winbuzzer.com Open in urlscan Pro
2606:4700:3036::6815:2180 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Submission: On August 28 via api (August 28th 2021, 5:33:14 am UTC) from GB

Summary HTTP 124 Redirects Links 26 Behaviour Indicators

Summary

This website contacted 16 IPs in 2 countries across 13 domains to perform 124 HTTP transactions. The main IP is 2606:4700:3036::6815:2180, located in United States and belongs to CLOUDFLARENET, US. The main domain is winbuzzer.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 15th 2021. Valid for: a year.

This is the only time winbuzzer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	2606:4700:303... 2606:4700:3036::6815:2180	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
12	2600:9000:21f... 2600:9000:21f3:ba00:c:def5:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
18	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	18.196.53.208 18.196.53.208	16509 (AMAZON-02) (AMAZON-02)
27	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	89.187.169.47 89.187.169.47	60068 (CDN77 ^_^) (CDN77 ^_^)
1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
30	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
6 7	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
2	85.14.248.91 85.14.248.91	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
124	16

3 2606:4700:3036::6815:2180 (United States)

ASN13335 (CLOUDFLARENET, US)

winbuzzer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:9000:21f3:ba00:c:def5:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-chilj.nitrocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.196.53.208 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-53-208.eu-central-1.compute.amazonaws.com

winbuzzer.matomo.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 89.187.169.47 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-47.cdn77.com

to.getnitropack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 6 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.14.248.91 (Bottrop, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	699 KB
26	doubleclick.net googleads.g.doubleclick.net	164 KB
18	gstatic.com fonts.gstatic.com www.gstatic.com	225 KB
12	nitrocdn.com cdn-chilj.nitrocdn.com	166 KB
9	google.com 6 redirects adservice.google.com www.google.com	2 KB
7	googletagservices.com www.googletagservices.com	249 KB
3	winbuzzer.com winbuzzer.com	60 KB
2	exactag.com m.exactag.com	2 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	google.de adservice.google.de	975 B
2	getnitropack.com to.getnitropack.com	935 B
1	googleadservices.com partner.googleadservices.com	659 B
1	matomo.cloud winbuzzer.matomo.cloud
124	13

	Domain	Requested by
30	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
26	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
16	fonts.gstatic.com	winbuzzer.com cdn-chilj.nitrocdn.com fonts.googleapis.com
14	pagead2.googlesyndication.com	winbuzzer.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
12	cdn-chilj.nitrocdn.com	winbuzzer.com cdn-chilj.nitrocdn.com
7	www.google.com	6 redirects tpc.googlesyndication.com
7	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
3	winbuzzer.com	winbuzzer.com
2	m.exactag.com	googleads.g.doubleclick.net
2	www.gstatic.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	to.getnitropack.com	winbuzzer.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	winbuzzer.matomo.cloud	winbuzzer.com
124	16

This site contains links to these domains. Also see Links.

Domain
facebook.com
linkedin.com
pinterest.com
twitter.com
youtube.com
www.winbuzzer.com
www.facebook.com
api.whatsapp.com
symantec-enterprise-blogs.security.com
msrc.microsoft.com
us-cert.cisa.gov
techcommunity.microsoft.com
uk.linkedin.com
plus.google.com
www.slideshare.net

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-15` - `2022-06-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
nitrocdn.com Amazon	`2021-05-07` - `2022-06-05`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.matomo.cloud R3	`2021-08-10` - `2021-11-08`	3 months	crt.sh
*.getnitropack.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-15` - `2022-01-14`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2020-01-22` - `2022-04-21`	2 years	crt.sh

This page contains 23 frames:

Primary Page: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Frame ID: 71E7DDE0CC795479CF24E2186A4B4353
Requests: 52 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210819/r20190131/zrt_lookup.html
Frame ID: D99EF6E92D9765F8B89B7EAE1F0BD01D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=60&slotname=3001851796&adk=392949917&adf=489807014&pi=t.ma~as.3001851796&w=468&lmt=1630128778&psa=0&format=468x60&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778247&bpp=14&bdt=479&idt=131&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=7932359310696&frm=20&pv=2&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=380&ady=469&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=WRI8Jkh4Hl&p=https%3A//winbuzzer.com&dtd=175
Frame ID: 9E17365AFCA52E69D46A39BDE935B29B
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&adk=1812271804&adf=3025194257&lmt=1630128778&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778262&bpp=2&bdt=494&idt=187&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=192
Frame ID: 12D3BB3EE0170B5113D1B37975F2E80E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=2917897793&adk=4252198442&adf=2999737270&pi=t.ma~as.2917897793&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778264&bpp=2&bdt=496&idt=194&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=1021&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=kbF4yhlS3Q&p=https%3A//winbuzzer.com&dtd=197
Frame ID: D5F2111793C9D286C78A5CFDDC875605
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=3576566866&adk=2385268302&adf=4266887281&pi=t.ma~as.3576566866&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778267&bpp=1&bdt=499&idt=229&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=2568&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=HpjuqnbmiK&p=https%3A//winbuzzer.com&dtd=236
Frame ID: 79DFD74296C672BE87A173627268389F
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=7325153160&adk=3559216694&adf=513266793&pi=t.ma~as.7325153160&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778269&bpp=1&bdt=501&idt=252&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=445&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=XMViNeuuRx&p=https%3A//winbuzzer.com&dtd=259
Frame ID: EF89730B014FAB40485B774A3DEA8FD0
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=3004685994&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778270&bpp=1&bdt=502&idt=267&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=1218&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=02iSHfsShH&p=https%3A//winbuzzer.com&dtd=270
Frame ID: 0F22D8941126561EF4D9AF8EA2F3EF52
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311
Frame ID: 13096A7021A276870708FC937EF31689
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 63390122ABE543C7A8EA9BBB22F0DC8D
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 756B5906C5FEB7FFDAD7D0B180A3FD9B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: B38E42AD783A41C657F60EF949615FD1
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 23DB49C367D6BBE5AAD51EA6F3B56E97
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js
Frame ID: 84E7F80A62E10DA411B66A47AFD2FD2E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 2929080A01BEB315156E48990CDDC833
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: CDB9B23C1BAE39A866D17D154DC701AB
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js
Frame ID: 9534A0B78414C18323517947F6AC8F87
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 906FDCDD2B612EEAEF70FF979875838E
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js
Frame ID: 5ACD9C58AE8F99C9E5B06F35CD498810
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js
Frame ID: 1C212F4385FA67B3BAC2F04011C48306
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js
Frame ID: 6ADC6176E1124026278D0D9063D945C4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: B31F166CC42715AE2CE7E5F91F19D783
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js
Frame ID: DAD2528897E0AA587F50A8B75468EC65
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Microsoft Exchange Server LockFile Ransomware Targets Windows Domains - WinBuzzer

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

124
Requests

99 %
HTTPS

73 %
IPv6

13
Domains

16
Subdomains

16
IPs

2
Countries

1572 kB
Transfer

4206 kB
Size

1
Cookies

26 Outgoing links

These are links going to different origins than the main page.

URL: https://facebook.com/winbuzzer
Title:

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/winbuzzer.com
Title:

Search URL Search Domain Scan URL

URL: https://pinterest.com/winbuzzer/
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/WBuzzer
Title:

Search URL Search Domain Scan URL

URL: https://youtube.com/channel/UCTT8UNFgfC4lnVDgF-vxC5Q
Title:

Search URL Search Domain Scan URL

URL: https://www.winbuzzer.com/tag/windows-10/
Title: Windows 10

Search URL Search Domain Scan URL

URL: https://www.winbuzzer.com/tag/windows-11/
Title: Windows 11

Search URL Search Domain Scan URL

URL: https://www.winbuzzer.com/tag/microsoft-office/
Title: Office

Search URL Search Domain Scan URL

URL: https://www.winbuzzer.com/tag/microsoft-azure/
Title: Azure

Search URL Search Domain Scan URL

URL: https://www.winbuzzer.com/tag/xbox/
Title: Xbox

Search URL Search Domain Scan URL

URL: https://www.winbuzzer.com/tag/hololens/
Title: HoloLens

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Microsoft+Exchange+Server+LockFile+Ransomware+Targets+Windows+Domains&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&via=wbuzzer
Title: Twitter

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/&media=https://winbuzzer.com/wp-content/uploads/2020/10/Cyber-Security-Lock-Pixabay.jpg&description=A%20new%20Microsoft%20Exchange%20Server%20exploit%20places%20the%20LockFile%20ransomware%20on%20a%20network,%20sparking%20new%20security%20concerns.
Title: Pinterest

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=Microsoft+Exchange+Server+LockFile+Ransomware+Targets+Windows+Domains%20%0A%0A%20https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Title: WhatsApp

Search URL Search Domain Scan URL

URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockfile-ransomware-new-petitpotam-windows
Title: found by Symantec

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
Title: CVE-2021-34473

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523
Title: CVE-2021-34523

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207
Title: CVE-2021-31207

Search URL Search Domain Scan URL

URL: https://us-cert.cisa.gov/ncas/current-activity/2021/05/11/microsoft-releases-may-2021-security-updates
Title: Microsoft’s Security Update from May 2021

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2021-exchange-server-security-updates/ba-p/2254617
Title: a new update of security patches

Search URL Search Domain Scan URL

URL: https://uk.linkedin.com/in/lukejonescalm
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/wbuzzer

Search URL Search Domain Scan URL

URL: https://plus.google.com/+Winbuzzer

Search URL Search Domain Scan URL

URL: https://pinterest.com/winbuzzer

Search URL Search Domain Scan URL

URL: http://www.slideshare.net/winbuzzer

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 112

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 126

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 128

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 129

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 134

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

124 HTTP transactions
16 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/ 261 KB
52 KB 101ms
76ms Document
text/html 2606:4700:3036::6815:2180
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:2180 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.2.23

Resource Hash

445cf651d8eb140a3e1967ce822ff05eeecb9cd7bfdce78e6f4eef6f18479a6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: winbuzzer.com
:scheme: https
:path: /2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:57 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.2.23
accept-ch: Sec-CH-UA-Mobile
cache-control: no-cache
cdn-cache-control: no-cache
x-nitro-cache: HIT
x-nitro-cache-from: drop-in
vary: user-agent
x-nitro-rev: b041103
link: <https://winbuzzer.com/wp-json/>; rel="https://api.w.org/" <https://winbuzzer.com/wp-json/wp/v2/posts/1878808>; rel="alternate"; type="application/json" <https://winbuzzer.com/?p=1878808>; rel=shortlink
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache-ctime: 1629818700
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FBMq1XtfLLnjAXKPmAR9JvszBK6FAHM6oNkyz2uwkrcjfsrckTYeOsAepGun%2Fz%2F1iqyR1S9pC8QzIjH4oE4mimQvzvfeMgYL11LnIiS1AjnhTCX%2BNTLfawn1pDZZDFhmCNtZmS%2BRNQLsnsz7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 685b297c8b44d6d5-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 ZkZZFSwqWjsIpEm1Rb7Zp6a-qgc.js Show response
winbuzzer.com/cdn-cgi/apps/head/ 5 KB
2 KB 37ms
26ms Script
application/javascript 2606:4700:3036::6815:2180
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winbuzzer.com/cdn-cgi/apps/head/ZkZZFSwqWjsIpEm1Rb7Zp6a-qgc.js

Requested by

Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:2180 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44cbcf1a1c5c9a93e31f7dc7733768010139827573181e6882ad6af3146608d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn-cgi/apps/head/ZkZZFSwqWjsIpEm1Rb7Zp6a-qgc.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: winbuzzer.com
referer: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 906
content-type: application/javascript; charset=utf-8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: XZFGGEJGMPDKSNEJ
x-amz-id-2: LvmYUG9yl/tOQDLrasqANneMR/p0JsVShcbFsF5ldkK73nQBx3w4p3RcwI5jvJQm1fql9toHgao=
last-modified: Tue, 13 Apr 2021 20:38:34 GMT
server: cloudflare
etag: W/"261749624e1d9631f99f426a68bc7c48"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UuXJsyco9KwoeTtW5sPtG5WB78o6KX6wuxfWhu%2F3khRZSk0HxXimpXf2hymorz%2B16jlVDudsCw2fOmkxpjlxNXtANTgN8MlujCQ408Gg3H7spF457l%2B98Llx2UZAKOoQXdR%2FJR9tIfOqLrop"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: wlh1ZNcFpG9d60fd2rxXRup6Dq6wSVGb
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 685b297d1eed9766-FRA

GET
H3-29 200 4twH05P5k8ECrvcj5brGhGn5Mz4.js Show response
winbuzzer.com/cdn-cgi/apps/body/ 12 KB
6 KB 19ms
19ms Script
application/javascript 2606:4700:3036::6815:2180
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://winbuzzer.com/cdn-cgi/apps/body/4twH05P5k8ECrvcj5brGhGn5Mz4.js

Requested by

Host: winbuzzer.com
URL: https://winbuzzer.com/cdn-cgi/apps/head/ZkZZFSwqWjsIpEm1Rb7Zp6a-qgc.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::6815:2180 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e18755e8577306cd44c51912725561a7239ac2c670197b22d9ef8c40528b802f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn-cgi/apps/body/4twH05P5k8ECrvcj5brGhGn5Mz4.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: winbuzzer.com
referer: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 906
content-type: application/javascript; charset=utf-8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HA82KCFJETT8D4NB
x-amz-id-2: 3et3gvvgrSQ2TvbYHop1wF2+vQz3Jg8hmc+gHQPdPDfil6kgRIj7VIuLokxT5KJX/BGItfgHfPU=
last-modified: Tue, 13 Apr 2021 20:38:34 GMT
server: cloudflare
etag: W/"fae380e03a9bed99d479fb792feef857"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z2sOrFWjKN1YiZYlrycxjkVEe34JtSUGXBxgn20xnr1NrKHaKzTj8CF11FkAHamzdEZ8UrGUmZCg5mmRV9nIGliRNkYPxtMEynMOtqXiEIq4E2cbgP6ofn1qIXd0XXq3CZODnN3mtbJLqvZn"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: SOv_nuA4WCMM6.M8nZ2fk13uRvi.KaHv
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 685b297d4efc9766-FRA

GET
BLOB 200
OK 0351a1da-297f-4b2b-a848-6f5ee7492160
https://winbuzzer.com/ 824 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://winbuzzer.com/0351a1da-297f-4b2b-a848-6f5ee7492160
Requested by: Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a0829f65b5378d1b0e2da444ff32f73343984c4e21342f5a7a0f3b9abe5c9c0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Length: 824
Content-Type: text/javascript

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
49 KB 65ms
45ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25010517269acfbd579716745eee26bd1c6651eda927009f4285845332f45d94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50016
x-xss-protection: 0
server: cafe
etag: 17039413445118952308
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 05:32:57 GMT

GET
DATA 200
OK truncated
/ 91 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f2e8c66e15e427b66fb7714dafd0066f604bef6c658b63b115d615e1ec5b8cf9

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 0c0322760cb9708a64ab0ba63769d968.newspaper.woff
cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/source/rev-b041103/wp-content/themes/Newspaper/images/icons/ 24 KB
25 KB 48ms
9ms Font
application/x-font-woff 2600:9000:21f3:ba00:c:def5:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/source/rev-b041103/wp-content/themes/Newspaper/images/icons/0c0322760cb9708a64ab0ba63769d968.newspaper.woff
Requested by: Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:c:def5:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: ea9ad8f6ace011a694d664482cc6ca0acc2dd86a8d6b684154327ec84c0c95fd

Request headers

Origin: https://winbuzzer.com
Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 07:47:53 GMT
via: 1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
age: 942304
x-cache: Hit from cloudfront
content-length: 24864
last-modified: Tue, 17 Aug 2021 07:47:36 GMT
server: openresty/1.15.8.3
etag: "611b6998-61b4"
vary: Accept-Encoding
content-type: application/x-font-woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
link: <https://winbuzzer.com/wp-content/themes/Newspaper/images/icons/newspaper.woff?19>; rel="canonical"
x-amz-cf-id: XfPZ3Yd8dwe_8AAUxufdJLn2Q01HUXum21qzTUFA_TEbZclicn_sfw==

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v23/ 9 KB
9 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b54fd3af961105296e2ede9650bddb03df20fb051372d3c239ac01c31ec84d38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://winbuzzer.com
Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 19:08:49 GMT
x-content-type-options: nosniff
age: 296648
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9196
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:18 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Aug 2022 19:08:49 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v23/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd6c63c14f1d2b5b0a9e2eaed185ca2bfc7cb283b31bbab54240a84f46c3af0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://winbuzzer.com
Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 01:42:36 GMT
x-content-type-options: nosniff
age: 186621
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9128
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:24:43 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 Aug 2022 01:42:36 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v27/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a986c26c40febdfac5074b57a925fe2d7b901e75b7bcad4a19a5cbe3987b51bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://winbuzzer.com
Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 21:41:38 GMT
x-content-type-options: nosniff
age: 287479
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11032
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:38 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Aug 2022 21:41:38 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v27/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6621200328c67a58e7f049fc077058611d49a8b0462acecdd1f25ef0b20a831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://winbuzzer.com
Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 09:46:52 GMT
x-content-type-options: nosniff
age: 330365
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11048
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:44 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Aug 2022 09:46:52 GMT

GET
H2 200 WinBuzzer-logo-white-transparent-272x90.png
cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/uploads/2016/04/ 5 KB
6 KB 22ms
8ms Image
image/webp 2600:9000:21f3:ba00:c:def5:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/uploads/2016/04/WinBuzzer-logo-white-transparent-272x90.png
Requested by: Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:c:def5:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 45a87ae0e44e3c24f4fab462d5604a0b84befa34f0349ceb7a91b8674ef3419f

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 07:54:56 GMT
via: 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront)
age: 941882
x-cache: Hit from cloudfront
content-length: 5562
last-modified: Tue, 17 Aug 2021 07:47:52 GMT
server: openresty/1.15.8.3
etag: "611b69a8-1651"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
link: <https://www.winbuzzer.com/wp-content/uploads/2016/04/WinBuzzer-logo-white-transparent-272x90.png>; rel="canonical"
x-amz-cf-id: DrGHzRByodaP_YHICZlVLnDzpQWRBUFpQifZmyBoEtDlLlkd7ebqVQ==

GET
H/1.1 403
Forbidden piwik.js
winbuzzer.matomo.cloud/ 0
0 200ms
64ms Script
application/xml 18.196.53.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://winbuzzer.matomo.cloud/piwik.js
Requested by: Host: winbuzzer.com
URL: https://winbuzzer.com/cdn-cgi/apps/body/4twH05P5k8ECrvcj5brGhGn5Mz4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.53.208 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-53-208.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v27/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eccc582a306d1166abf3880b2bfcdb1ed98df81cce0ede7b8b7f85dd9d4ec6b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://winbuzzer.com
Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 21:57:57 GMT
x-content-type-options: nosniff
age: 200101
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11048
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:48 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Aug 2022 21:57:57 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210819/r20190131/ Frame D99E 10 KB
5 KB 26ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210819/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210819/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://winbuzzer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://winbuzzer.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 28 Aug 2021 04:52:14 GMT
expires: Sat, 11 Sep 2021 04:52:14 GMT
content-type: text/html; charset=UTF-8
etag: 13836150016441684253
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4591
x-xss-protection: 0
age: 2444
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ 89 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d7bbe1f0ce37f7e4c162282a14783caaa757dbb96f2e08359a1c46d7ad4875b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 89 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d7bbe1f0ce37f7e4c162282a14783caaa757dbb96f2e08359a1c46d7ad4875b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 89 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d7bbe1f0ce37f7e4c162282a14783caaa757dbb96f2e08359a1c46d7ad4875b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 89 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d7bbe1f0ce37f7e4c162282a14783caaa757dbb96f2e08359a1c46d7ad4875b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 89 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d7bbe1f0ce37f7e4c162282a14783caaa757dbb96f2e08359a1c46d7ad4875b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 89 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d7bbe1f0ce37f7e4c162282a14783caaa757dbb96f2e08359a1c46d7ad4875b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 89 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1d7bbe1f0ce37f7e4c162282a14783caaa757dbb96f2e08359a1c46d7ad4875b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 rss.png
cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/ 716 B
1 KB 8ms
7ms Image
image/webp 2600:9000:21f3:ba00:c:def5:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/rss.png
Requested by: Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:c:def5:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 612520f21d6a400738bf3f27cc9331e261a00e6486fbf54abce86b54712a9b50

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 07:54:56 GMT
via: 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront)
age: 941882
x-cache: Hit from cloudfront
content-length: 716
last-modified: Tue, 17 Aug 2021 07:47:52 GMT
server: openresty/1.15.8.3
etag: "611b69a8-352"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
link: <https://winbuzzer.com/wp-content/plugins/social-stickers/themes/default/rss.png>; rel="canonical"
x-amz-cf-id: bvTnHGz0lHa89eAcKvQNBfqtvtv0Qvi_PNMt6HolRjhzqhqU0U4fuA==

GET
H2 200 twitter.png
cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/ 634 B
1 KB 9ms
8ms Image
image/webp 2600:9000:21f3:ba00:c:def5:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/twitter.png
Requested by: Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:c:def5:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a404cca9d3f1608da89c851dabc22b191242ceaf23f3226dbd96040e119b78c9

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 07:54:56 GMT
via: 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront)
age: 941882
x-cache: Hit from cloudfront
content-length: 634
last-modified: Tue, 17 Aug 2021 07:47:52 GMT
server: openresty/1.15.8.3
etag: "611b69a8-304"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
link: <https://winbuzzer.com/wp-content/plugins/social-stickers/themes/default/twitter.png>; rel="canonical"
x-amz-cf-id: 1V9F27Jp9w012oRmd1asG3I5IGkgNNo2ndidwEDr4FZ7_lT5K5w3Gw==

GET
H2 200 facebook.png
cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/ 388 B
853 B 10ms
9ms Image
image/webp 2600:9000:21f3:ba00:c:def5:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/facebook.png
Requested by: Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:c:def5:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 97df520ae4479370290538d28cc0e46eb6fbc10592bd548b51852f33f1353738

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 07:54:56 GMT
via: 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront)
age: 941882
x-cache: Hit from cloudfront
content-length: 388
last-modified: Tue, 17 Aug 2021 07:47:52 GMT
server: openresty/1.15.8.3
etag: "611b69a8-20f"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
link: <https://winbuzzer.com/wp-content/plugins/social-stickers/themes/default/facebook.png>; rel="canonical"
x-amz-cf-id: MsSNYrYna_0k4K_mEjpoeF5-PKdpQDqqy1U5-lDbGzQllMxN-hfEFA==

GET
H2 200 googleplus.png
cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/ 776 B
1 KB 9ms
8ms Image
image/webp 2600:9000:21f3:ba00:c:def5:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/googleplus.png
Requested by: Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:c:def5:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: b6e0837e27a4c3d607542e1868d72d8505ced766d6ab3ad20147a181f6321d33

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 07:54:56 GMT
via: 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront)
age: 941882
x-cache: Hit from cloudfront
content-length: 776
last-modified: Tue, 17 Aug 2021 07:47:52 GMT
server: openresty/1.15.8.3
etag: "611b69a8-395"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
link: <https://winbuzzer.com/wp-content/plugins/social-stickers/themes/default/googleplus.png>; rel="canonical"
x-amz-cf-id: RCa_LHs0-BbnkBLY7I3K0sqCdkYbNwYNj-zwLgLJnF7lB4SPI7SyqQ==

GET
H2 200 pinterest.png
cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/ 800 B
1 KB 10ms
9ms Image
image/webp 2600:9000:21f3:ba00:c:def5:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/pinterest.png
Requested by: Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:c:def5:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 384146b657bd0089c100c69894b8200a46e3eaf484dc078826dea0a10dd7380f

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 07:54:56 GMT
via: 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront)
age: 941882
x-cache: Hit from cloudfront
content-length: 800
last-modified: Tue, 17 Aug 2021 07:47:52 GMT
server: openresty/1.15.8.3
etag: "611b69a8-3ac"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
link: <https://winbuzzer.com/wp-content/plugins/social-stickers/themes/default/pinterest.png>; rel="canonical"
x-amz-cf-id: EnO9ha6_izDbXZ-W8Dl6KVlUdaptHw833dYM557Wv6XubQVRjV63EQ==

GET
H2 200 youtube.png
cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/ 940 B
1 KB 9ms
9ms Image
image/webp 2600:9000:21f3:ba00:c:def5:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/youtube.png
Requested by: Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:c:def5:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2fe6468c60114b9fd665dfe1addf0f487d6c51899a65965d581325d6af51b81a

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 07:54:56 GMT
via: 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront)
age: 941882
x-cache: Hit from cloudfront
content-length: 940
last-modified: Tue, 17 Aug 2021 07:47:52 GMT
server: openresty/1.15.8.3
etag: "611b69a8-436"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
link: <https://winbuzzer.com/wp-content/plugins/social-stickers/themes/default/youtube.png>; rel="canonical"
x-amz-cf-id: fClGRwb9IbsP83MlxClLLg6jUaj9ivwf0urwBMWjUGV7-gmxyrAY_g==

GET
H2 200 slideshare.png
cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/ 776 B
1 KB 10ms
10ms Image
image/webp 2600:9000:21f3:ba00:c:def5:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/wp-content/plugins/social-stickers/themes/default/slideshare.png
Requested by: Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:c:def5:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 29497258eec633c546b8355e75a0f6842f337827f1c9f21a641308b4c3db4ebe

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 07:54:56 GMT
via: 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront)
age: 941882
x-cache: Hit from cloudfront
content-length: 776
last-modified: Tue, 17 Aug 2021 07:47:52 GMT
server: openresty/1.15.8.3
etag: "611b69a8-395"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
link: <https://winbuzzer.com/wp-content/plugins/social-stickers/themes/default/slideshare.png>; rel="canonical"
x-amz-cf-id: ho0JTeUQVzBioUKmyWkLctJ3xsj4qTh3chXJJn2Cf6j1AlYRvL0bzQ==

GET
DATA 200
OK truncated
/ 91 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: efa57b00f63e53ac16325e94291a7075611bb2cc2df4ceef8bf883a5bab1193d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 /
to.getnitropack.com/ 20 B
467 B 196ms
78ms Ping
text/html 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://to.getnitropack.com/

Requested by

Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

unn-89-187-169-47.cdn77.com

Software

BunnyCDN-DE1-756 / PHP/7.3.28

Resource Hash

a4d2b5c10747a9a02c401ece039329ec75c8a8f1dc4de0c7fb53a4ebde5555e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryp995bEYrJbmBLXrX

Response headers

date: Sat, 28 Aug 2021 05:32:58 GMT
content-encoding: none
cdn-edgestorageid: 756
x-powered-by: PHP/7.3.28
cdn-cachedat: 08/28/2021 07:32:58
cdn-pullzone: 234442
content-length: 20
server: BunnyCDN-DE1-756
cdn-proxyver: 1.0
cdn-requestpullcode: 200
strict-transport-security: max-age=15724800; includeSubDomains
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cdn-uid: b7e07321-6c82-48dc-b332-ec6b5d5d2a32
cache-control: public, max-age=0
cdn-requestid: 10dcae9a58931fc05aa763c6c24b615f
cdn-requestcountrycode: PL
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108240101/ 252 KB
93 KB 53ms
38ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108240101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7657478961655099&plah=winbuzzer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa9cdf9e3f9d95bc258c6aad323775e7d53770eead4c23191a4a2ef5ad66bfa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95604
x-xss-protection: 0
server: cafe
etag: 190350966155053234
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 05:32:58 GMT

POST
H2 200 /
to.getnitropack.com/ 20 B
468 B 167ms
77ms Ping
text/html 89.187.169.47
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://to.getnitropack.com/

Requested by

Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

unn-89-187-169-47.cdn77.com

Software

BunnyCDN-DE1-756 / PHP/7.3.28

Resource Hash

a4d2b5c10747a9a02c401ece039329ec75c8a8f1dc4de0c7fb53a4ebde5555e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarymTxNqcsVSNBXFvzR

Response headers

date: Sat, 28 Aug 2021 05:32:58 GMT
content-encoding: none
cdn-edgestorageid: 756
x-powered-by: PHP/7.3.28
cdn-cachedat: 08/28/2021 07:32:58
cdn-pullzone: 234442
content-length: 20
server: BunnyCDN-DE1-756
cdn-proxyver: 1.0
cdn-requestpullcode: 200
strict-transport-security: max-age=15724800; includeSubDomains
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cdn-uid: b7e07321-6c82-48dc-b332-ec6b5d5d2a32
cache-control: public, max-age=0
cdn-requestid: 086c48b18823f39fb2398397ad014380
cdn-requestcountrycode: PL
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 nitro-min-noimport-94ac2d8babad8917e593bc1214136634-stylesheet.css
cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/combinedCss/ 235 KB
32 KB 16ms
15ms Stylesheet
text/css 2600:9000:21f3:ba00:c:def5:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/combinedCss/nitro-min-noimport-94ac2d8babad8917e593bc1214136634-stylesheet.css
Requested by: Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:c:def5:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 241cb8e71fbe2c03441cd2c8f6c1b13347eee381a506277a1e55c491656d6550

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 07:54:11 GMT
content-encoding: br
last-modified: Tue, 17 Aug 2021 07:47:44 GMT
server: openresty/1.15.8.3
age: 941927
etag: W/"611b69a0-3ac89"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
link: <https://winbuzzer.com/combinedCss/94ac2d8babad8917e593bc1214136634-stylesheet.css>; rel="canonical"
x-amz-cf-id: p-SJmRFTvMx7wLijvp7jrBGa9zU5_Icry9c20ilGB_uS352uJO0dxA==
via: 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront)

GET
H2 200 nitro-min-noimport-31a3164a5b803396149721af6e0aa1d5-stylesheet.css
cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/combinedCss/ 791 KB
71 KB 9ms
8ms Stylesheet
text/css 2600:9000:21f3:ba00:c:def5:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/combinedCss/nitro-min-noimport-31a3164a5b803396149721af6e0aa1d5-stylesheet.css
Requested by: Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:c:def5:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: f55b468f28ed9ab929c9ce8ee98c64e64b77b58456414c6ba2642b99a19abe90

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 07:54:11 GMT
content-encoding: br
last-modified: Tue, 17 Aug 2021 07:47:44 GMT
server: openresty/1.15.8.3
age: 941927
etag: W/"611b69a0-c5d63"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
link: <https://winbuzzer.com/combinedCss/31a3164a5b803396149721af6e0aa1d5-stylesheet.css>; rel="canonical"
x-amz-cf-id: o8eTiODbFeJZz2J8hHo5VckONmDbGmwvyZMfybp_7oFuCBvsjgVTzg==
via: 1.1 27f665df26bde4a7226480b4a2890ff9.cloudfront.net (CloudFront)

GET
H3-29 200 mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v23/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2

Requested by

Host: winbuzzer.com
URL: https://winbuzzer.com/2021/08/24/microsoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ac981142ce898e8beb8e505ede3a459da311b965f1111c24e30cd3eb4f29584

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://winbuzzer.com
Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 00:30:35 GMT
x-content-type-options: nosniff
age: 363743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9220
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:45 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Aug 2022 00:30:35 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 203 B
659 B 140ms
49ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=winbuzzer.com&callback=_gfp_s_&client=ca-pub-7657478961655099

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108240101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7657478961655099&plah=winbuzzer.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

492fedcb2150db44303b436445a703fa6840c4a72172aa01214ea5444f73835a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 193
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 35ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=winbuzzer.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 28 Aug 2021 05:32:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 36ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=winbuzzer.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 28 Aug 2021 05:32:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9E17 86 KB
27 KB 470ms
457ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=60&slotname=3001851796&adk=392949917&adf=489807014&pi=t.ma~as.3001851796&w=468&lmt=1630128778&psa=0&format=468x60&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778247&bpp=14&bdt=479&idt=131&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=7932359310696&frm=20&pv=2&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=380&ady=469&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=WRI8Jkh4Hl&p=https%3A//winbuzzer.com&dtd=175

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78015b8bc9937ffd77cf894eaa8c0aaf1d012325a2634c146b4c5433ec46d340

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7657478961655099&output=html&h=60&slotname=3001851796&adk=392949917&adf=489807014&pi=t.ma~as.3001851796&w=468&lmt=1630128778&psa=0&format=468x60&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778247&bpp=14&bdt=479&idt=131&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=7932359310696&frm=20&pv=2&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=380&ady=469&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=WRI8Jkh4Hl&p=https%3A//winbuzzer.com&dtd=175
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://winbuzzer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://winbuzzer.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 28 Aug 2021 05:32:58 GMT
server: cafe
content-length: 27385
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Aug-2021 05:47:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 28 Aug 2021 05:32:58 GMT
cache-control: private

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 34ms
20ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210819&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d65039a5ce97563763563a3870a9ee8c8e81ea748980aad87896cf29eae7367

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 28 Aug 2021 05:32:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8504
x-xss-protection: 0

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e87d7c59119397293cf71c27dd7eac13e19f0f3cc3f2b85fc52a74864757b251

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630063795307439"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27566
x-xss-protection: 0
expires: Sat, 28 Aug 2021 05:32:58 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 12D3 18 KB
5 KB 539ms
539ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&adk=1812271804&adf=3025194257&lmt=1630128778&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778262&bpp=2&bdt=494&idt=187&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=192

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8952f02c06434f9a5af72ec66e23594ac64ef4daeae5733f51541d7e1eeda72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7657478961655099&output=html&adk=1812271804&adf=3025194257&lmt=1630128778&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778262&bpp=2&bdt=494&idt=187&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=192
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://winbuzzer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://winbuzzer.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 28 Aug 2021 05:32:58 GMT
server: cafe
content-length: 5235
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Aug-2021 05:47:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 28 Aug 2021 05:32:58 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D5F2 71 KB
25 KB 736ms
735ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=2917897793&adk=4252198442&adf=2999737270&pi=t.ma~as.2917897793&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778264&bpp=2&bdt=496&idt=194&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=1021&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=kbF4yhlS3Q&p=https%3A//winbuzzer.com&dtd=197

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb718717a1a0c7e3213f0d000b0c88ce6de92c1c523e38b48e76e9e7c605e971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=2917897793&adk=4252198442&adf=2999737270&pi=t.ma~as.2917897793&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778264&bpp=2&bdt=496&idt=194&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=1021&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=kbF4yhlS3Q&p=https%3A//winbuzzer.com&dtd=197
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://winbuzzer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://winbuzzer.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 28 Aug 2021 05:32:59 GMT
server: cafe
content-length: 26058
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Aug-2021 05:47:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 28 Aug 2021 05:32:59 GMT
cache-control: private

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 47ms
27ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 28 Aug 2021 05:32:58 GMT

GET
H3-29 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v23/ 9 KB
9 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: cdn-chilj.nitrocdn.com
URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/combinedCss/nitro-min-noimport-94ac2d8babad8917e593bc1214136634-stylesheet.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b54fd3af961105296e2ede9650bddb03df20fb051372d3c239ac01c31ec84d38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://winbuzzer.com
Referer: https://cdn-chilj.nitrocdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 19:08:49 GMT
x-content-type-options: nosniff
age: 296649
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9196
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:18 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Aug 2022 19:08:49 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v23/ 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd6c63c14f1d2b5b0a9e2eaed185ca2bfc7cb283b31bbab54240a84f46c3af0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://winbuzzer.com
Referer: https://cdn-chilj.nitrocdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 01:42:36 GMT
x-content-type-options: nosniff
age: 186622
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9128
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:24:43 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 Aug 2022 01:42:36 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v27/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a986c26c40febdfac5074b57a925fe2d7b901e75b7bcad4a19a5cbe3987b51bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://winbuzzer.com
Referer: https://cdn-chilj.nitrocdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 21:41:38 GMT
x-content-type-options: nosniff
age: 287480
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11032
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:38 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Aug 2022 21:41:38 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v23/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ac981142ce898e8beb8e505ede3a459da311b965f1111c24e30cd3eb4f29584

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://winbuzzer.com
Referer: https://cdn-chilj.nitrocdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 00:30:35 GMT
x-content-type-options: nosniff
age: 363743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9220
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:45 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Aug 2022 00:30:35 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v27/ 11 KB
11 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eccc582a306d1166abf3880b2bfcdb1ed98df81cce0ede7b8b7f85dd9d4ec6b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://winbuzzer.com
Referer: https://cdn-chilj.nitrocdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 21:57:57 GMT
x-content-type-options: nosniff
age: 200101
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11048
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:48 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Aug 2022 21:57:57 GMT

GET
H2 200 0c0322760cb9708a64ab0ba63769d968.newspaper.woff
cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/source/rev-b041103/wp-content/themes/Newspaper/images/icons/ 24 KB
25 KB 9ms
8ms Font
application/x-font-woff 2600:9000:21f3:ba00:c:def5:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/source/rev-b041103/wp-content/themes/Newspaper/images/icons/0c0322760cb9708a64ab0ba63769d968.newspaper.woff
Requested by: Host: cdn-chilj.nitrocdn.com
URL: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/combinedCss/nitro-min-noimport-94ac2d8babad8917e593bc1214136634-stylesheet.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:ba00:c:def5:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: ea9ad8f6ace011a694d664482cc6ca0acc2dd86a8d6b684154327ec84c0c95fd

Request headers

Origin: https://winbuzzer.com
Referer: https://cdn-chilj.nitrocdn.com/gYFaTcLxknXlucWgXPjHDdhAuyobJjHx/assets/static/optimized/rev-b041103/combinedCss/nitro-min-noimport-94ac2d8babad8917e593bc1214136634-stylesheet.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 07:47:53 GMT
via: 1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
age: 942305
x-cache: Hit from cloudfront
content-length: 24864
last-modified: Tue, 17 Aug 2021 07:47:36 GMT
server: openresty/1.15.8.3
etag: "611b6998-61b4"
vary: Accept-Encoding
content-type: application/x-font-woff
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
link: <https://winbuzzer.com/wp-content/themes/Newspaper/images/icons/newspaper.woff?19>; rel="canonical"
x-amz-cf-id: hTumquQttySx5Om7X7XI5ofABMUt42EtIEsKN0H7YWEAUxVUskSqdA==

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v27/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6621200328c67a58e7f049fc077058611d49a8b0462acecdd1f25ef0b20a831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://winbuzzer.com
Referer: https://cdn-chilj.nitrocdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 09:46:52 GMT
x-content-type-options: nosniff
age: 330366
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11048
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:44 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 24 Aug 2022 09:46:52 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 79DF 67 KB
25 KB 682ms
675ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=3576566866&adk=2385268302&adf=4266887281&pi=t.ma~as.3576566866&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778267&bpp=1&bdt=499&idt=229&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=2568&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=HpjuqnbmiK&p=https%3A//winbuzzer.com&dtd=236

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a0403e3229af4ccfe1d8a4b51ea4a9d5f18372e8a5ec8ef980badf9aff965e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=3576566866&adk=2385268302&adf=4266887281&pi=t.ma~as.3576566866&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778267&bpp=1&bdt=499&idt=229&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=2568&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=HpjuqnbmiK&p=https%3A//winbuzzer.com&dtd=236
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://winbuzzer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://winbuzzer.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 28 Aug 2021 05:32:59 GMT
server: cafe
content-length: 25280
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Aug-2021 05:47:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 28 Aug 2021 05:32:59 GMT
cache-control: private

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=winbuzzer.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 28 Aug 2021 05:32:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=winbuzzer.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 28 Aug 2021 05:32:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EF89 67 KB
25 KB 675ms
674ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=7325153160&adk=3559216694&adf=513266793&pi=t.ma~as.7325153160&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778269&bpp=1&bdt=501&idt=252&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=445&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=XMViNeuuRx&p=https%3A//winbuzzer.com&dtd=259

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a770ead57b80c1fb6ff3cf765d5e81c3944af3f1279fe3dc52540945f87ab8a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=7325153160&adk=3559216694&adf=513266793&pi=t.ma~as.7325153160&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778269&bpp=1&bdt=501&idt=252&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=445&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=XMViNeuuRx&p=https%3A//winbuzzer.com&dtd=259
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://winbuzzer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://winbuzzer.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 28 Aug 2021 05:32:59 GMT
server: cafe
content-length: 25380
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Aug-2021 05:47:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 28 Aug 2021 05:32:59 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0F22 78 KB
26 KB 510ms
510ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=3004685994&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778270&bpp=1&bdt=502&idt=267&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=1218&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=02iSHfsShH&p=https%3A//winbuzzer.com&dtd=270

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c2e0779ff0607339bbd1b913097b5be074b135ff098d13394c773b78d5087aca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=3004685994&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778270&bpp=1&bdt=502&idt=267&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=1218&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=02iSHfsShH&p=https%3A//winbuzzer.com&dtd=270
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://winbuzzer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://winbuzzer.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 28 Aug 2021 05:32:59 GMT
server: cafe
content-length: 26611
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Aug-2021 05:47:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 28 Aug 2021 05:32:59 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1309 71 KB
25 KB 874ms
873ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20ef55d2c3ce9fb7ce2e46035a56e7b340f67eb84f010f34f3d217a4426df20a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://winbuzzer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://winbuzzer.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 28 Aug 2021 05:32:59 GMT
server: cafe
content-length: 25989
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 28-Aug-2021 05:47:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 28 Aug 2021 05:32:59 GMT
cache-control: private

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 6339 12 KB
5 KB 20ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://winbuzzer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://winbuzzer.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Sat, 28 Aug 2021 04:50:14 GMT
expires: Sun, 28 Aug 2022 04:50:14 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2564
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 756B 783 B
832 B 19ms
19ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c73e8b2ce278f87831a07c17556d2e74bc5d80455ef3f2518a9c2054af74f0b4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-NVHOUce2ilwhdYwVG+yyZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://winbuzzer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://winbuzzer.com/

Response headers

expires: Sat, 28 Aug 2021 05:32:58 GMT
date: Sat, 28 Aug 2021 05:32:58 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-NVHOUce2ilwhdYwVG+yyZQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 JSi02Q6GJynUs5OPQnU6ClbAiSGuMk75N6kjZ1kLosw.js Show response
pagead2.googlesyndication.com/bg/ Frame 6339 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JSi02Q6GJynUs5OPQnU6ClbAiSGuMk75N6kjZ1kLosw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2528b4d90e862729d4b3938f42753a0a56c08921ae324ef937a92367590ba2cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 10:14:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69491
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13290
x-xss-protection: 0
last-modified: Mon, 23 Aug 2021 08:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 27 Aug 2022 10:14:47 GMT

GET
H3-29 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 33ms
32ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210819&jk=4303088311706858&bg=!FRalFlLNAAZOkH6FTpA7ACkAdvg8Wufws8HIcThb22oeOiUWP5jgO3u9l1P-9QQbWcyGdKxQP1SGAwIAAABiUgAAAA5oAQcKALAj4rF-V50Cb5s8Mjja_l8LC8znFKbigRdjhTjghQlUAzE6km6QajBTJFzii04KL0JRz2FnwHo2g5PxH8uSDor9akxxUCdISkoKs9zHYwG5GwUiaFZIXNVlu9JVd0qi3gacTO3q4IG4K5HwvEQff3RGqsuWVTm-C20eApWHzHGxXAg4RxXUYQm0uz_gHNpoRoD2QeX4J9GBEiDIOwkLDEDMv5cMAus3Zoz54IBigMjtvJkClNBUIZOW5HMp6wGk9Z21KGn8SRA1XwBsOSu4PFKVTSrlTAXuS2l3C7nKPk7KhkAQI40eOS255u4H-Vrk2CTZed2FBeHl4s-fmIqKh8dm-Z5qIkZKOKjjSOvmmVbDhV3BtTVMehcXdWbxOQBCSz-CwoH6RriAxs5DKbHRghG2odYAnR1mfsBdiXCBqLjaRgGRtiHH7Y3gLSGSe9hUa8VApX_VvYd2VxTsKn2ptZLP3qPgh0uDFNJL1uxpLjTOjkrNPPAOKSbxrL_xeSHBPrPtGCfl4TL2JxslLln6_kYzXbRyVJ8FPgTOnj77W6WD2UjUp7olShW_dpUW_I7ILLp9Q-CmwFx-AyChJsJ8qzcaiKy6hjolJzBaDchQPtZkRyw2ilivGuRsyeu2MAvu2N7FM5bpMZRT-rDdgOyrT6nXsCK8APf57ro5Kv1soia58RElwPT9FC4OBE-GKlvDA7EqOCEodeIF-kqQfGP5fB_fQ6FtWSHH25Z0tZ-ie0z7RzdQxZ84GBPFvS844CNjCPlXF_Fl7rBiockln1XNdjbgqU53pbf8gpZm6jGHBLhFM_SpNdpQR3TlXZip3vG4CJe3koTA5l31AyfTeaMN37_0oCQkavvA9Oo-WVmDw0oBoFfTK8J_VOO6bHMfXm7nadNEkdez5drwm31d9SoMa9PL8PCQrI5To9imZpe5idxMh9KxW1ICM8zNQ4ZTnxdp67Xsz6ww6msk15_vIZ-2LFp9T38xnKtrVwWA9178g6rwnOF-OEIR-8wW0lYpojmHhZ4gV4zNTJyctNWnk8I0fTbK508BnSfeWHBYIKN8piqJ3lQsExV-ZxU1LbSLai58I1vTJmCKWDeDr6vw8rFmDBfmfWPGocix4w
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://winbuzzer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 css
fonts.googleapis.com/ Frame 9E17 3 KB
674 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=60&slotname=3001851796&adk=392949917&adf=489807014&pi=t.ma~as.3001851796&w=468&lmt=1630128778&psa=0&format=468x60&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778247&bpp=14&bdt=479&idt=131&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=7932359310696&frm=20&pv=2&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=380&ady=469&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=WRI8Jkh4Hl&p=https%3A//winbuzzer.com&dtd=175

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

86004aba5435fd4a14892a5f47e53a870f8e8b815b33737be419bee2bef6080e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 28 Aug 2021 03:38:46 GMT
server: ESF
date: Sat, 28 Aug 2021 05:32:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 28 Aug 2021 05:32:58 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame 9E17 1 KB
857 B 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:29:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 195
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
server: cafe
etag: 3558876194914413708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:29:43 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/ Frame 9E17 18 KB
7 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1486
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:08:12 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame 9E17 2 KB
1 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:32:52 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9E17 122 KB
37 KB 145ms
129ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1067c971caffd7df8cd9067373c51d11760f7222c741238f36df1ca218620ece

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:59 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630063810880246"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 28 Aug 2021 05:32:59 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame 9E17 14 KB
6 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbb80dcea54f7729198af5e295a98e3cacc3a66a7c308cda48625042944170b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:30:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6213
x-xss-protection: 0
server: cafe
etag: 5878208181763659450
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:30:41 GMT

GET
H2 200 bf370751b3c301aa27eddd739f5e1f7e.js Show response
www.gstatic.com/mysidia/ Frame 9E17 26 KB
11 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/bf370751b3c301aa27eddd739f5e1f7e.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e12ca129385ec88177c0fb34c59fd33dd1cd5d4f6531eb1b0b44cab8c3167ac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 09:06:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73571
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10800
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 06:33:32 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 25 Nov 2021 09:06:47 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9E17 0
0 18ms
18ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CKC-YisopYZO6G62Q4gH1k4J4rcO5tmPtoMmK7Q2_4R4QASDF778iYJUCoAHjttGLA8gBAakCiLXO_TsWtz6oAwHIA8MEqgSLAk_QvTXQIV6gu8chfONHTSkRJ368-8NNYNoo4ePwKF48xORdowLOoAIROAmqrbNBk_h5-nYk3z0Wftu2Jzt-cezd4m3Hdkz2jzG8eqCZIHrT6bPeajREUVXVrA8eiyZNsp73Oip-3PZVLEAlzNxf7UzhNRidS1jkXDTw18HVa_s6m2mon3E_tzZX2YwX7Ds6LvsjUHLqugCEzw3rCZ1dFmGHPsQm-7tkU8LzOx7TIqbPeCrqzeN8qpO64vd6A8bVoUh8lwCzlzlrCg_ViHw0mldRHRV1EfYAjyeaW8L5kAhA6NpMC5ybgBaVL8Cmj24MlStceDuhLvi0jf6Ad8DTsEGP1GNXq9bGYsYRV8AE5s_EzoADkgUECAQYAZIFBAgFGASgBmaAB4XJrnSoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4b2AcB8gcEEJ-lYNIICQiA4YAQEAEYH4AKAcgLAdgTDIgUA9AVAZgWAYAXAbIXHAoaCAASFHB1Yi03NjU3NDc4OTYxNjU1MDk5GAA&sigh=YViGrBfCcrw

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=60&slotname=3001851796&adk=392949917&adf=489807014&pi=t.ma~as.3001851796&w=468&lmt=1630128778&psa=0&format=468x60&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778247&bpp=14&bdt=479&idt=131&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=7932359310696&frm=20&pv=2&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=380&ady=469&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=WRI8Jkh4Hl&p=https%3A//winbuzzer.com&dtd=175
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 28 Aug 2021 05:32:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 28 Aug 2021 05:32:58 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B38E 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=60&slotname=3001851796&adk=392949917&adf=489807014&pi=t.ma~as.3001851796&w=468&lmt=1630128778&psa=0&format=468x60&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778247&bpp=14&bdt=479&idt=131&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=7932359310696&frm=20&pv=2&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=380&ady=469&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=WRI8Jkh4Hl&p=https%3A//winbuzzer.com&dtd=175
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=60&slotname=3001851796&adk=392949917&adf=489807014&pi=t.ma~as.3001851796&w=468&lmt=1630128778&psa=0&format=468x60&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778247&bpp=14&bdt=479&idt=131&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&correlator=7932359310696&frm=20&pv=2&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=380&ady=469&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=WRI8Jkh4Hl&p=https%3A//winbuzzer.com&dtd=175

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 28 Aug 2021 04:42:58 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B38E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZhKzY5WpA3j_SckQIOrAxtFthyivdqH1S_Qqb9HxTr-rv_t8lawOt5uU7dqQ; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Aug 2021 05:32:59 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 28-Aug-2021 06:32:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 28 Aug 2021 05:32:59 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Aug 2021 05:32:58 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 css
fonts.googleapis.com/ Frame 0F22 3 KB
578 B 29ms
14ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=3004685994&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778270&bpp=1&bdt=502&idt=267&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=1218&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=02iSHfsShH&p=https%3A//winbuzzer.com&dtd=270

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

86004aba5435fd4a14892a5f47e53a870f8e8b815b33737be419bee2bef6080e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 28 Aug 2021 03:36:33 GMT
server: ESF
date: Sat, 28 Aug 2021 05:32:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 28 Aug 2021 05:32:59 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame 0F22 1 KB
857 B 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:29:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 196
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
server: cafe
etag: 3558876194914413708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:29:43 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/ Frame 0F22 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1487
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:08:12 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame 0F22 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:32:52 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0F22 122 KB
37 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1067c971caffd7df8cd9067373c51d11760f7222c741238f36df1ca218620ece

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:59 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630063810880246"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 28 Aug 2021 05:32:59 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame 0F22 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbb80dcea54f7729198af5e295a98e3cacc3a66a7c308cda48625042944170b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:30:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6213
x-xss-protection: 0
server: cafe
etag: 5878208181763659450
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:30:41 GMT

GET
H3-29 200 550517e8bc13b6c9510094b6b7001d9c.js Show response
www.gstatic.com/mysidia/ Frame 0F22 26 KB
11 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/550517e8bc13b6c9510094b6b7001d9c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5469740595a44003b8884f40783d63ac3c9b57e1a00ad6f29c4fff55153717de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 22:52:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 196839
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10776
x-xss-protection: 0
last-modified: Wed, 25 Aug 2021 22:05:13 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 23 Nov 2021 22:52:20 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0F22 0
0 18ms
18ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CiiItisopYYDqIfS6x_AP4-umqA2--67UZJ3Djs3nDb_hHhABIMXvvyJglQKgAeO20YsDyAEBqQKItc79Oxa3PqgDAcgDwwSqBJYCT9AhGIMBnagjKASCBTvvv-TfNzoolFlr8cZi9Y6hkiugOFROd64oB30Q61lP2C_N28wCfvwtRNaHUnkt_fTbBewZ-iC85HcsbcN2GwK7HlEbvYFCb1QdKorN6Qh2j98EZPslsXfnenwEDPMNQqbv3p8Kz-JnMRbZ5aaAcytyAOLi2foiWFHrMAbhKxAxGyEswkge-4om55KtQOjTcQmS4fcp5AloNcceUI9ARl5balFtft3CrPeDItHthH-LOzky76dVob_XJtjOPCJBCzQRPXLxOa3z9fkBfVe96LKoNGuCskX-XVlTLUak6y9sbynKSAih6JnNzabkDgGgrKtL4Ltx13URruJfOwNywqljCo5jOu_ppAXABOqPlPzWA5IFBAgEGAGSBQQIBRgEoAZmgAeFya50qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G9gHAfIHBRCc_IYB0ggJCIDhgBAQARgfgAoByAsB2BMMiBQE0BUBmBYBgBcBshccChoIABIUcHViLTc2NTc0Nzg5NjE2NTUwOTkYAA&sigh=uCcjoANW_gQ

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=3004685994&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778270&bpp=1&bdt=502&idt=267&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=1218&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=02iSHfsShH&p=https%3A//winbuzzer.com&dtd=270
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 28 Aug 2021 05:32:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 23DB 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=3004685994&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778270&bpp=1&bdt=502&idt=267&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=1218&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=02iSHfsShH&p=https%3A//winbuzzer.com&dtd=270
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZhKzY5WpA3j_SckQIOrAxtFthyivdqH1S_Qqb9HxTr-rv_t8lawOt5uU7dqQ; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=3004685994&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778270&bpp=1&bdt=502&idt=267&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=1218&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=6&uci=a!6&btvi=2&fsb=1&xpc=02iSHfsShH&p=https%3A//winbuzzer.com&dtd=270

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 28 Aug 2021 04:42:58 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3001
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0F22 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f667a74cdbbaf59ad981e8704ec9e5d41b99de16a03562900f76e9f79bd4611b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 9E17 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d0425615a616c024dd531b9b0f71b554d44c21827faefc3b32fb7e7a281351d5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v35/ Frame 9E17 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v35/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 23:18:34 GMT
x-content-type-options: nosniff
age: 195265
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 00:01:04 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Aug 2022 23:18:34 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v35/ Frame 9E17 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v35/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 00:01:03 GMT
x-content-type-options: nosniff
age: 279116
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 00:00:52 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Aug 2022 00:01:03 GMT

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v35/ Frame 0F22 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v35/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 23:18:34 GMT
x-content-type-options: nosniff
age: 195265
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 00:01:04 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Aug 2022 23:18:34 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v35/ Frame 0F22 21 KB
21 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v35/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 25 Aug 2021 00:01:03 GMT
x-content-type-options: nosniff
age: 279116
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 00:00:52 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Aug 2022 00:01:03 GMT

GET
H3-29 200 D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js Show response
pagead2.googlesyndication.com/bg/ Frame 84E7 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f794ec9acf7dc03b2193204a9d39212625be5c9c48042d7904a7e59904ead1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 14:45:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 139634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13489
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 15:08:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Aug 2022 14:45:45 GMT

GET
H3-29 200 9602836955802249830
tpc.googlesyndication.com/simgad/ Frame 79DF 123 KB
123 KB 7ms
7ms Image
image/gif 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9602836955802249830

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=3576566866&adk=2385268302&adf=4266887281&pi=t.ma~as.3576566866&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778267&bpp=1&bdt=499&idt=229&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=2568&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=HpjuqnbmiK&p=https%3A//winbuzzer.com&dtd=236

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8105b01fe0dd7f8435a32697f0f77ce1bb933667a96a12dbb49ba46e55835b47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 06:16:00 GMT
x-content-type-options: nosniff
age: 83819
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126041
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 12:21:11 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Aug 2022 06:16:00 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/ Frame 79DF 18 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1487
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:08:12 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame 79DF 2 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:32:52 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 79DF 122 KB
37 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1067c971caffd7df8cd9067373c51d11760f7222c741238f36df1ca218620ece

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:59 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630063810880246"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 28 Aug 2021 05:32:59 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame 79DF 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbb80dcea54f7729198af5e295a98e3cacc3a66a7c308cda48625042944170b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:30:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6213
x-xss-protection: 0
server: cafe
etag: 5878208181763659450
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:30:41 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame 79DF 26 KB
11 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95141ef1e328eaeb6f8ca6055420f6ced872676bd87f0f414ec2f8fc33e89e90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 12:31:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10782
x-xss-protection: 0
server: cafe
etag: 5294709741162730823
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 10 Sep 2021 12:31:53 GMT

GET
H/1.1 200
OK ai.aspx Show response
m.exactag.com/ Frame 79DF 43 B
1 KB 179ms
51ms Fetch
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL

https://m.exactag.com/ai.aspx?extProvId=5&extPu=14058-gaw&extLi=13703487063&extCr=129837160047-540410528785&cb=3020699764

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Bottrop, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Sa, 28 Aug 2021 05:32:59 GMT
Server: Microsoft-IIS/8.5
Date: Sat, 28 Aug 2021 05:32:59 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1053
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 79DF 0
0 17ms
17ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CruhcisopYfeLINHagQfOk7kI7NL742Sn2-mk9A6_4R4QASDF778iYJUCoAGszeOkAcgBA6kCLS6TQ1DKsz6oAwHIA8kEqgSOAk_Q_aSoWs1Jl6n5S_HbGPa8lCHGbrK3ximycz181vjJsYey1_o9WaL_o8RVxcuYC_U4OJqAgLKpYL4IAn3ZM6H26dzhkHQTiw2UK1PxNGkaJ5HfdUCLkolLx8jNAdv-rDXN4-zmydopm6M6GdvTJRcOk2tL_TXVWBqht7CWLOlR0i9zYqSdkgecZo8DcZcJW_3BMKBUEOWJYU8_hcdH7C0jtD1vzzVHH9ogLc0V4gx4udRUPE5eOAVcR6wmCmEowo2jQ8n2L_IHw-8POLM19FgxiSpdeR0LCU_UDPeo90Gsjph5OmAvo7d0rhzTEkD7mPzNroEztK_7Y9iCdPa90AEnlfz-5RxjkH97D69fN8AE76yX1-MDkgUECAQYAZIFBAgFGASgBgOAB7yynNsCqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEMn7RtIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi03NjU3NDc4OTYxNjU1MDk5GAA&sigh=Kun1VdERndY

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=3576566866&adk=2385268302&adf=4266887281&pi=t.ma~as.3576566866&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778267&bpp=1&bdt=499&idt=229&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=2568&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=HpjuqnbmiK&p=https%3A//winbuzzer.com&dtd=236
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 28 Aug 2021 05:32:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 8107714642862708433
tpc.googlesyndication.com/simgad/ Frame D5F2 33 KB
33 KB 12ms
11ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8107714642862708433?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlMM4TxbSU-4z5TmHVsMt7ES7ki8Q

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=2917897793&adk=4252198442&adf=2999737270&pi=t.ma~as.2917897793&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778264&bpp=2&bdt=496&idt=194&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=1021&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=kbF4yhlS3Q&p=https%3A//winbuzzer.com&dtd=197

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aeefeaabef6721f20d248c2e1476aa942d9318ea58bf8abffda509f5c7af812e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 03:31:00 GMT
x-content-type-options: nosniff
last-modified: Mon, 23 Aug 2021 21:40:03 GMT
server: sffe
age: 352919
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33588
x-xss-protection: 0
expires: Wed, 24 Aug 2022 03:31:00 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/ Frame D5F2 18 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1487
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:08:12 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame D5F2 2 KB
1 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:32:52 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame D5F2 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbb80dcea54f7729198af5e295a98e3cacc3a66a7c308cda48625042944170b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:30:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6213
x-xss-protection: 0
server: cafe
etag: 5878208181763659450
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:30:41 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D5F2 122 KB
37 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1067c971caffd7df8cd9067373c51d11760f7222c741238f36df1ca218620ece

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:59 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630063810880246"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 28 Aug 2021 05:32:59 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame D5F2 26 KB
11 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95141ef1e328eaeb6f8ca6055420f6ced872676bd87f0f414ec2f8fc33e89e90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 12:31:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10782
x-xss-protection: 0
server: cafe
etag: 5294709741162730823
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 10 Sep 2021 12:31:53 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame D5F2 0
0 20ms
17ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CuVluisopYZ6NHbavx_AP7puLyA-uqrS5ZNuasOe1Dr_hHhABIMXvvyJglQKgAZuI0Z8DyAECqQItLpNDUMqzPqgDAcgDyQSqBJACT9Cw4K4U4H9V9dcOm0yMYuY3EXurlBhIYt-h2AkjXcfKZsS9MD7MU-88yNbKus_R4mhL7iD45BsoF7aRYpJiclGgkmv_Xiu_4km4SwupnVXPBvAov9g9pp-JWj9-_hHu-ktCcqzFoM013LbN5OJSldtR7VDqh4kzhxBYIS3oolUifRigpR_bRBzPHN-3QhojZsP9EQYMFeze6Qe1okNoGTrflqQLHfvXcmafgigYHbnr-5YhtIrubjjCYyPaOwHSYJ7Q3CNdJW0kGW-lfy8oDqmyZnnG5riitmtXHG28Mv-fvq1fTDNXTZWcrsezVUQ3Q0AGtdjQEV23oH7hxoCNyALOsjZtX0Lt1bw6pi7AS_zABN-bzP-tA5IFBAgEGAGSBQQIBRgEoAYCgAfN965gqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G9gHAfIHBRDAlYsB0ggJCIDhgBAQARgfgAoByAsB2BMM0BUBmBYBgBcBshccChoIABIUcHViLTc2NTc0Nzg5NjE2NTUwOTkYAA&sigh=1Mqtk3jLWvk

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=2917897793&adk=4252198442&adf=2999737270&pi=t.ma~as.2917897793&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778264&bpp=2&bdt=496&idt=194&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=1021&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=kbF4yhlS3Q&p=https%3A//winbuzzer.com&dtd=197
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 28 Aug 2021 05:32:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 9602836955802249830
tpc.googlesyndication.com/simgad/ Frame EF89 123 KB
123 KB 11ms
9ms Image
image/gif 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9602836955802249830

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=7325153160&adk=3559216694&adf=513266793&pi=t.ma~as.7325153160&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778269&bpp=1&bdt=501&idt=252&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=445&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=XMViNeuuRx&p=https%3A//winbuzzer.com&dtd=259

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8105b01fe0dd7f8435a32697f0f77ce1bb933667a96a12dbb49ba46e55835b47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 06:16:00 GMT
x-content-type-options: nosniff
age: 83819
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126041
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 12:21:11 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Aug 2022 06:16:00 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/ Frame EF89 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1487
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:08:12 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame EF89 2 KB
1 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:32:52 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EF89 122 KB
37 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1067c971caffd7df8cd9067373c51d11760f7222c741238f36df1ca218620ece

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:59 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630063810880246"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 28 Aug 2021 05:32:59 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame EF89 14 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbb80dcea54f7729198af5e295a98e3cacc3a66a7c308cda48625042944170b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:30:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6213
x-xss-protection: 0
server: cafe
etag: 5878208181763659450
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:30:41 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame EF89 26 KB
11 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95141ef1e328eaeb6f8ca6055420f6ced872676bd87f0f414ec2f8fc33e89e90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 12:31:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10782
x-xss-protection: 0
server: cafe
etag: 5294709741162730823
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 10 Sep 2021 12:31:53 GMT

GET
H/1.1 200
OK ai.aspx Show response
m.exactag.com/ Frame EF89 43 B
1 KB 189ms
51ms Fetch
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL

https://m.exactag.com/ai.aspx?extProvId=5&extPu=14058-gaw&extLi=13703487063&extCr=129837160047-540410528785&cb=434843016

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Bottrop, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Sa, 28 Aug 2021 05:32:59 GMT
Server: Microsoft-IIS/8.5
Date: Sat, 28 Aug 2021 05:32:59 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1053
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame EF89 0
0 20ms
18ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CYn7fisopYZK0IcCnx_APkf2AwAfs0vvjZKfb6aT0Dr_hHhABIMXvvyJglQKgAazN46QByAEDqQItLpNDUMqzPqgDAcgDyQSqBJQCT9C7EGCnAJnffQV_ZzzL170rAon3rUlRx2hBbKRqXd6_xV_UDCOAFu6p-vZTO7d8XUJ_d3MKKU2tL1xnkGXmX16VNVQMTGXCS_bG-VeNdbRZ6FFXSC5bkMPgPZV7whr6aPvwcNog9kD1ZmdDunSrN-tHrjY9-EI8Dp80f6SzGqZXrlLqShVUT_XB48FFOFz9IJoYRu0IZ53WsYNs-tYByWUOzFd0YZV3as_nHUbPNpg7Ij14lwku0YdErepbtjZIK5LdNAQPRqQ80IcwB-KHlYFyD4PtIn3GBSMnE-dTgpWjwdf3MlLTUAsuS6ynX3x-N4HKsPyw69BTzQX9zVFi0Op9ZnGcsI4HGeNDCaHpUI3uEGoPwATvrJfX4wOSBQQIBBgBkgUECAUYBKAGA4AHvLKc2wKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQq8hJ0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTc2NTc0Nzg5NjE2NTUwOTkYAA&sigh=55H1QeZuxYU

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=7325153160&adk=3559216694&adf=513266793&pi=t.ma~as.7325153160&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778269&bpp=1&bdt=501&idt=252&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=445&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=XMViNeuuRx&p=https%3A//winbuzzer.com&dtd=259
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 28 Aug 2021 05:32:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2929 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=3576566866&adk=2385268302&adf=4266887281&pi=t.ma~as.3576566866&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778267&bpp=1&bdt=499&idt=229&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=2568&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=HpjuqnbmiK&p=https%3A//winbuzzer.com&dtd=236
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZhKzY5WpA3j_SckQIOrAxtFthyivdqH1S_Qqb9HxTr-rv_t8lawOt5uU7dqQ; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=3576566866&adk=2385268302&adf=4266887281&pi=t.ma~as.3576566866&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778267&bpp=1&bdt=499&idt=229&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=2568&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=HpjuqnbmiK&p=https%3A//winbuzzer.com&dtd=236

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 28 Aug 2021 04:42:58 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3001
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 23DB
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
15ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZhKzY5WpA3j_SckQIOrAxtFthyivdqH1S_Qqb9HxTr-rv_t8lawOt5uU7dqQ; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Aug 2021 05:32:59 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 28-Aug-2021 06:32:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 28 Aug 2021 05:32:59 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Aug 2021 05:32:59 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CDB9 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=2917897793&adk=4252198442&adf=2999737270&pi=t.ma~as.2917897793&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778264&bpp=2&bdt=496&idt=194&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=1021&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=kbF4yhlS3Q&p=https%3A//winbuzzer.com&dtd=197
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZhKzY5WpA3j_SckQIOrAxtFthyivdqH1S_Qqb9HxTr-rv_t8lawOt5uU7dqQ; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=300&slotname=2917897793&adk=4252198442&adf=2999737270&pi=t.ma~as.2917897793&w=640&lmt=1630128778&psa=0&format=640x300&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778264&bpp=2&bdt=496&idt=194&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=294&ady=1021&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=kbF4yhlS3Q&p=https%3A//winbuzzer.com&dtd=197

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 28 Aug 2021 04:42:58 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3001
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js Show response
pagead2.googlesyndication.com/bg/ Frame 9534 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f794ec9acf7dc03b2193204a9d39212625be5c9c48042d7904a7e59904ead1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 14:45:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 139634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13489
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 15:08:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Aug 2022 14:45:45 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 906F 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=7325153160&adk=3559216694&adf=513266793&pi=t.ma~as.7325153160&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778269&bpp=1&bdt=501&idt=252&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=445&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=XMViNeuuRx&p=https%3A//winbuzzer.com&dtd=259
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZhKzY5WpA3j_SckQIOrAxtFthyivdqH1S_Qqb9HxTr-rv_t8lawOt5uU7dqQ; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=7325153160&adk=3559216694&adf=513266793&pi=t.ma~as.7325153160&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778269&bpp=1&bdt=501&idt=252&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=445&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&fsb=1&xpc=XMViNeuuRx&p=https%3A//winbuzzer.com&dtd=259

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 28 Aug 2021 04:42:58 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3001
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D5F2 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2bfb653e6218582d167aadc3643875786b5ae2a682c67ea662b3d011acb22b35

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 79DF 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8db52c0cad5f3fc817a612ce6a25bb46cddf23addc0bfb72fd6bab2198e54c9d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame EF89 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfc077ea53d31dd778e1c3a05f2064afffa9aa1bbd46a0474903d368ca4b31a1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 14300810159970651492
tpc.googlesyndication.com/simgad/ Frame 1309 32 KB
32 KB 7ms
7ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14300810159970651492?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qk4tOeIg954GwAjelZAf4PL7ctbVQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

365d78ab3aec0d755afc6cf45ecb0c377d24e5053d915acbbf55c4667ecc120e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 24 Aug 2021 04:31:15 GMT
x-content-type-options: nosniff
last-modified: Mon, 10 May 2021 21:30:10 GMT
server: sffe
age: 349304
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32615
x-xss-protection: 0
expires: Wed, 24 Aug 2022 04:31:15 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/ Frame 1309 18 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1487
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7645
x-xss-protection: 0
server: cafe
etag: 13200147268341533873
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:08:12 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame 1309 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:32:52 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1309 122 KB
37 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1067c971caffd7df8cd9067373c51d11760f7222c741238f36df1ca218620ece

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:32:59 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630063810880246"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Sat, 28 Aug 2021 05:32:59 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame 1309 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbb80dcea54f7729198af5e295a98e3cacc3a66a7c308cda48625042944170b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 05:30:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6213
x-xss-protection: 0
server: cafe
etag: 5878208181763659450
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 11 Sep 2021 05:30:41 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/ Frame 1309 26 KB
11 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210824/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95141ef1e328eaeb6f8ca6055420f6ced872676bd87f0f414ec2f8fc33e89e90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 12:31:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10782
x-xss-protection: 0
server: cafe
etag: 5294709741162730823
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 10 Sep 2021 12:31:53 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1309 0
0 20ms
20ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CfolzisopYcXJJNip7gOm16fYBa6qtLlk-MrP_oYOv-EeEAEgxe-_ImCVAqABm4jRnwPIAQKpAi0uk0NQyrM-qAMByAPJBKoElgJP0EQ4JDCOWqSbg2pOI01plQCiWmS38MVUe41Z5aGpNu9R3l91cgMCm2W_CsltQMxC7jIOoegzWBnCYsB7EOJEt2y6VGuU1Ol4157BM9SHslWr_8ZB-H3bT-g-iqAfJLXmDMKOrhmxSntRic9UMRV68OA1rRQBjzGM9iBNcKxjnN_8zPwfl6KF8yg2Th3rkuX7huPhH-bz9YLrafURxHDKxY2hCI6UGR7l4tXnpa3IsMWF_-Tyd4FCwZMjn56Ed5uIK_TywWH1xggU24OJLnR_uv4YU-aomBSkG6kw-YROVAwnT_Ve0PgIvbFUUVE3oqKHTBgtPk-4NB0DkMZmyuk_vLqK2ngy-053yg5QkF8dLHBcLYs3asAE35vM_60DkgUECAQYAZIFBAgFGASgBgKAB833rmCoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwUQvt6RAdIICQiA4YAQEAEYH4AKAcgLAdgTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi03NjU3NDc4OTYxNjU1MDk5GAA&sigh=1kgpF1bXcGA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 28 Aug 2021 05:32:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2929
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZhKzY5WpA3j_SckQIOrAxtFthyivdqH1S_Qqb9HxTr-rv_t8lawOt5uU7dqQ; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Aug 2021 05:32:59 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 28-Aug-2021 06:32:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 28 Aug 2021 05:32:59 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Aug 2021 05:32:59 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js Show response
pagead2.googlesyndication.com/bg/ Frame 5ACD 35 KB
13 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f794ec9acf7dc03b2193204a9d39212625be5c9c48042d7904a7e59904ead1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 14:45:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 139634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13489
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 15:08:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Aug 2022 14:45:45 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CDB9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
15ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZhKzY5WpA3j_SckQIOrAxtFthyivdqH1S_Qqb9HxTr-rv_t8lawOt5uU7dqQ; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Aug 2021 05:32:59 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 28-Aug-2021 06:32:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 28 Aug 2021 05:32:59 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Aug 2021 05:32:59 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 906F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZhKzY5WpA3j_SckQIOrAxtFthyivdqH1S_Qqb9HxTr-rv_t8lawOt5uU7dqQ; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Aug 2021 05:32:59 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 28-Aug-2021 06:32:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 28 Aug 2021 05:32:59 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Aug 2021 05:32:59 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js Show response
pagead2.googlesyndication.com/bg/ Frame 1C21 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f794ec9acf7dc03b2193204a9d39212625be5c9c48042d7904a7e59904ead1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 14:45:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 139634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13489
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 15:08:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Aug 2022 14:45:45 GMT

GET
H3-29 200 D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js Show response
pagead2.googlesyndication.com/bg/ Frame 6ADC 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f794ec9acf7dc03b2193204a9d39212625be5c9c48042d7904a7e59904ead1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 14:45:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 139634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13489
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 15:08:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Aug 2022 14:45:45 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B31F 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZhKzY5WpA3j_SckQIOrAxtFthyivdqH1S_Qqb9HxTr-rv_t8lawOt5uU7dqQ; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 28 Aug 2021 04:42:58 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3001
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1309 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6528d6487d2e527709a66f46292f55ab363e134ff2198a9567690b3ebbb21d1f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B31F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkZhKzY5WpA3j_SckQIOrAxtFthyivdqH1S_Qqb9HxTr-rv_t8lawOt5uU7dqQ; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Aug 2021 05:32:59 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 28-Aug-2021 06:32:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 28 Aug 2021 05:32:59 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Aug 2021 05:32:59 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js Show response
pagead2.googlesyndication.com/bg/ Frame DAD2 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/D3lOyaz33AOyGTIEqdOSEmJb5cnEgELXkEp-WZBOrR0.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7657478961655099&output=html&h=280&slotname=2755352769&adk=3468080664&adf=1049424552&pi=t.ma~as.2755352769&w=336&lmt=1630128778&psa=0&format=336x280&url=https%3A%2F%2Fwinbuzzer.com%2F2021%2F08%2F24%2Fmicrosoft-exchange-server-lockfile-ransomware-targets-windows-domains-xcxwbn%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630128778272&bpp=1&bdt=504&idt=307&shv=r20210819&mjsv=m202108240101&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C0x0%2C640x300%2C640x300%2C336x280%2C336x280&nras=1&correlator=7932359310696&frm=20&pv=1&ga_vid=301368213.1630128778&ga_sid=1630128778&ga_hid=777569712&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1010&ady=2278&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44747621%2C182982000%2C31062297&oid=3&pvsid=4303088311706858&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=7&uci=a!7&btvi=3&fsb=1&xpc=eiDimnRVOP&p=https%3A//winbuzzer.com&dtd=311

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f794ec9acf7dc03b2193204a9d39212625be5c9c48042d7904a7e59904ead1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 14:45:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 139634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13489
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 15:08:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 26 Aug 2022 14:45:45 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9E17 42 B
64 B 17ms
17ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstJIK5nB1EQAfQsb_73nRTetNDAm6z5irkBucTI_Z28GrmTod4oMjXd8j9VAnQoiX-fwNtiSAJXiIw23yFBhWdLbESbZfMbivc-UTI9Mzz0nNQFRSzkwkQYLHMXdw&sai=AMfl-YSq8L1N2rUb7GP2_BGRW509wsw93fvrVR8vz4QM7dQl3UqMrz_izyXFiL7SDPTvpKHlWisQN85wDZG0&sig=Cg0ArKJSzIcVboCIG21SEAE&id=lidar2&mcvt=1000&p=469,380,529,848&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210827&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=392949917&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630128778423&rpt=839&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 28 Aug 2021 05:33:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D5F2 42 B
64 B 17ms
16ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6IjZw_UAW4qqHycw4z3KKOh2QIL6kvcsU6TZquWctAYPA2Sj1NaREqUjK6bvd8NZBRfVUSX51FBa7fLR_svrkHBQLM02uzmKa-km6y7TZwDMeY0hyhPKB-_Xgpg&sai=AMfl-YS6Rx013E2ACkWWI8eCRr6hrOMhR-9ZlznhHWzcfe8HtbBqM6AsVYB5MVMmPOGDuLBWdft1Z5eFTgKc&sig=Cg0ArKJSzI8zPMZ7UDkHEAE&id=lidar2&mcvt=1000&p=1021,434,1321,794&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20210827&bin=7&avms=nio&bs=0,0&mc=0.6&if=1&app=0&itpl=4&adk=4252198442&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630128778462&rpt=1016&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 28 Aug 2021 05:33:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EF89 42 B
64 B 17ms
17ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvVZpMQUIfgltLH098cHivpjmlPxmngcrIEpTIAKDfCLRJ4nvC9e7WnEbj-OoDpKxcEeeTKUX64eZtJVpHHiEDNNCXjPXtlk8NAsBUf4TTjX3VF5nWttQ1Y5iavAQ&sai=AMfl-YTdFVAm3rsvrcnnGInsp0ttWzE7G1rYoyYvKB9gxvgM1mlNQCwoS0cwd-c9gCrQx9WRDP5JIz5DhE9o&sig=Cg0ArKJSzKsj_fgIE1HvEAE&id=lidar2&mcvt=1001&p=445,1010,725,1346&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210827&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=3559216694&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1630128778530&rpt=922&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 28 Aug 2021 05:33:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			winbuzzer.com/	1969-12-31 23:59:59	Name: nitroCachedPage Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cdn-chilj.nitrocdn.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
m.exactag.com
pagead2.googlesyndication.com
partner.googleadservices.com
to.getnitropack.com
tpc.googlesyndication.com
winbuzzer.com
winbuzzer.matomo.cloud
www.google.com
www.googletagservices.com
www.gstatic.com
142.250.186.162
18.196.53.208
2600:9000:21f3:ba00:c:def5:6a80:93a1
2606:4700:3036::6815:2180
2a00:1450:4001:80f::2002
2a00:1450:4001:811::2002
2a00:1450:4001:811::200a
2a00:1450:4001:812::2002
2a00:1450:4001:812::2003
2a00:1450:4001:827::2001
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
2a00:1450:4001:829::2004
85.14.248.91
89.187.169.47
0f794ec9acf7dc03b2193204a9d39212625be5c9c48042d7904a7e59904ead1d
1067c971caffd7df8cd9067373c51d11760f7222c741238f36df1ca218620ece
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1a0403e3229af4ccfe1d8a4b51ea4a9d5f18372e8a5ec8ef980badf9aff965e7
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1ac981142ce898e8beb8e505ede3a459da311b965f1111c24e30cd3eb4f29584
1d7bbe1f0ce37f7e4c162282a14783caaa757dbb96f2e08359a1c46d7ad4875b
20ef55d2c3ce9fb7ce2e46035a56e7b340f67eb84f010f34f3d217a4426df20a
241cb8e71fbe2c03441cd2c8f6c1b13347eee381a506277a1e55c491656d6550
25010517269acfbd579716745eee26bd1c6651eda927009f4285845332f45d94
2528b4d90e862729d4b3938f42753a0a56c08921ae324ef937a92367590ba2cc
29497258eec633c546b8355e75a0f6842f337827f1c9f21a641308b4c3db4ebe
2bfb653e6218582d167aadc3643875786b5ae2a682c67ea662b3d011acb22b35
2fe6468c60114b9fd665dfe1addf0f487d6c51899a65965d581325d6af51b81a
365d78ab3aec0d755afc6cf45ecb0c377d24e5053d915acbbf55c4667ecc120e
384146b657bd0089c100c69894b8200a46e3eaf484dc078826dea0a10dd7380f
445cf651d8eb140a3e1967ce822ff05eeecb9cd7bfdce78e6f4eef6f18479a6a
44cbcf1a1c5c9a93e31f7dc7733768010139827573181e6882ad6af3146608d2
45a87ae0e44e3c24f4fab462d5604a0b84befa34f0349ceb7a91b8674ef3419f
47b2e4e5ae504cbefc5c71d8bab25c4571c65321f1009411150b689dcc2901f5
492fedcb2150db44303b436445a703fa6840c4a72172aa01214ea5444f73835a
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5469740595a44003b8884f40783d63ac3c9b57e1a00ad6f29c4fff55153717de
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
612520f21d6a400738bf3f27cc9331e261a00e6486fbf54abce86b54712a9b50
6528d6487d2e527709a66f46292f55ab363e134ff2198a9567690b3ebbb21d1f
6d65039a5ce97563763563a3870a9ee8c8e81ea748980aad87896cf29eae7367
78015b8bc9937ffd77cf894eaa8c0aaf1d012325a2634c146b4c5433ec46d340
7a0829f65b5378d1b0e2da444ff32f73343984c4e21342f5a7a0f3b9abe5c9c0
8105b01fe0dd7f8435a32697f0f77ce1bb933667a96a12dbb49ba46e55835b47
86004aba5435fd4a14892a5f47e53a870f8e8b815b33737be419bee2bef6080e
8db52c0cad5f3fc817a612ce6a25bb46cddf23addc0bfb72fd6bab2198e54c9d
95141ef1e328eaeb6f8ca6055420f6ced872676bd87f0f414ec2f8fc33e89e90
97df520ae4479370290538d28cc0e46eb6fbc10592bd548b51852f33f1353738
a404cca9d3f1608da89c851dabc22b191242ceaf23f3226dbd96040e119b78c9
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4d2b5c10747a9a02c401ece039329ec75c8a8f1dc4de0c7fb53a4ebde5555e4
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a770ead57b80c1fb6ff3cf765d5e81c3944af3f1279fe3dc52540945f87ab8a9
a986c26c40febdfac5074b57a925fe2d7b901e75b7bcad4a19a5cbe3987b51bf
aeefeaabef6721f20d248c2e1476aa942d9318ea58bf8abffda509f5c7af812e
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b54fd3af961105296e2ede9650bddb03df20fb051372d3c239ac01c31ec84d38
b6e0837e27a4c3d607542e1868d72d8505ced766d6ab3ad20147a181f6321d33
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb718717a1a0c7e3213f0d000b0c88ce6de92c1c523e38b48e76e9e7c605e971
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
c2e0779ff0607339bbd1b913097b5be074b135ff098d13394c773b78d5087aca
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c73e8b2ce278f87831a07c17556d2e74bc5d80455ef3f2518a9c2054af74f0b4
d0425615a616c024dd531b9b0f71b554d44c21827faefc3b32fb7e7a281351d5
d6621200328c67a58e7f049fc077058611d49a8b0462acecdd1f25ef0b20a831
d8952f02c06434f9a5af72ec66e23594ac64ef4daeae5733f51541d7e1eeda72
dbb80dcea54f7729198af5e295a98e3cacc3a66a7c308cda48625042944170b9
dd6c63c14f1d2b5b0a9e2eaed185ca2bfc7cb283b31bbab54240a84f46c3af0a
dfc077ea53d31dd778e1c3a05f2064afffa9aa1bbd46a0474903d368ca4b31a1
e12ca129385ec88177c0fb34c59fd33dd1cd5d4f6531eb1b0b44cab8c3167ac6
e18755e8577306cd44c51912725561a7239ac2c670197b22d9ef8c40528b802f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e87d7c59119397293cf71c27dd7eac13e19f0f3cc3f2b85fc52a74864757b251
ea9ad8f6ace011a694d664482cc6ca0acc2dd86a8d6b684154327ec84c0c95fd
eccc582a306d1166abf3880b2bfcdb1ed98df81cce0ede7b8b7f85dd9d4ec6b2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa57b00f63e53ac16325e94291a7075611bb2cc2df4ceef8bf883a5bab1193d
f2e8c66e15e427b66fb7714dafd0066f604bef6c658b63b115d615e1ec5b8cf9
f55b468f28ed9ab929c9ce8ee98c64e64b77b58456414c6ba2642b99a19abe90
f667a74cdbbaf59ad981e8704ec9e5d41b99de16a03562900f76e9f79bd4611b
fa9cdf9e3f9d95bc258c6aad323775e7d53770eead4c23191a4a2ef5ad66bfa1

winbuzzer.com Open in urlscan Pro 2606:4700:3036::6815:2180 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

124 Requests

99 %HTTPS

73 %IPv6

13 Domains

16 Subdomains

16 IPs

2 Countries

1572 kBTransfer

4206 kBSize

1 Cookies

26 Outgoing links

Redirected requests

124 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 16 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

winbuzzer.com Open in urlscan Pro
2606:4700:3036::6815:2180 Public Scan

Screenshot
Live screenshot

Full Image

124
Requests

99 %
HTTPS

73 %
IPv6

13
Domains

16
Subdomains

16
IPs

2
Countries

1572 kB
Transfer

4206 kB
Size

1
Cookies

124 HTTP transactions
16 data transactions