AeoIebOAQjjjARppnbya7PM5FKjh7-ie2aIUhrch9LU49xLTMHgarH8eHdm8tMUCVbjRoBkOah7T7spb5KgU2FFdh76K2IoYvEjixFOL8a15fyR1uc5NmpMz8JlIdR2LgJVm7XfApDYv9&sig=Cg0ArKJSzNKOPvAUIZuUEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 7D8D 17 KB
6 KB 72ms
72ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 91CA 22 KB
7 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 08:13:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35047
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 11 Apr 2023 08:13:00 GMT

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 91CA 24 KB
9 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54a939394825575b171c8150a8da84dc9684f6a722835ffbfab7ab132032cec5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:41:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 965
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9367
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:04:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 11 Apr 2022 18:41:02 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 91CA 119 KB
36 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649247338736001"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
DATA 200
OK truncated
/ Frame F802 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 199f06cd782a418c46a902ddd2f54e30795a6d6a0f9f782107f8787121d4536c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D77E 17 KB
6 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 545F 0
0 67ms
67ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss_7cU2-pGuAWlBqb8kQ1Hvv3ynnY6xfWkXYH2OQtq1GqiHDSdlB8T_9oEF9cvlWk9HuWIE001IUCVFJLVFO8VyU_-TO372ccf0e6-cHr2xgqOr9Ysk3exMpsNVzonALTlhxkMWqhtMBLuvlljINSeKtqGDQbEGJZNpmjquAXZnyvKEEdV5kLeJKonF5CeY1k24o4FhD_MQfknr14uJEOiwJl_JSSmTOhG0o-X3vfyW1ZDNUwTHpZpINbC371epcALFiJgD_kRqhoDCC09wULodvmj1dNzqFeiZ_ryAYUOtlKsRHS57HZR0Q8rcCgzUtYm9EderkO0BSpdVvjjv7Ls23XJIehg&sig=Cg0ArKJSzJfJnUxzTHBuEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E708 14 KB
10 KB 109ms
62ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022040601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb96565e94d1ebfaf4ce0df3d294a3aab2a72f131ad0bc778dc0840bc2269a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10641
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 91CA 0
0 68ms
68ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst_OM-l8vNTgmWjV2GFycTowsPpN2kBWbBIT-f7NCZCPqvtdXh9_NG21FUB2f-P_ibeysX_EqBJkaXzLUCm_OA62uqIyNXU0H3R7OrWQhuXJCdbk4-tdyYlAlKz-z0Mfet9RLjWGRf2Pj5WRRJf9YlkHPKA711lTtwMuqXLqqOs1aeOBLLL_QqTjsFHs8pZ3xTwbh5IsNKLkZn3CiU5GJ0WINk5FqYajaVrStXxa9AnpxEGrDJo1KunZKQxYg6yKy95etHGRYlh8Qg_qO-FyQwsDeJbiVPK0zGnAlAu_ccjsqVnW5D95g74tAEiazy5Z9-XBgzQv4Hwe7Jk8FcMFnGN&sig=Cg0ArKJSzHVVLkYPAK52EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 impl_v85.js Show response
www.googletagservices.com/dcm/ Frame 91CA 42 KB
17 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v85.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 13:41:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 447365
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17382
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 17:13:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 06 Apr 2023 13:41:02 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F802 0
0 69ms
68ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuR7IbBunD9ksuEh01OgHnSr9mDI0vC009433ZMrWrFXDOGvrhnw7xa_OEdyBkEcqzeMxy__-yu2vKXLdPy1O9cvkOZt-gwgk-KcxLWE0ZROKv-T4tQo7HOCfQ0q0tWgpgYlxBwfqkhD1vhMR8CyY-aQ3SfZkJx1K-iSqRhZjqe6wXVGSfIx9iwiwlPNgZM2eCybIFrrBKbOM6FpKDjGo1nvQ0op0nF4wc-3Eq_TcGOSzxxEy-e7Vhf9mW0Re2PeS-vVw4IaxdoV0PJSTg9Sy4NBTNq3jxbf5XcBpDLjoFs0QP_gbAPnGOiUSEtkNnejuGpTeEtxDIqLvbAjOU&sig=Cg0ArKJSzMDTaQvj_-yzEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6964 14 KB
10 KB 58ms
55ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022040601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js?cb=31067022

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f24c0a67e6e9c53f9411dbcf7ccc93975ec1781e7d511d0bf1a1d92454c184e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10541
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9CAF 13 KB
5 KB 43ms
42ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1156
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:37:51 GMT
expires: Tue, 11 Apr 2023 17:37:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5DA7 783 B
537 B 51ms
51ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ed819150a1d1825f54d8fcccc7fd9abfd1151aac3bf16a2bc91f4fc4d6b375b0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9UZno5FLWjUqa0M4jkTY+Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 515
content-security-policy: script-src 'report-sample' 'nonce-9UZno5FLWjUqa0M4jkTY+Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:57:07 GMT
expires: Mon, 11 Apr 2022 17:57:07 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9F30 13 KB
5 KB 39ms
38ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1156
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:37:51 GMT
expires: Tue, 11 Apr 2023 17:37:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5D98 783 B
535 B 48ms
48ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4099e0cd6f40487882463e86d178e9a8eabcc1c3d1af59bd25072c73498170a1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-E99wv0BzMOjcqPBMOx9EMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-E99wv0BzMOjcqPBMOx9EMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:57:07 GMT
expires: Mon, 11 Apr 2022 17:57:07 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 B27401599.330934913;dc_ver=85.249;dc_eid=40004001;sz=728x90;u_sd=1;u=u%3Dtv2_pai~dc_imi~_dsp~_bid~;dc_adk=2313985828;ord=y0688f;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DA... Show response
ad.doubleclick.net/ddm/adj/N2998.138004FEDSCOOP.COM/ Frame 91CA 76 KB
29 KB 141ms
67ms Script
text/javascript 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N2998.138004FEDSCOOP.COM/B27401599.330934913;dc_ver=85.249;dc_eid=40004001;sz=728x90;u_sd=1;u=u%3Dtv2_pai~dc_imi~_dsp~_bid~;dc_adk=2313985828;ord=y0688f;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsuVT4xmKxH5dxWTJO3WqHihz8Cm-PdM_Yt3PmiNuCPP7U85GLB452F8DFpgayc6nuMWyZrdAsQMPO-LB3txIzN_1k_D1xg_IT3I1NfVGXkkM-DrTE5pJ0qBG6qUtXzJKbkDa0SVaUmnrqlffNgLOaIjddyZEcU_EYABzsRZF9XXv5EbYUFG03wUN9xpThdYZuyUEKeWCTHjlpTl79ZOeSau62D0oDTq6He-uyRzAmD0qIkZSvsxSFhlVv_RQf7frAcxiYClZi4KUyhmK1DKMgLo8xKOZNfKQcoHhrQe5Z9BixHzIaoYWF8ir-t0BNax4I0t6B1OqX6NXW0kr-gr%26sig%3DCg0ArKJSzIFZL2UC6KTlEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=2,https%3A%2F%2Fwww.cyberscoop.com$2,https%3A%2F%2Fwww.cyberscoop.com%2F$0;xdt=1;crlt=0G'It)mZU8;sttr=54;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v85.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

9844330a3273f6a42cfe1be928eda78257f6e0dae91b5b0d9d6d4594caee1b63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28983
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E708 17 KB
6 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6964 17 KB
6 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js?cb=31067022

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:57:07 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5DA7 0
0 137ms
90ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022040601&jk=4304073529666621&rc=
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js Show response
pagead2.googlesyndication.com/bg/ Frame 9CAF 35 KB
13 KB 86ms
40ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f452a67982ee40951db3f91c960684568202756b3a36038528e1abb1a913f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 05:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13627
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 05:39:55 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5D98 0
0 135ms
89ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022040601&jk=1035443979159835&rc=
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js Show response
pagead2.googlesyndication.com/bg/ Frame 9F30 35 KB
13 KB 84ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f452a67982ee40951db3f91c960684568202756b3a36038528e1abb1a913f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 05:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13627
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 05:39:55 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 12F8 13 KB
5 KB 39ms
38ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1156
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:37:51 GMT
expires: Tue, 11 Apr 2023 17:37:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C2A2 783 B
535 B 51ms
50ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5267c83142a006e9d40e005c4c8c1f7a1b4fcba921decb6beb80bebffb2cb18d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jQM5OKSSgj+SzpRlJFwrEA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-jQM5OKSSgj+SzpRlJFwrEA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:57:07 GMT
expires: Mon, 11 Apr 2022 17:57:07 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BF2B 13 KB
5 KB 40ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1156
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:37:51 GMT
expires: Tue, 11 Apr 2023 17:37:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DFF8 783 B
534 B 49ms
48ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f7455f57e11eefec8bb0f154d17b7227c1075111c0914647d8a4f7a8c97a938d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zseW5SyIXzvih8/0WSgOlg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-zseW5SyIXzvih8/0WSgOlg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:57:07 GMT
expires: Mon, 11 Apr 2022 17:57:07 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/982525/62068897/ Frame 91CA 46 KB
12 KB 208ms
31ms Script
application/javascript 34.255.51.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/982525/62068897/skeleton.js
Requested by: Host: t.co
URL: https://t.co/TCQ1mTcmuZ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.51.86 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-51-86.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2638a882dca5470d5eadc82adf87a1b69f287969a5ab177e5dabb74ef942c601

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:08 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 91CA 106 KB
38 KB 218ms
39ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: t.co
URL: https://t.co/TCQ1mTcmuZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
Origin: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 09:31:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30362
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 09:31:06 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/elements/html/ Frame 91CA 8 KB
3 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N2998.138004FEDSCOOP.COM/B27401599.330934913;dc_ver=85.249;dc_eid=40004001;sz=728x90;u_sd=1;u=u%3Dtv2_pai~dc_imi~_dsp~_bid~;dc_adk=2313985828;ord=y0688f;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsuVT4xmKxH5dxWTJO3WqHihz8Cm-PdM_Yt3PmiNuCPP7U85GLB452F8DFpgayc6nuMWyZrdAsQMPO-LB3txIzN_1k_D1xg_IT3I1NfVGXkkM-DrTE5pJ0qBG6qUtXzJKbkDa0SVaUmnrqlffNgLOaIjddyZEcU_EYABzsRZF9XXv5EbYUFG03wUN9xpThdYZuyUEKeWCTHjlpTl79ZOeSau62D0oDTq6He-uyRzAmD0qIkZSvsxSFhlVv_RQf7frAcxiYClZi4KUyhmK1DKMgLo8xKOZNfKQcoHhrQe5Z9BixHzIaoYWF8ir-t0BNax4I0t6B1OqX6NXW0kr-gr%26sig%3DCg0ArKJSzIFZL2UC6KTlEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=2,https%3A%2F%2Fwww.cyberscoop.com$2,https%3A%2F%2Fwww.cyberscoop.com%2F$0;xdt=1;crlt=0G'It)mZU8;sttr=54;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:47:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 597
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:47:11 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 91CA 41 KB
15 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: t.co
URL: https://t.co/TCQ1mTcmuZ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 08:13:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35045
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Apr 2023 08:13:03 GMT

GET
H3 200 yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js Show response
pagead2.googlesyndication.com/bg/ Frame 12F8 35 KB
13 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f452a67982ee40951db3f91c960684568202756b3a36038528e1abb1a913f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 05:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44233
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13627
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 05:39:55 GMT

GET
DATA 200
OK truncated
/ Frame 91CA 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3c32ceb102dacdd3a46ac2ab3a26bac6c6c9a60e5318a73e36629eb9fff854dd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C2A2 0
0 88ms
87ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022040601&jk=2128260776335679&rc=
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DFF8 0
0 90ms
90ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022040601&jk=1170578067673967&rc=
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1799 22 KB
8 KB 40ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 35045
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 08:13:03 GMT
expires: Tue, 11 Apr 2023 08:13:03 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js Show response
pagead2.googlesyndication.com/bg/ Frame BF2B 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f452a67982ee40951db3f91c960684568202756b3a36038528e1abb1a913f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 05:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44233
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13627
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 05:39:55 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9CAF 0
9 B 39ms
39ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-A_d5w
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9F30 0
9 B 39ms
38ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?W8Q9XA
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 204 unip Show response
trc-events.taboola.com/1035174/log/3/ 0
249 B 47ms
15ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1035174/log/3/unip?en=pre_d_eng_tb&tos=1599&scd=31&ssd=1&est=1649699826591&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1649699828191&mrir=u&vi=1649699826589&ref=https%3A%2F%2Ft.co%2F&cv=20220410-1-RELEASE&item-url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/fedscoop-sc/tfa.js?ver=5.9.3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: https://www.cyberscoop.com
pragma: no-cache
date: Mon, 11 Apr 2022 17:57:08 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 200 main.gr.19.8.299.js Show response
static.adsafeprotected.com/ Frame 91CA 189 KB
60 KB 121ms
35ms Script
application/javascript 2600:9000:20e8:7e00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.299.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/982525/62068897/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:7e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 86a676d25a23c478b5064a3f6d9275179f67de2bbebe1bfa842719f73658650a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 07 Mar 2022 20:37:01 GMT
content-encoding: gzip
age: 3014408
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 01 Mar 2022 19:11:01 GMT
server: AmazonS3
etag: W/"587738d3e44b43a2620f42eb51d89fbf"
vary: Accept-Encoding
x-amz-version-id: kp2GPcLunARmvxyYiu0RKpd0_UaoR.nW
via: 1.1 700e1fc650af7cfb451dbdb8d79d4106.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: TXL52-C1
content-type: application/javascript
x-amz-cf-id: clp-ImjZZwwOleWlmMzkM8EaO9oUwbisO61DZuS8iY-74iNmpwueAg==

GET
H3 200 UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js Show response
pagead2.googlesyndication.com/bg/ Frame 1799 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5144138fd70f1ac31532abc43b12dda241d5efd980098a378dcd2ba44c261d9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 11:03:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24832
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13701
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 11:03:16 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 12F8 0
9 B 39ms
38ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?7N5Mkg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 ca Show response
choices.truste.com/ Frame 91CA 28 KB
8 KB 496ms
441ms Script
text/javascript 65.9.96.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=moxie01&aid=moxie_verizon01&cid=27401599&js=st0
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-20.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: a6f4655713c233eb9a640f19bcdbf5c96c35f7c6db6f0eb5ac5e9e63ac847b4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:08 GMT
content-encoding: gzip
server: nginx
x-amz-cf-pop: PRG50-C1
vary: Accept-Encoding, Origin
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 3544838dca6112dd616da017a568e76a.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 8074
x-amz-cf-id: vIVdchgEV9K8bbZyOIVBM3YWUgbb8BligkZ0Zr1UW5G5sMfhqEaU_A==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 91CA 47 KB
13 KB 46ms
30ms Script
application/javascript 34.255.51.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=925175&adsafe_par&uId=u=tv2_pai~dc_imi~_dsp~_bid~&advId=9847203&campId=27401599&pubId=6067357&chanId=169315568&placementId=330934913
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.51.86 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-51-86.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3b2db5b0287e3abf120c48540d6b9b3ae50c415860d42b4562a63041c6524730

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:08 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html Show response
s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/ Frame FC8B 32 KB
9 KB 137ms
90ms Document
text/html 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee6140f9565f77214963898baa998952e8ce494985b5468bdbf8dbaf3270ed1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 8977
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:57:08 GMT
expires: Tue, 12 Apr 2022 17:57:08 GMT
last-modified: Wed, 06 Apr 2022 00:36:42 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 91CA 0
575 B 168ms
69ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv94WOupK8Fvpu2ujynlLXWGztc7XduXU2NUmcc3ju4dWEgERsvDFwPXXGdXue12-Jhgo4JvXfcerBexvsGIh6MHhS9McNYo7cEZgCqwGQfvSk80XK6td623h3761DjYY4H2l8HeGkmS8K8TIlyRW5QvAHRBW8&sig=Cg0ArKJSzPnjcGV3rwd3EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=285&cbvp=1&cstd=283&cisv=r20220406.00382&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: t.co
URL: https://t.co/TCQ1mTcmuZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

firstevent
verizon.demdex.net/ Frame 91CA
Redirect Chain

https://verizon.demdex.net/event?d_event=imp&d_src=125851&d_site=6067357&d_creative=169315568&d_bu=9847203&d_placement=330934913&d_campaign=27401599
https://verizon.demdex.net/firstevent?d_event=imp&d_src=125851&d_site=6067357&d_creative=169315568&d_bu=9847203&d_placement=330934913&d_campaign=27401599

42 B
951 B

35ms
35ms

Image
image/gif

52.212.211.89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://verizon.demdex.net/firstevent?d_event=imp&d_src=125851&d_site=6067357&d_creative=169315568&d_bu=9847203&d_placement=330934913&d_campaign=27401599

Requested by

Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Server

52.212.211.89 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-212-211-89.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v030-0f4cfb59d.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 4pVm9R2SRp4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v030-07884c322.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: kUVxJ01yRbk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://verizon.demdex.net/firstevent?d_event=imp&d_src=125851&d_site=6067357&d_creative=169315568&d_bu=9847203&d_placement=330934913&d_campaign=27401599
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EB4B 42 B
64 B 72ms
71ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvCEgYRHWrC-qnybe54WNrmpi8bltf8qNkiK8FcTNQ-DHupUwMhWcoprWLacklDRLk_ihfJOkeEYDgswAgO1A3W401oyHNfUw_kdJiwPHJ0BIwHCfax&sig=Cg0ArKJSzJzgqFcD_dJXEAE&id=lidar2&mcvt=1028&p=371,480,851,1121&mtos=1028,1028,1028,1028,1028&tos=1028,0,0,0,0&v=20220406&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=113530204&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649699827082&rpt=197&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame BF2B 0
9 B 39ms
38ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?6kIsYw
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame FC8B 105 KB
35 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35824
x-xss-protection: 0
last-modified: Fri, 09 Oct 2015 14:01:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Apr 2022 17:57:08 GMT

GET
H2 200 TextPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.5/plugins/ Frame FC8B 2 KB
2 KB 44ms
26ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.5/plugins/TextPlugin.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5a7439738e33f6ba4f019f53528b4f721a4d7fbeee9f0c298d3e035484dcea1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3655904
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 876
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-926"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0oDp79d1Z1N0nfglt%2FqXp1wH5NzE6jb0tXF6bYI2ODPmDv3VMQAPTW7S6%2BnlKErhH9hTXuSMZan5lEx6GQAotTxE%2FWeRZ7bf%2B9d6YCDPSyNkC5rdv7ebZXo18Hw1lBvm4dSmV05Ws6yZZh4soqgclkmw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6fa59a57f8075b44-FRA
expires: Sat, 01 Apr 2023 17:57:08 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 91CA
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/982525/62068897/skeleton.js?adsafe_url=https%3A%2F%2Fwww.cyberscoop.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.cyberscoop.com%2F&adsafe_type=e&adsafe_url=h...
https://static.adsafeprotected.com/skeleton.js

17 B
464 B

34ms
34ms

Script
application/javascript

2600:9000:20e8:7e00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Server: 2600:9000:20e8:7e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
via: 1.1 700e1fc650af7cfb451dbdb8d79d4106.cloudfront.net (CloudFront)
age: 4766345
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
cache-control: max-age=315360000
x-amz-cf-pop: TXL52-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: DhSowcNfss-hegAlq_2bAMeV08RWfoJdUgq_x48Zwd0nncLOCXOm1g==

Redirect headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:08 GMT
x-server-name: app09.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame F310 80 KB
21 KB 35ms
35ms Script
application/javascript 2600:9000:20e8:7e00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:7e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
content-encoding: gzip
age: 4766345
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 700e1fc650af7cfb451dbdb8d79d4106.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: TXL52-C1
content-type: application/javascript
x-amz-cf-id: V7ChkUYCmYBK4hAJbAsKENKw0z0spq5kyZQF7E8DnnuEsnrONerEeg==

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 91CA 43 B
301 B 320ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=7eea6233-62ea-5cfd-7d29-97415106f7e8&tv=%7Bc:9v5Jw2,pingTime:-3,time:239,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:208%7D,%7Bpiv:0,vs:o,r:l,t:238%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:240,n:238,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:208,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B43~1,0~0%5D,as:%5B43~728.90%5D%7D%7D,%7Bsl:o,t:238,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t2IImej+111%7C112%7C113%7C121%7C122%7C123%7C131%7C132%7C133%7C141*.982525-62068897%7C14111%7C1412%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:141*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:57:08 GMT
X-Server-Name: dt59.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 91CA 43 B
301 B 319ms
97ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=7eea6233-62ea-5cfd-7d29-97415106f7e8&tv=%7Bc:9v5Jw4,pingTime:-6,time:241,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:241,n:238,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:208,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B43~1,0~0%5D,as:%5B43~728.90%5D%7D%7D,%7Bsl:o,t:238,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B2~0%5D,as:%5B2~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t2IImej+111%7C112%7C113%7C121%7C122%7C123%7C131%7C132%7C133%7C141*.982525-62068897%7C14111%7C1412%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:141*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&tpiLookup=ao:www.cyberscoop.com*%2Cwww.cyberscoop.com*&br=c
Requested by: Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:57:08 GMT
X-Server-Name: dt58.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 91CA 43 B
301 B 311ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=7eea6233-62ea-5cfd-7d29-97415106f7e8&tv=%7Bc:9v5Jwc,pingTime:-2,time:249,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:422,bdZ:652,beA:683,beZ:684,mfA:876,cmA:877,inA:877,inZ:880,prA:880,prZ:886,si:892,poA:893,poZ:905,cmZ:905,mfZ:905,loA:924,loZ:926,ltA:932,ltZ:932%7D%7D,sca:%7Bdfp:%7Bdf:3,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:208%7D,%7Bpiv:0,vs:o,r:l,t:238%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:249,n:238,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:208,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B43~1,0~0%5D,as:%5B43~728.90%5D%7D%7D,%7Bsl:o,t:238,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B10~0%5D,as:%5B10~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t2IImej+111%7C112%7C113%7C121%7C122%7C123%7C131%7C132%7C133%7C141*.982525-62068897%7C14111%7C1412%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:141*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:39,readyFired:true%7D&br=c
Requested by: Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:57:08 GMT
X-Server-Name: dt38.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1799 0
20 B 74ms
73ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BaCLd82tUYq6xNtTX3gOPuqKYAQAAAAA4AeAEAg&bg=!kpGlkdXNAAZAkm7qYJI7ACkAdvg8WuLPLDaUIqehSP-iQIVTY-mutb4yNSzlb9KKf35OEA-3vqsQIwIAAACdUgAAAAJoAQcKAFFFGZOBCYAOao82rPtpUOO5Z7chWNIXwIG3s7VPVZJyjYJCTZxkpM2wlk32SsN3M4Lc1XYWvBwPRFO-xjhnHJ8SlNCpJj7o1uFGBTSSVSoACASZAxKMFp9fEPMca9BLR0GMeDwW88pfF8bZy5wnWtHHf1EHkM1y0hMhqv1x_gbjsW56AwBfQT5TSCMagAO6pnlJ-d-JUsUX5G8VIzQxrC0sPco7oNGOk1qwshJhqOlHMJMXya4A3_Ub9v-B11C1Ogdk34VrIOMNeSsASpkNMy1rdlB8C2Lr36zK5VwsonOUXHKksAfPK0qn7bvBa8c8m2tlletL5kQYsvo2J_Ic1UxCPCZfQBiBZnio7lL4H1bgtoc-PLuebsj1k5wotsKUJOgixLcjN_7lK250V0_8kDGWOliF3SN33889f-jmJjyGgkI-yXNcI9Cq2RrJPh-LcA097KB4g3CEzy8hLOXaDV_pvA_b4RyvmUenGdq1KnOT2w1SpIjR5XB_J1Xd8wU3q3ohPm6NiK4eyTyXZ5ASg_Rl7e2WUPPYp7xNDFG0P1-BAmX5l2x_-qlog_wAt5CoSqNA627bfTIUi2HGjIk5-gN80OAUQwntCtcty9wIJ4BkNBO8BtaGzZVt8dH_APbVCQ7AdoOnrkTaDr7rxePpdrorqCkeKLnTEm-Wp9v3Oqm4kfWP37DbR3rxAQ4zIyMDIK5vfm7NuHMxml9Us26HyRp3vDFRI_SCY2tqbH5l6NYl5cr6nNMoiDxhWralwjSH93eWZSe6WpwIPR2rqlcj8QdC1Etq9hRaD8GSwrvnIKzdkYLdkD5-4nfn90cS2grpv4qb3j_PKTOb3_aVooesJ6FpZ-5bSo59GdoFwDCMGQw22tlFWBROX0-wsdRpF13u90sz9MkjBQG8xXVHCjBm31D00UX0bNCWmAj5uPWkf1sydDgvVMizBbgltYC36oSMYJTVjkQUJ5vh0lC7eEKzwz5GlXP52cNv5E_fxBg8mwC3zdyL4djPR4PwcL72woT2WXBqW-KTq9bwSSLXgO-oj0nTFHGbAbMtxfy8pyBy6zinURfti69WZD_zLpbSJO_qwbNg7v_ygCXpF87lycLLdKSzhP2zVVyaKR54x5NHfQk0dNUd56q3ZqamG_iRgvRUnoUSDYIOk5E

Requested by

Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 NHaasGroteskDSStd-75Bd.woff
s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/ Frame FC8B 19 KB
19 KB 41ms
40ms Font
font/woff 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/NHaasGroteskDSStd-75Bd.woff

Requested by

Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6445d7a40af4beb89730cfddd9504c219af1cd71a4d07fb70e869e8eb80e752

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 11:46:17 GMT
x-content-type-options: nosniff
age: 22251
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19428
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:36:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 11:46:17 GMT

GET
H3 200 NHaasGroteskDSStd-55Rg.woff
s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/ Frame FC8B 18 KB
18 KB 53ms
53ms Font
font/woff 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/NHaasGroteskDSStd-55Rg.woff

Requested by

Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dc300d228c68e87716d8f0cf9d178b7e7418b4433ef51c96d2dbc2f60a59274

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 11:46:17 GMT
x-content-type-options: nosniff
age: 22251
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18604
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:36:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 11:46:17 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 91CA 0
26 B 109ms
69ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv94WOupK8Fvpu2ujynlLXWGztc7XduXU2NUmcc3ju4dWEgERsvDFwPXXGdXue12-Jhgo4JvXfcerBexvsGIh6MHhS9McNYo7cEZgCqwGQfvSk80XK6td623h3761DjYY4H2l8HeGkmS8K8TIlyRW5QvAHRBW8&sig=Cg0ArKJSzPnjcGV3rwd3EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=568&vt=11&dtpt=283&dett=3&cstd=283&cisv=r20220406.00382&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: t.co
URL: https://t.co/TCQ1mTcmuZ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 91CA 43 B
301 B 291ms
97ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=7eea6233-62ea-5cfd-7d29-97415106f7e8&tv=%7Bc:9v5JxU,time:355,type:e,im:%7Bimprf:%7Bttecl:586,ecd:74,tsecr:42%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:355,n:238,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:208,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B43~1,0~0%5D,as:%5B43~728.90%5D%7D%7D,%7Bsl:o,t:238,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B117~0%5D,as:%5B117~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t2IImej+111%7C112%7C113%7C121%7C122%7C123%7C131%7C132%7C133%7C141*.982525-62068897%7C14111%7C1412%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:141*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:57:08 GMT
X-Server-Name: dt43.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7B88 42 B
64 B 72ms
72ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsufADHIP9Oebqhl4h3lBbaCEwFLtrIrOPqorhzs7nslz0gYv6Qw9JqnWBZIrG5I0-ifuFDhSY0Xrr_egINDFsY8Yn8FXEBCbTuWQ02YLmZPr6mYzzx8&sig=Cg0ArKJSzPq2wnjU5ECFEAE&id=lidar2&mcvt=1001&p=170,436,260,1164&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220406&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=13849420&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649699827549&rpt=128&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7D8D 0
0 81ms
81ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022040601&jk=4304073529666621&bg=!f3ylfDjNAAZAkm7qYJI7ACkAdvg8WuXBCn1kKD_yP1OjWV-vw4lXMLaix91AjRn9IolJO4P5ds135QIAAADEUgAAAAJoAQcKAC0wm9ybVHSNxTuidW7CUciKmDQFnA_pIOntdIyf_si2NSjZzOMFb1Km8sotD62ZAr4D-pnDs3JFrrz0WeNIAvKGoZlH4J7HcQWRfjBu_7colnvj3TU_DGzaBMZEC1mDJfJruYtBnFGBuy1q2nJhOh6lacUCy3w-0b-j2bSl-phJYyvXaOTA-UUP8R9gNu4ueAonbZyERnOJc_ygFOq20v15FH4rkX9oqoq2Sj2p3_0qYKjDpDknfLRfUo4h-FYhqAYx0GufLI49OLS-oa3uHYEyn-vYicirBBNvqSMCoK6dmHkEc8lRD_8gZaqm4_0h3OjtLgHI5Ji1NljjJBVwi-A6e9pUPwKPiWm_vCoIQytH8aFhJkRbtvUp9qTgveSYzZC8X7DOrqvl1ofsEui_1jTIKv1UENxm9pQvT2pkIbnz1n_uixQTj56j75dyVIgTzcPDvwJj34_zaGtOlEqn1Gpp7h43l8oCtO8LyYihufJsO9ij-BFRSWUdgCqN5zr2kIJZg7bamsMNVL22IJM9I4jZEOcEzgMEaegRaEZ49bYUjN3OcEnHXPAe7DcesWaQ2m_wT7LlZjbjQu87flIN5fs3QsWeimYYp_vVYYDyp9lm9rxF-dp-5fBzFmB5nMcQoAgMpvznH5-VjWe1UWndcaA3u4qRgNBUtqwGQciezB5H5vjp4kpgEJx-uCAeuxAKrUWp_IRweEdP4NtzpC1GeCy7pwlJyyYo9I8gOTG9n270pT73Q4oBH6iDY4S5SDDSJSi3HZpCRxCj8s2I4SfVfVuukg5DTSKe4OpNlQIr8ZBBPAwNkXsBCW5YQ8xX4i4mBLId2637SSs_6_o0fVJ-WvqWUFTz7lduMZVN4j1QEwXNvYARCLDTZC1qYDxpQAX7dx5fYhM1SaT3wwGfqTAr0K98XvOWLR1Hr2bIaIJKKnZo0OUShFrH9ZmdZqejtZk3jB3-l781gRDAyP_qEQNf3c94UCtLhvqdR2lv9hki8PM
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D77E 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022040601&jk=1035443979159835&bg=!g4ClgMTNAAZAkm7qYJI7ACkAdvg8Wg08yEaIsFPnt1yFrJWoPU7viAwfuAXrYYOCobku3hMeAjfFZAIAAADKUgAAAANoAQcKAHBV0E-OIeSREkXjz8iL7a7JFXH3Z3xnJpf31nCVVdCjx6nBrep0LIaBETV-67r2Tl951WTLQ9rIeakj910ojd7C3j_MShCPCwvUZ1lgO4V_h5o0rVwTwTh8plQUWComqxnRkXWt-9wm4T5TW0FGNoSymQK50hk64jYjh98b3PANKB4yHBso05s7DM2-tn7yfXVXDP7yxcdMClhDMNrOKhUPmXMi910B9Nwj5HPnbbmdoQw1zwDG4JjWoz_gnoeuIyJVBiUL-cJEc3nyi-gYg9GSQmHZIv2JbSMFkbmLUek_9D3Ed3GiXmCS1xhrOnd3z4V1pf5kHGObOBuzoM6pF1Px-RzkgBIm4ocEseDnni6NUa4kyVb0e8UnPZHkRlMNZrnSjf20qbvFIdTFeUxsLKbgWvXSp0DNdrM_08cQl4fW6WE0wx0PG8iG1PslUUeEZfF7TS3bn0wsY1qfp_2QxTuvvHYaBFeWWj-3EamXOLx9s92Q5yqHZErdWbRIGpwNb2_9ipkOVVnPPxF5-14ZgeTkw3z80i7C-uRyYZ8bULiYs7mMFWcEoZZwG-ehvGgnaPbpNpDPZk1371LI6wwWM1vwkaYXzfMkI7y-R2q7eMnpmTnfaqkMIfr-NJPVycJhdPCg_n1VcXSe55-8ZTZCG7T3j1e3tWXVTsZkS1oHiVcN9O1cv1nu5Sb2J5oLpY4-0TjB4xh5Am6Ewf_PLJNik31o-gTdzILftUyliWGqEL3FfCIMOxTm4_ioYKezCVFv_DHC9is9Px9tqCwZr0kBWRjE-gKxBDEN_6jS_kcrrL6YFtE4p3YZ4oc6gYVP86i__Z4bNouyUQA5xeKHaZfga2egnlcrfsMvEkMm_PHnq48TAdebNLo7ZHem6cNEOukKOt2b6u1_05YUjO35AVZx0CNHmT4imhiwDFYEphoLiWvzZjBdgwqrMjuSh_xIPVAqUf8sNenk7zyNst5HZsiExWTXOjRsi-de1JVHaUvvv9fym7PFrhGjLYV06GC9xatPlOnEyTo_g1UqcEyZhoMWNFz0Vbh31Iq_WTAvwpbFg1R4Q7CPpHh9EPerGBAwtg

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 81E1 80 KB
21 KB 35ms
34ms Script
application/javascript 2600:9000:20e8:7e00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:7e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
content-encoding: gzip
age: 4766345
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 700e1fc650af7cfb451dbdb8d79d4106.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: TXL52-C1
content-type: application/javascript
x-amz-cf-id: UTLIQR0NZB7RG2OLMTx3JfoNeMjpN6o_wtX6PSMQB5LoIbD2O8yq1Q==

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame 91CA 43 B
216 B 28ms
28ms Image
image/gif 34.255.51.86
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=925175&adsafe_par&uId=u=tv2_pai~dc_imi~_dsp~_bid~&advId=9847203&campId=27401599&pubId=6067357&chanId=169315568&placementId=330934913&adsafe_url=https%3A%2F%2Fwww.cyberscoop.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.cyberscoop.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Ffc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Ffc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:e89845b5-fdc8-a46f-81e2-fdb3f7f731ac,c:9v5JBd,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-785cc8cc8c-bkf7m,rg:ie,pt:1-5-15,br:c,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:27,fm:t2IImmN+111%7C112%7C113%7C121%7C122%7C131%7C132%7C133%7C141*.925175%7C1411%7C1412%7C1413%7C142%7C15%7C16%7C17%7C18%7C19,idMap:141*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:34,oid:ce0a1867-b9c0-11ec-a9f8-aa3d48345a33,v:19.8.299,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.51.86 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-51-86.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:08 GMT
x-server-name: app04.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 91CA 43 B
301 B 96ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=7eea6233-62ea-5cfd-7d29-97415106f7e8&tv=%7Bc:9v5JBm,pingTime:-2.1,time:569,type:a,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:208%7D,%7Bpiv:0,vs:o,r:l,t:238%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:569,n:238,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:208,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B43~1,0~0%5D,as:%5B43~728.90%5D%7D%7D,%7Bsl:o,t:238,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B330~0%5D,as:%5B330~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t2IImej+111%7C112%7C113%7C121%7C122%7C123%7C131%7C132%7C133%7C141*.982525-62068897%7C14111%7C1412%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:141.e89845b5-fdc8-a46f-81e2-fdb3f7f731ac.12_925175%7C141*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:39,readyFired:true%7D&br=c
Requested by: Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:57:08 GMT
X-Server-Name: dt58.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 91CA 43 B
301 B 97ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=e89845b5-fdc8-a46f-81e2-fdb3f7f731ac&tv=%7Bc:9v5JBq,pingTime:-3,time:47,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:34%7D,%7Bpiv:0,vs:o,r:l,t:47%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:47,n:47,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B19~1,0~0%5D,as:%5B19~728.90%5D%7D%7D,%7Bsl:o,t:47,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B0~0%5D,as:%5B0~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:t2IImmN+111%7C112%7C113%7C121%7C122%7C131%7C132%7C133%7C141*.925175%7C1411%7C1412%7C1413%7C142%7C15%7C16%7C17%7C18%7C19,idMap:141*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:57:08 GMT
X-Server-Name: dt38.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 91CA 43 B
301 B 96ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=e89845b5-fdc8-a46f-81e2-fdb3f7f731ac&tv=%7Bc:9v5JBr,pingTime:-6,time:48,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:48,n:47,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B19~1,0~0%5D,as:%5B19~728.90%5D%7D%7D,%7Bsl:o,t:47,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:t2IImmN+111%7C112%7C113%7C121%7C122%7C131%7C132%7C133%7C141*.925175%7C1411%7C1412%7C1413%7C142%7C15%7C16%7C17%7C18%7C19,idMap:141*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&tpiLookup=ao:www.cyberscoop.com*%2Cwww.cyberscoop.com*&br=c
Requested by: Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:57:08 GMT
X-Server-Name: dt59.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 91CA 43 B
301 B 158ms
99ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=e89845b5-fdc8-a46f-81e2-fdb3f7f731ac&tv=%7Bc:9v5JBF,pingTime:-2,time:62,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1209,beZ:1210,mfA:1236,cmA:1236,inA:1236,inZ:1237,prA:1237,prZ:1241,si:1243,poA:1243,poZ:1251,cmZ:1251,mfZ:1251,loA:1257,loZ:1258,ltA:1271,ltZ:1271%7D%7D,sca:%7Bdfp:%7Bdf:3,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:34%7D,%7Bpiv:0,vs:o,r:l,t:47%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:62,n:47,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B19~1,0~0%5D,as:%5B19~728.90%5D%7D%7D,%7Bsl:o,t:47,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B15~0%5D,as:%5B15~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:t2IImej+111%7C112%7C113%7C121%7C122%7C131%7C132%7C133%7C141*.925175%7C1411%7C1412%7C1413%7C142%7C15%7C16%7C17%7C18%7C19,idMap:141.7eea6233-62ea-5cfd-7d29-97415106f7e8.18_982525-62068897%7C141*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:28,readyFired:true%7D&br=c
Requested by: Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:57:08 GMT
X-Server-Name: dt43.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 91CA 43 B
301 B 165ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=7eea6233-62ea-5cfd-7d29-97415106f7e8&tv=%7Bc:9v5JBO,pingTime:-10,time:597,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1649699828867%7C%7C2ee89ea54947906f66ba64dc38be72b1%7C%7Ceb4f03ab9dc867f6a5bdb2294b85db99%7C%7Cbdc223c34637a006afe9acacecc19dcc%7C%7C893638fe08ab800b6afa3da1db630090%7C%7C45f7a8f0b618f8669f8b80f0bb7e8621%7C%7C7ddf389d038b6205b04c337096aa9c4d%7C%7C4510e69decc2fb8edbf95ad2967563a1%7C%7C1629390669%7D
Requested by: Host: fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
URL: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:57:08 GMT
X-Server-Name: dt58.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E708 0
20 B 76ms
75ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022040601&jk=2128260776335679&bg=!FxSlFFDNAAZAkm7qYJI7ACkAdvg8Wsw7psnkpAw0KPKonzxLemncov2o4URFIpIT9jP-99c_lSSAkAIAAADwUgAAAAVoAQeZAsHa8iSGH9Z1XGhDaxKxsDz1dB3q4Gw54LByEPjn7XteafNu8zhvrvHabbABIlZECXDZdvWy_LlyLvsX2Q3g68TZd4upA2ImPNbosZEohh5jWJlknYrLHdYxX8iKB6y6eIxfAJfWP-6re9zb8QbRkOXYKOmA7sTVwH7esl0qjr5HTRZhT49qNlnPwGix8MEw_zr8o2R4JuZerrw2gJ5FrzH6RFzIQHthmp1pME_MHnfxJw7QQ3KV51RHVytYsoUEtD8G3Z3SgxnYbS2FvMvTllm-726YO6XBSueY5F9WyYlfpkloFZDSLpZeyUvoMuvMKt4fWPDpkBc50qQr0qcMfxFSHHfe9EXJoSzleE78Aq84LYQB1BWevtXctSVLWtQZF58Lbhpz1MaGpOQ_0fRq9rpwTybDm3nPbTSW--_3LPA7Z5IHuPCUgzsjVTEeEjoBaSpLBE_fy8EtUdHKj6wSK_58SZiiZOmdLJDBDOzyU4KKeV9vKFTbpLf17_eAJBrIoRy3ftkxpJDCu-vw6cvvQkyv5eBQ6FMEA2cJqJJx6Ce06ciGOEUOIhTkOqyXmxPImqCFTJVuVUIkT6ShfEZ6b2t5h8btSseRR-SkcWJtCWyit8icaxwHhsWKR6nzIJayszA27tR1fohf8jXNzTu9Xpvrzn3iPADv8QMFHdiy-VyNSSqlPybRaB1SA2an50R2F64IcpyPD_N_HGwkBNw13wLFvKrLPa9NEudmIRjzQG40aHdey02rMAN4zM9_R7raFBGSy05DGzmoNPKZeOfnsfPdbz9wVY8GkHwUP5AowUOEjWXF-aObOTR6bjk8-AySAawloST9XOfzrRdOHFKyDWkYlgf5uOw2VAF0QBx4g3N9NydR2Lp4U2oV9BKdh0WQyk0Sr_C-o7sWlGvglo_f0Uws2yNcVcVLQ7ua9F99EACYaLM

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6964 0
20 B 74ms
73ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022040601&jk=1170578067673967&bg=!IyClIGTNAAZAkm7qYJI7ACkAdvg8WrQBMbEMX4oNWnzHqutCeBoVZpQMlTR9drKNZ1sjHSMyPksnxAIAAADTUgAAAANoAQcKALqJ5SbxAkZmJ6_RUwO1uodk7GZMqKm5Dwd1AehNzvyB7127Tz2F9MXjmM8ZKeBRZ2MrZtGRd4o7LdajuKlQJ8BCAnmWdK_IIxsHnf58Ii-EmlXPSB510iJeJpNfuAgZJZKcTB5NUnb9vjU9IJYctw_smwxyGE9p-lkxlRp4lKwsSLMU59sV_krXVKFLCONN5UTqJeZ2irW2gqNeKauNHiFxQ_dlL6LSW-z-piYApAWHK23bY1iInkhCgcyZArtDP2ccOpifbCsru7Ly5VBLRJWKLfRnjM5lFcTsdo4HrHkbmTP9Mv8QTBVwvsdkDeNPo_Tojvx8xJnq2dndCETOW0xSryYGg91ED68fL5qWzO7hNDV-NBReR3l49DJ1l06YQqqPFdxWfef80oSLt8VHJyBeqcgM4gaOTwgFb6PBnNeMGG6ZxtgL8e-BKDokFxgMM7UbStv4_N5fZ5De2B3tWEZGPeIrqEzFJkAcgF09QcHZTwV8u5EZoHC7s8GH8zcWgif0G7iFeOfj0rknLFtgc0qSnKD5J-DoPY-QbR9gDGO0eRcDnQkojAQftl93a5DZtg2lt-hYjwPuQqXZJQPxlVlez3XP0yqjeV9yqkMZdDxIeb8GZzkHve4orbJ2RqhTISrLXiure0cIlz6amlVstd0pz03Kd8sUgYalKCb3qqsnykbsb-_GKcp8QbLkXkwsDT7Wo-dpcP1MHyfYj8zY-TRkejzIppDKjnITt4Eo2DcM9_WjzEf2HOgI-DoIWOI7mN8hky8cbb0tfHWPxzffCn3WzTFk5pxnPC0bUFzpOqG5nsfcS8ifqkJ1kDBNWoazALruUPun3TVVEXxM1gCr7Nd8Y__6slhJ5T-4nwRgM1fdX2YTJ9Csjg67oR-JAOBKR9oBJ8SNmaNOQ50EKXRAw-LUDBZwgdTdCMLBicS1TcCLwtDonZrdqfxP4PYpN-c71bfgpwhnHlnH7DqLH0mtv0WF7gAIyfKj1fqXdl0085Vqi4VN7uQoxUdDRy-izlwoZkHfRkVs4u3xC8vm5YBDVaHj31Kvg8bfjQnR3OomEbzkzYavT4YjsMxYfZhTmL6quwykL1RSHuBRsQRb7KvzoLVZ1khCojW-qi9GDeH5m_GR9da2ePeHnrySjPGqSv_l8qBUHqrbP63wdDPqvAOpDxEUEB4jtnZ_EP8

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 91CA 0
0 67ms
67ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvmYin05Jpr45dHETq-xtr82abgj9AntjnbnipmGVE-ILRGTKcj-9qNDGXF_4k0s6Zkd9IT3SDXEMG7PePq0mwCNea4km0WxEqM6xefdn3Zvs3H4tIW_ya41otVr2W55Z-Pp7zJOx_F-mDiFBi0tTUFiOVScZSGdTGcmPkr6d8GDpT8JBabOZbQKCZIs2fF7avqF1n5GFp91ifw9Fs0sHFWcZbPu_PAwPs2UHluIBBhMPYAy7uPuMIbhyk3ZZF_0SWc49NxSLS3e7sEEaTXaNe0Oo4irZmv2bMmY18W8XqGkZRZ9xhSEXvFDdtXMkopS-3QtXLDr1v6fsajrHrtIMu4XSs&sig=Cg0ArKJSzCjOQ6SktDnTEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:57:09 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 53ms
53ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022040701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b35bd34777df2bdd667149bee87df9ce92ac3df28c15f02ed8a8ebd48455291a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10632
x-xss-protection: 0

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
959 B 560ms
154ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=20762415-8082-48f0-b243-36443c93d852&fci=dd4ae57c-7154-40ea-861a-0c0672b0ba72&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1541009889&v=1.1&a=2153467&rcu=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&r=https%3A%2F%2Ft.co%2F&pu=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&t=Notorious+hacking+group+FIN7+adds+ransomware+to+its+repertoire+-+CyberScoop&cts=1649699829049&vi=e65b40838eef48940ffc453ec8bca1de&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:09 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: aeff7142-efe5-456a-8aac-cd81145ba325
cf-ray: 6fa59a5e187f9963-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qOZLHrB1ButasYBEcvSkRDSiie1tqHHKwFVfa9E4NRBX1%2BdVM4Qgtwp%2BEemVWxyZIm0KqGXUfxodD8CQlrP29WvUtIL9w8jcjjGm3Qu1qrp0b0ypt8UIfJSKpQZjXuoNiWsLUJCmaWsFgI8ix4Hf"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
557 B 565ms
160ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1541009889&v=1.1&a=2153467&rcu=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&r=https%3A%2F%2Ft.co%2F&pu=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&t=Notorious+hacking+group+FIN7+adds+ransomware+to+its+repertoire+-+CyberScoop&cts=1649699829050&vi=e65b40838eef48940ffc453ec8bca1de&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:09 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 40d1587d-f727-4701-9fff-8d8e6f116f34
cf-ray: 6fa59a5e18839963-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JrIXD0lcnw2QF2Bcv5vkXv5JKX4tW6Ex1yUnxnK%2F5W26FrZi1NrmMjOWB8iRqrLrOv3foMAVJHAgBCfcm%2FZsRnUkHyXnsHjqUXpf0yB04OsrtO3XN9zip3C9R5aRwmDPi18aBK%2BiLVrl2Tg0C%2FcA"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 91CA 43 B
301 B 96ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=e89845b5-fdc8-a46f-81e2-fdb3f7f731ac&tv=%7Bc:9v5JGm,pingTime:-10,time:353,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1649699829150%7C%7C3e8b1eb7ab36eadb174982b24d082710%7C%7Ceb4f03ab9dc867f6a5bdb2294b85db99%7C%7C8bf59963aa980e3bfb4b14ee634dd308%7C%7C9b5acb08cf1a17eeb119328b6d3325e2%7C%7C7c9cc2a68e4980d8a7afb7d9212c6664%7C%7C3409d380104ece7b901eb228ef4c815c%7C%7Ccf84f83e21981d2f667e3a0137c1124c%7C%7C1629390669%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:57:09 GMT
X-Server-Name: dt58.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:57:09 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 65D9 13 KB
5 KB 40ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1158
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:37:51 GMT
expires: Tue, 11 Apr 2023 17:37:51 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CFE7 783 B
534 B 49ms
48ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

043271bb5c6938e05f0e77d5a9f1fa4eaf527a382d80d8c54c3d67d242318202

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-z/c2vJklOgen+mYjkMRQ/g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-z/c2vJklOgen+mYjkMRQ/g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:57:09 GMT
expires: Mon, 11 Apr 2022 17:57:09 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js Show response
pagead2.googlesyndication.com/bg/ Frame 65D9 35 KB
13 KB 40ms
38ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f452a67982ee40951db3f91c960684568202756b3a36038528e1abb1a913f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 05:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44234
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13627
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 05:39:55 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CFE7 0
0 90ms
90ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022040701&jk=1635650226212206&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 caret_black.svg
s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/ Frame FC8B 194 B
201 B 89ms
88ms Image
image/svg+xml 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/caret_black.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94cdf2613888966d5f5a6d77e5d7a79c942e4bd967a1e722943cb7cfc13e32cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 175
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:36:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 17:57:09 GMT

GET
H3 200 caret_white.svg
s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/ Frame FC8B 212 B
213 B 82ms
81ms Image
image/svg+xml 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/caret_white.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a171d86ce8d77422d349876ddc6c6251e2ed82363edbaf51053f08875571b7cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 187
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:36:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 17:57:09 GMT

GET
H3 200 f1_img.jpg
s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/ Frame FC8B 45 KB
45 KB 43ms
42ms Image
image/jpeg 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/f1_img.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4db0a8d0e0ea3d55fc2d8aa8df997c405b12f33e460fae981c4c7c7148053f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 11:46:18 GMT
x-content-type-options: nosniff
age: 22251
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46397
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:36:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 11:46:18 GMT

GET
H3 200 f2_txt_mask.svg
s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/ Frame FC8B 6 KB
2 KB 93ms
92ms Image
image/svg+xml 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/f2_txt_mask.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f269388bc56973a210d9bc6b41d2c654f879bfe413fe437f8c8b90840f59b42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1992
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:36:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 17:57:09 GMT

GET
H3 200 logo_black.svg
s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/ Frame FC8B 1 KB
844 B 82ms
81ms Image
image/svg+xml 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/logo_black.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c0f78e1b272b7b832ef9e8fc4f6f4a5f0242d0308dbe2c0d52251e8ce705e15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 818
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:36:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 17:57:09 GMT

GET
H3 200 logo_white.svg
s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/ Frame FC8B 1 KB
754 B 82ms
82ms Image
image/svg+xml 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/logo_white.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e731c972ea7a2966a6cbb6c1fb9f7bd0b639c9c240c079e320136857743e9f5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 728
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:36:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 17:57:09 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 65D9 0
9 B 39ms
38ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?cGcBYw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 91CA 6 KB
3 KB 219ms
143ms Script
text/javascript 99.84.158.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=moxie_verizon01&pid=moxie01&cid=27401599&js=st_1&sz=728x90&c=te-a79f
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=moxie01&aid=moxie_verizon01&cid=27401599&js=st0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.158.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-158-127.txl52.r.cloudfront.net
Software: nginx /
Resource Hash: 5475e04f346412eb3b2d59a0f94e52f8cfa018622ca531fb35c44bb6016728e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:09 GMT
content-encoding: gzip
server: nginx
x-amz-cf-pop: TXL52-C1
vary: Accept-Encoding, Origin
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 d158c0069ebae5dc0d0401d105ee9c06.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 2214
x-amz-cf-id: FG_7CRdBr0tlS8lNds6EIyBqagOasj-lkd6dGrp5ctN4zdINPCC4aA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 91CA 38 KB
12 KB 124ms
48ms Script
text/javascript 99.84.158.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=moxie_verizon01&pid=moxie01&cid=27401599&js=st_2
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=moxie01&aid=moxie_verizon01&cid=27401599&js=st0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.158.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-158-127.txl52.r.cloudfront.net
Software: nginx /
Resource Hash: ce02a171fe79c0155c0e09b826d4e6542ab09be711d05cf4d75d569622a9d24c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 11:32:58 GMT
content-encoding: gzip
server: nginx
age: 23051
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 d158c0069ebae5dc0d0401d105ee9c06.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: TXL52-C1
x-amz-cf-id: C5xAnQJ5hZsm7B89zEJ3kZT1lb-U0nEMSf6HV8faOH41O-ALRMe1vg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame 91CA 43 B
395 B 244ms
169ms Image
image/gif 99.84.158.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=moxie_verizon01&pid=moxie01&cid=27401599&w=728&h=90&c=6381
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.158.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-158-127.txl52.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:09 GMT
via: 1.1 d158c0069ebae5dc0d0401d105ee9c06.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: TXL52-C1
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: NLb9jrlYMyM8r4wp69YEQpnK_6Uwbv5GjWP2JfVZUcilAF9E4GdHSg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 logo_white.svg
s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/ Frame FC8B 1 KB
754 B 40ms
40ms Image
image/svg+xml 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/logo_white.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e731c972ea7a2966a6cbb6c1fb9f7bd0b639c9c240c079e320136857743e9f5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 728
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:36:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 17:57:09 GMT

GET
H3 200 caret_white.svg
s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/ Frame FC8B 212 B
213 B 40ms
39ms Image
image/svg+xml 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/caret_white.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a171d86ce8d77422d349876ddc6c6251e2ed82363edbaf51053f08875571b7cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 187
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:36:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 17:57:09 GMT

GET
H3 200 logo_black.svg
s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/ Frame FC8B 1 KB
844 B 39ms
39ms Image
image/svg+xml 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/logo_black.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c0f78e1b272b7b832ef9e8fc4f6f4a5f0242d0308dbe2c0d52251e8ce705e15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 818
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:36:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 17:57:09 GMT

GET
H3 200 caret_black.svg
s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/ Frame FC8B 194 B
201 B 39ms
39ms Image
image/svg+xml 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/caret_black.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94cdf2613888966d5f5a6d77e5d7a79c942e4bd967a1e722943cb7cfc13e32cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9847203/1649205402345/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2/CS~728x90_SC~PSMS%20Thought%20Leadership_CU~PS_LG~ENG_CM~FED_CV~AWA_OT~No%20Price%20Point_FM~BAN_FF~V2.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:57:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 175
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:36:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 17:57:09 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 5E90 287 B
627 B 31ms
31ms Image
image/png 99.84.158.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.158.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-158-127.txl52.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Mar 2022 06:28:21 GMT
via: 1.1 d158c0069ebae5dc0d0401d105ee9c06.cloudfront.net (CloudFront)
server: nginx
age: 2028529
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: TXL52-C1
timing-allow-origin: *
content-length: 287
x-amz-cf-id: ii_DizlfABuA3WRBu-BeEOLqqV8XXAF6Ngyi-T5M1VMDs98ALCpUQQ==
expires: Mon, 18 Apr 2022 06:28:20 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 5E90 739 B
1 KB 32ms
32ms Image
image/png 99.84.158.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-full-tr.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.158.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-158-127.txl52.r.cloudfront.net
Software: nginx /
Resource Hash: 093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: public
date: Sun, 13 Mar 2022 13:36:21 GMT
via: 1.1 d158c0069ebae5dc0d0401d105ee9c06.cloudfront.net (CloudFront)
server: nginx
age: 2521249
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: TXL52-C1
timing-allow-origin: *
content-length: 739
x-amz-cf-id: RaATPEmr7H3jweqLq7AMromiAdVE8czt0FNV6Mizkibxk4EzGjcgEg==
expires: Tue, 12 Apr 2022 13:36:20 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022040701&jk=1635650226212206&bg=!JSalJmLNAAZAkm7qYJI7ACkAdvg8WgCwPS3mz1AEfOzYMsgytaz_x_u0jmBbU6SgrBkl3csRnQD9WQIAAABhUgAAAAJoAQeZArJCKabQVLa_q9za8tLXKPB9RB5xHqehBGlC8UeyDNasYuelVG5wEBRNoVqaXINKEHZgB5M2KUuStSyEsGm7ulqwYfDDtHZDqtMbOhCB343kHDoT8nl3iBi4895ykfeINusu-9z_tsAejVP65ZsTxRPKT3MnwjTCvErU5heK3qunMO4I5NGGH5guEjIJ22y8eeJV1Zgtk2qFK-plZ5Mlig22ozAqYR4mheDSRrlZtLxMssu3wjrzoLAF0e_I4cjC3uoIZcy0sAmFZ6DQcLp4o3VtSYFD0a8EJBLbJc5gPc4PfCUhR8m8T8GKLpdjoMMuBc6xX_plup_L8dd9FzeWqmg2De2p5Fiv2geyH8Zk1YPnc7shS--jdmAwx_aLJsosqGlAjcw72LqCiHO2RTowqC5kUyUw67X3fTnc7-NX-5vXgdyWoVBTnOo2PkLq2zgoSwHhD6HBrHVmWyyLVksyMkQVQ-hlDyAKg-ofDAx2lu1ajvfednkNAR50c4wm2XTlc58u9KjuGuYXP78BWdU0M4Vp8H8qVilC0Q3ELPPfoP9BP_usbmGc51GEI1Jw1nb-zPm1rOLv_yK1ptjY_E2b-VxnRczV5qVI6OePJGjbO2O0DkSsI4t4IyRRoNtGDXYxJzIGNsW1s1GX-TP0EFIT5P1nYUvOBmhbjMmDkJklvk7UDHPsO9BKWvCGjxqERMvVAbmQcfCcHbHhQnVPuTLgkf4ygH7WJvqtZjbkzB6aZCC1wveg5HmfNEuyexDdMKQeA_o8FV62TDM8ebSU_YRrwAIR_VocDXWk-3-V0BdGZX81P2YcB7xFVO70qzvvA7FhRF936C63RKPABbJ5c3oISdKeZN2W2LpFu0810wEDr1Q6Uigtf6cRAQchAmulJFEvOMBsNNOWkBewanqn0FraM6Nk67g

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:57:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 unip Show response
trc-events.taboola.com/1035174/log/3/ 0
248 B 15ms
14ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1035174/log/3/unip?en=pre_d_eng_tb&tos=4600&scd=31&ssd=1&est=1649699826591&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1649699831193&mrir=u&vi=1649699826589&ref=https%3A%2F%2Ft.co%2F&cv=20220410-1-RELEASE&item-url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/fedscoop-sc/tfa.js?ver=5.9.3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: https://www.cyberscoop.com
pragma: no-cache
date: Mon, 11 Apr 2022 17:57:11 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

Verdicts & Comments Add Verdict or Comment

139 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-20 11:45:14	Name: muc Value: 25aefdcb-c597-438f-8b69-de9ee34e5676
www.cyberscoop.com/	1970-01-20 02:15:01	Name: ppwp_wp_session Value: 782d32d802dd93b5a847ba7cf9ddc03a%7C%7C1649701361%7C%7C1649701001
www.cyberscoop.com/	1970-01-20 02:16:26	Name: sng_interstitial Value: true
.cyberscoop.com/	1970-01-21 22:02:59	Name: tk_ai Value: Jmdff9HpqkNjUQgYFC8Xak2l
.cyberscoop.com/	1970-01-20 19:46:11	Name: _ga Value: GA1.2.1355176345.1649699827
.cyberscoop.com/	1970-01-20 02:16:26	Name: _gid Value: GA1.2.1081241638.1649699827
.cyberscoop.com/	1970-01-20 02:14:59	Name: _gat_UA-80491860-1 Value: 1
.t.co/	1970-01-20 19:46:11	Name: muc_ads Value: 3b04b922-e6c9-4f3b-876b-7f6997251c7f
.cyberscoop.com/	1970-01-20 04:24:35	Name: _fbp Value: fb.1.1649699827099.1564593980
.linkedin.com/	1970-01-20 02:58:11	Name: UserMatchHistory Value: AQJ8yTRbrUefhgAAAYAZxa1wVoXoCu4OgrNULtDpjytuTZLTvTx2Kq8lFf8wMz8aNuBVr8MA3dq2PQ
.linkedin.com/	1970-01-20 02:58:11	Name: AnalyticsSyncHistory Value: AQJ_-mW0rJuEmAAAAYAZxa1wXCcxXGddLsVZkFHNh5XEUvj86L-CojMpx2sxt8COFTU6cbwahe6oXEYM1eiGlw
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 19:46:53	Name: bcookie Value: "v=2&636abe60-d864-4d65-89a0-f04ca0bf3884"
.linkedin.com/	1970-01-20 02:16:26	Name: lidc Value: "b=VGST04:s=V:r=V:a=V:p=V:g=2598:u=1:x=1:i=1649699827:t=1649786227:v=2:sig=AQFWAAcRVzQwlgCtce4pMVwlq3kubN9i"
.twitter.com/	1970-01-20 19:46:11	Name: personalization_id Value: "v1_oYbX7+eC0TAJUzIJKoDaqQ=="
.doubleclick.net/	1970-01-20 11:36:35	Name: IDE Value: AHWqTUlHJW9BQdpzrdsf22uT4PDLTVUbTy4b5_z3K85wCdyAKG_zvKCOcZaByf8cWIU
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 19:46:53	Name: bscookie Value: "v=1&202204111757076bd2fbdf-9bc9-477e-8256-f1796e6cca92AQFYf0xT7UbqazIUXZCdYWj9zPrBK6VA"
.linkedin.com/	1970-01-20 19:40:35	Name: li_gc Value: MTswOzE2NDk2OTk4Mjc7MjswMjFy6eauxNFEqlkljm1Duvlj0ST3ma4YN7S7+jPIJ+NQCA==
.cyberscoop.com/	1970-01-20 11:36:35	Name: __gads Value: ID=e11af6816a2d6b47:T=1649699826:S=ALNI_Maj-f3mWDlSOugg-l_VEEePP6lt5g
.demdex.net/	1970-01-20 06:34:11	Name: demdex Value: 05727991181766339850573868838245490647
.verizon.demdex.net/	1970-01-20 06:34:11	Name: verizon Value: 05727991181766339850573868838245490647
.cyberscoop.com/	1970-01-20 06:34:11	Name: __hstc Value: 143679850.e65b40838eef48940ffc453ec8bca1de.1649699829045.1649699829045.1649699829045.1
.cyberscoop.com/	1970-01-20 06:34:11	Name: hubspotutk Value: e65b40838eef48940ffc453ec8bca1de
.cyberscoop.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cyberscoop.com/	1970-01-20 02:15:01	Name: __hssc Value: 143679850.1.1649699829045
.hubspot.com/	1970-01-20 02:15:01	Name: __cf_bm Value: 0zUaSKnpJwtHz74CgpObeboOodPoGUTwrh35Qw_J.wg-1649699829-0-AXkhMzzQSHg1RquCx+o8dy7MvYiCQ1fQICI1+s2CWr7kBWzzYRyem+Sll1BKqUpSw/vaRr/1Pu+EdzKic6F65to=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.cyberscoop.com/wp-content/themes/cyberscoop/js/ads.js Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

609276d1eeba0ce441bcca168b54f909.safeframe.googlesyndication.com
8a9dfb0f2a0fc5349577f67c14a4264d.safeframe.googlesyndication.com
919587ec7067bac034576aed656b7bb5.safeframe.googlesyndication.com
ad.doubleclick.net
adservice.google.com
adservice.google.de
analytics.twitter.com
cdn.taboola.com
cdnjs.cloudflare.com
choices.trustarc.com
choices.truste.com
connect.facebook.net
dt.adsafeprotected.com
e5f7949e794df49880be7af97a867473.safeframe.googlesyndication.com
fc013957c3fe664ac1c4ea5400f2ee92.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
fw.adsafeprotected.com
googleads4.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsforms.net
pagead2.googlesyndication.com
pixel.adsafeprotected.com
pixel.wp.com
public-api.wordpress.com
px.ads.linkedin.com
px4.ads.linkedin.com
s0.2mdn.net
s3.amazonaws.com
securepubads.g.doubleclick.net
snap.licdn.com
static.addtoany.com
static.ads-twitter.com
static.adsafeprotected.com
stats.g.doubleclick.net
stats.wp.com
t.co
tpc.googlesyndication.com
track.hubspot.com
trc-events.taboola.com
verizon.demdex.net
www.cyberscoop.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
104.244.36.20
104.244.42.131
104.244.42.133
13.107.42.14
141.226.228.48
142.250.184.226
142.250.185.66
142.250.186.102
151.101.1.44
192.0.76.3
192.0.78.23
199.232.136.157
2600:9000:20e8:7e00:8:48e:53c0:93a1
2606:4700:10::6816:47c5
2606:4700::6810:5605
2606:4700::6811:180e
2606:4700::6811:47b0
2606:4700::6811:b849
2606:4700::6811:d5cc
2606:4700::6812:14bf
2606:4700::6813:9b53
2620:1ec:21::14
2a00:1450:4001:800::2002
2a00:1450:4001:808::2002
2a00:1450:4001:809::2008
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:813::200a
2a00:1450:4001:827::2003
2a00:1450:4001:828::2001
2a00:1450:4001:828::2004
2a00:1450:4001:829::200e
2a00:1450:4001:82f::2006
2a00:1450:4001:830::2001
2a00:1450:4001:830::2002
2a00:1450:400c:c08::9c
2a02:26f0:3500:7::17d8:4dcb
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
34.255.51.86
52.212.211.89
52.216.178.149
65.9.96.20
65.9.96.26
99.84.158.127
001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343
037c543a8819c3f8c8f9b08a89fb356df7829d6b94b7fb1d71e01b44783214b9
043271bb5c6938e05f0e77d5a9f1fa4eaf527a382d80d8c54c3d67d242318202
05a7c7b8afab781586d1052479ccb01ed38a11d57f8a79e1e44fdfc9f2f69ce1
061473d06c676e692148c9e53870122e472f133abc759c56e871a162e79b9376
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e
0b6a75c8a008114b5b09931e2e66fbe56e85f0043d653393dac6e38b91b3bded
0b9d57be73aa8f7f41bee396a02038d1e5433481622916854268481040e2c63b
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0d281aa7b07dfcb1bc05e2cdd051aa34fb915616590b834374148a1768ce3440
0dc300d228c68e87716d8f0cf9d178b7e7418b4433ef51c96d2dbc2f60a59274
0f692d9e90592480cf72b587de172ab8e5aaba41d6ad256b0988162ef5e4c6c4
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13cec7b80effcf5f705c615043d81274bebf1e9af6ea8fc711cfc95a2e136e1b
14c742642de9c8f39467c54a34b08f124d3eb6ae49356d9b9f8a158424e77192
199f06cd782a418c46a902ddd2f54e30795a6d6a0f9f782107f8787121d4536c
1a2814888079619c511d69af17514a0c7bb4f942be94784bcbf85f68fcea6f7f
1c0f78e1b272b7b832ef9e8fc4f6f4a5f0242d0308dbe2c0d52251e8ce705e15
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
2448c013f4c29878b245f3fc4d33aa25fb8b074edc10aaf09c717628f9d9d45b
2521694437d8a950eebbb438b81744a054a28465e77c3dea25a39794da581b45
2638a882dca5470d5eadc82adf87a1b69f287969a5ab177e5dabb74ef942c601
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
3046ab26982b61a2fc0f0fae7ed7f416e9113f924db911efa97b5b80ae16726d
3097429612cadf41c8c2f08d5cbe3bce1a77aaf73296e1217ad3b29949d6deb4
314f9e672636d983dd21e14a13a60f6e32563fdf9a52cda18195ccf9ffe2d694
34b8701fdcbd5b7f4b776178cf1c52b3754f60027bf85af5a8573c3208f77890
39255065d04420da4614211fbaf9177d28831d4a0b0188b78b3f515c5ea91bad
3b2db5b0287e3abf120c48540d6b9b3ae50c415860d42b4562a63041c6524730
3c32ceb102dacdd3a46ac2ab3a26bac6c6c9a60e5318a73e36629eb9fff854dd
3c5dae73bfdca848d14aa5cb8bc364b479e92c469f78a7234eb521501b53ec70
3d5c432ac1f87c116b88388348b78c08278195f455202173393b9c0576bfb6ad
40905beca0f8b5ff867fa2f103e951dd2416853df1e8f7d7453a74708d779277
4099e0cd6f40487882463e86d178e9a8eabcc1c3d1af59bd25072c73498170a1
430f885750bdec47578f2b28d237418d02cddbf35587dac07cffc480506dbedd
4a354f3d28b56276cc1c16d970f65ddb3ecec48cb1b79a1a32e0e3929e584607
4b8dd50e462d914dd8609e8a566ce6bce0ab94088a4bf958b57c4cdb6ab54868
4be6258bf1ecf7fc9af2fd62a01c10ebc029b3973932838a7b32d51e395ba519
4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080
4d8d48a3f00d424f5083a310bcfbcc1ad35d02e02793a9f459e9938879d8a675
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4eba10304f45a9ca7d6b3b882e564a5dd00d3900dc515fbe6137765ed0fb45a3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5144138fd70f1ac31532abc43b12dda241d5efd980098a378dcd2ba44c261d9b
51aa1f55f3d344d82ece24055a31012cf77d10cc4a2f9307f5dea293118d40f1
51c40fb52547a14a895a2425e94a53886ced172e90c70d5418890fb67517701b
51e841ae906f8d9003aa8487c11792ceceaac3259e068c2cadceabfe7ede15b9
5267c83142a006e9d40e005c4c8c1f7a1b4fcba921decb6beb80bebffb2cb18d
5475e04f346412eb3b2d59a0f94e52f8cfa018622ca531fb35c44bb6016728e4
54a939394825575b171c8150a8da84dc9684f6a722835ffbfab7ab132032cec5
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55de2f543e24f0c3655be2f344491b2e73ae61350f58a2bb9ebf4ad1326e8fba
5c701ab2009c0c01911be3dbb373cea9edd337b25e43cd2a917caf28486ff83c
5d0bcf86bdafd80020b30534c6f961807989c12f56226dc0dadcb7785f619393
5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c
600173740f15cb74dc62a3a8bc4588546fad4cd6854b175983c11aee21b9680d
602560270f30813536069d6a3a7608e497c6c7c1e6c99b3e51fe8f8300973615
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
620ee15cf6b9d1178f05cd6a362ccb48f1d6e05180dad241700488bb33e68cab
62ef6ff7641456aa2d94443dff7578d154236f12dcbb2e3dea4e519b0153a468
63e0f1d4d244fa557ae96c648168b0620a4f5ad3dbb653fc979a1b3ea0000699
6b4db0a8d0e0ea3d55fc2d8aa8df997c405b12f33e460fae981c4c7c7148053f
6da910cac661707f7fff5c164ebd92424bcdd4a4f6117be5f562b683796ff768
7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3
742d2f7f43e3eb8c7e5a12f24afcd4dcc03e11a31223060eb03d95b91ec07cc7
7709fc29d41f4362ad6f8e064e3cfdd83b2c94a2edafe586a816fe94a8a3aee9
7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f
7f134de2e6859c8b9a8acb3f07c54f04c9fbe04c3381e137d85e2f0cb08a526b
821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
83284ba72baf6ba2d179eb63d4b2b3c42ca408dfacf8a63ee15d05131828621a
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86a676d25a23c478b5064a3f6d9275179f67de2bbebe1bfa842719f73658650a
8855884e825acc57217741b04fa22e8385b95ebd7337ea14ce0465c1bf5eb017
88f1e898bf2bd32d5e8f01a28152a2b04f022ea09a939d6aff8c337b25a42c5e
8a90f9c307d889844f7286c11a9e8596c9a41b2e91123ab49cca0fbaa4b48dc7
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8f269388bc56973a210d9bc6b41d2c654f879bfe413fe437f8c8b90840f59b42
8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668
9146f6ec02b7c1db65d152424e1d5e5f3a5d7d6ca91d1282a7e678150683876f
91a964487ecdaf0bf35faf0abd1b59ecc875f724b761c38046309f47b58d37da
932fb1ec913f2d1071db9656b9bc7e8c4fc150d7d8b48d8b4b66c3d82a2e020e
942e44b1cef3a0678c306625f42ea1cd180d9ee9fbe443ed98fc1076c07493a5
94cdf2613888966d5f5a6d77e5d7a79c942e4bd967a1e722943cb7cfc13e32cb
96b8a4481da526ff5a1a77c312a2aa83df0d0821e90dc91ccfad3fa53526a163
9844330a3273f6a42cfe1be928eda78257f6e0dae91b5b0d9d6d4594caee1b63
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9e9ce5f71d5199340f9f109561dc1a65bcbba9d4d1ac51546e04ae69f2695784
9fc929f9d307cf53bea691c3794c5ee2874ff5e1d2c7d308d71120ae3aa8c788
a060aca1def4e45da8730e2c6052fb1efbe9b1bdd305c14ea86c8c5152ebd593
a171d86ce8d77422d349876ddc6c6251e2ed82363edbaf51053f08875571b7cf
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6f4655713c233eb9a640f19bcdbf5c96c35f7c6db6f0eb5ac5e9e63ac847b4c
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a79363f0bf9c3752bb3c339d84e951de983be806af2ed5b9d618ff0b46f95559
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b35bd34777df2bdd667149bee87df9ce92ac3df28c15f02ed8a8ebd48455291a
b534f367f11c24f3709e27fdb539f308475d495eaafed8f7681a5c96dfacc537
b8a139b98f6ecab8ac64f9f3efeaf20dcf249d2ea7a8107ecf542773dafbf43c
bb6a7f39d0982d1605492df9ffaa28989d1829fdf91037053e4af527ae5ed797
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
c0758721ba3b41bf0236a10348f8ad1ceb3336894bfbaca0b9d77fb366b585c1
c443762880d9d8b4faabb5d63205228757c7e6c9eeaaa404ac801f3046e80589
c8c35e0f00ccdca409b0b7340bb4c008649529b40a786a51e6d732cbf4f845e1
c8f452a67982ee40951db3f91c960684568202756b3a36038528e1abb1a913f5
c92d7a688062444ef6aafdd178387a6274b7024ddebed48bc26d9ce58ff289b7
ca2e99ffb3730e887ee7389e499993e912e5e47ec6f28c991a692cd78746edf5
cc50444045f7083d7354e874d8337cb1ab047d99cbc170cae834e4cca203396e
ccd21ebd19b259d979d4ddf5af0751f6fae149746ae2e7a164beec2a600682be
ce02a171fe79c0155c0e09b826d4e6542ab09be711d05cf4d75d569622a9d24c
ce18c6b177e998a5bcbe6798b4ce658a34e07ee5faf88feea058221e1430ea4c
d30b2cb5c48b25a71600ddd028db634774dbf8bb833a69003237704f626912be
d5d4228a3e80d57bcf6ee1f6080fbc4c65dba96e81d2364535fa49e3d27e9131
d6445d7a40af4beb89730cfddd9504c219af1cd71a4d07fb70e869e8eb80e752
db236586fe21257e3d9b959bdeb2e6883f01a09718c3ab73728e21f7a96c5ba0
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
deafbabde299246dad329a0f8ce7ec682ef8a1de7926811e7a2db9a27b745a24
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e39d8d1a1f8935d9609168b378a0caf1697fff05bfb0ade214447b65071f1f3b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e448366ba538d2d65714f62ae1af89f2f5dd3ccc64af549bb3a84d9cea541dcb
e55b5cba1f8e7604687c4f99ab7b1c3bf971ab991ec0fae83fb221b98daf07c4
e5a7439738e33f6ba4f019f53528b4f721a4d7fbeee9f0c298d3e035484dcea1
e731c972ea7a2966a6cbb6c1fb9f7bd0b639c9c240c079e320136857743e9f5c
e8aa641f970d7f8010d991990de0cac0ed2f8136c931b5a14cbe8607c6c7fb9a
ea03bd5d723c75f6d0a9419d4f9651afd78ea2a4abfcee7f926cbde0681a2671
ea7c3c1fb429c64a75b15bc3d82e99987c40229c3275a5d0c37deb6143e4cf6f
ec7c4c90e31092c6253cddb718655a1e3ac5f4f83425b1e16d54b25ff80f263f
ed819150a1d1825f54d8fcccc7fd9abfd1151aac3bf16a2bc91f4fc4d6b375b0
ee6140f9565f77214963898baa998952e8ce494985b5468bdbf8dbaf3270ed1d
eecc78f834649472672438efb8854e77ac8571a4c901d3c102a2554c3059ba7d
ef06bc5e3cc158037771e3ed0d13f75694ffe052cc8b442e02082e85cf85aec2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1
f24c0a67e6e9c53f9411dbcf7ccc93975ec1781e7d511d0bf1a1d92454c184e1
f2ede6e484d21f1c3c0f255c66fad1617575d290d010b6aa279cece2197b7698
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f7455f57e11eefec8bb0f154d17b7227c1075111c0914647d8a4f7a8c97a938d
fe1bd3df8f20fe537d1ad985ecd7b169c10e1d0e2cc0860bc4b4c326d152420f
fe9df7af9647a824fe66cae1f452ecb318d9f9ad3b2e09ef0623f0c6af50a0ed
ffb96565e94d1ebfaf4ce0df3d294a3aab2a72f131ad0bc778dc0840bc2269a9

www.cyberscoop.com Open in urlscan Pro 65.9.96.26 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

251 Requests

99 %HTTPS

60 %IPv6

34 Domains

52 Subdomains

45 IPs

5 Countries

3242 kBTransfer

8329 kBSize

27 Cookies

18 Outgoing links

Page URL History

Redirected requests

251 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cyberscoop.com Open in urlscan Pro
65.9.96.26 Public Scan

Screenshot
Live screenshot

Full Image

251
Requests

99 %
HTTPS

60 %
IPv6

34
Domains

52
Subdomains

45
IPs

5
Countries

3242 kB
Transfer

8329 kB
Size

27
Cookies

251 HTTP transactions
7 data transactions