thecybernewsfeed.com Open in urlscan Pro
2606:4700:3035::ac43:dd76 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
Submission: On August 12 via api (August 12th 2021, 5:25:29 am UTC) from GB

Summary HTTP 74 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 22 IPs in 4 countries across 18 domains to perform 74 HTTP transactions. The main IP is 2606:4700:3035::ac43:dd76, located in United States and belongs to CLOUDFLARENET, US. The main domain is thecybernewsfeed.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 8th 2020. Valid for: a year.

This is the only time thecybernewsfeed.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	2606:4700:303... 2606:4700:3035::ac43:dd76	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
1 1	63.32.201.39 63.32.201.39	16509 (AMAZON-02) (AMAZON-02)
6	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1 1	18.195.172.136 18.195.172.136	16509 (AMAZON-02) (AMAZON-02)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
74	22

11 2606:4700:3035::ac43:dd76 (United States)

ASN13335 (CLOUDFLARENET, US)

thecybernewsfeed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.201.39 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-201-39.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.172.136 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-172-136.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	397 KB
14	doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	79 KB
11	thecybernewsfeed.com thecybernewsfeed.com	150 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	73 KB
4	google.com 1 redirects adservice.google.com www.google.com	1 KB
3	googletagservices.com www.googletagservices.com	102 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	openx.net 2 redirects rtb.openx.net	755 B
2	google.de adservice.google.de	975 B
2	google-analytics.com www.google-analytics.com	19 KB
2	googleapis.com fonts.googleapis.com	1 KB
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	461 B
1	agkn.com 1 redirects d.agkn.com	761 B
1	everesttech.net 1 redirects pixel.everesttech.net	376 B
1	quantserve.com cms.quantserve.com	463 B
1	googleadservices.com partner.googleadservices.com	665 B
1	gravatar.com secure.gravatar.com	2 KB
1	googletagmanager.com www.googletagmanager.com	40 KB
74	18

	Domain	Requested by
17	tpc.googlesyndication.com	thecybernewsfeed.com googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
11	thecybernewsfeed.com	thecybernewsfeed.com
10	pagead2.googlesyndication.com	thecybernewsfeed.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com thecybernewsfeed.com googleads.g.doubleclick.net
6	cm.g.doubleclick.net	googleads.g.doubleclick.net
4	fonts.gstatic.com	fonts.googleapis.com
3	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	www.google.com	1 redirects tpc.googlesyndication.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	fonts.googleapis.com	thecybernewsfeed.com googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	d.agkn.com	1 redirects
1	pixel.everesttech.net	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	www.gstatic.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	secure.gravatar.com	thecybernewsfeed.com
1	www.googletagmanager.com	thecybernewsfeed.com
74	22

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
pinterest.com
www.linkedin.com
threatpost.com
wowlayers.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-12-08` - `2021-12-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh

This page contains 11 frames:

Primary Page: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
Frame ID: C89D29AE004FE91C97FEA95E26D9A822
Requests: 30 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210809/r20190131/zrt_lookup.html
Frame ID: 350C912EDA5B5427EFDF8B50A7D0CE69
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&adk=1812271804&adf=3025194257&lmt=1628745910&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fech0raix-ransomware-variant-targets-qnap-synology-nas-devices%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628745910483&bpp=4&bdt=435&idt=71&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5064252320946&frm=20&pv=2&ga_vid=1924358167.1628745911&ga_sid=1628745911&ga_hid=1296604982&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062248&oid=3&pvsid=3364193868409131&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=91
Frame ID: 90C8CA2E489824C56628F8F2AACA2106
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&h=280&adk=1393234796&adf=4092543358&pi=t.aa~a.1625790081~rp.1&w=1060&fwrn=4&fwrnh=100&lmt=1628745910&rafmt=1&to=qs&pwprc=6831576490&tp=site_kit&psa=0&format=1060x280&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fech0raix-ransomware-variant-targets-qnap-synology-nas-devices%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628745910919&bpp=4&bdt=870&idt=4&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da761a4c383c2862e-22b60143a5c900a3%3AT%3D1628745910%3ART%3D1628745910%3AS%3DALNI_MYwY1ICVbDBGqStKgSkepcNfXF-FA&prev_fmts=0x0&nras=2&correlator=5064252320946&frm=20&pv=1&ga_vid=1924358167.1628745911&ga_sid=1628745911&ga_hid=1296604982&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=270&ady=1684&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062248&oid=3&pvsid=3364193868409131&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=nawdxoby5j&p=https%3A//thecybernewsfeed.com&dtd=16
Frame ID: B45AC0A17942EB1584B5E0F740DA3C6A
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210809/r20110914/zrt_lookup.html?fsb=1
Frame ID: 06004C04413F5870ECDA95BAED9F3E07
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/index.html
Frame ID: 4B5C65FE7AE0C3FD55DD08EDD0F696C6
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: DA6B764F341FE5C9C220454DCC7703DF
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9E6183D49056218E3EDE4D371FEAA7B2
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js
Frame ID: E1FDECC6E89FFD3EEBCD21FF8A0EFA84
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 5179F5C77DF3FFB87305660EE743575E
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B16A33CDF2A78EC100FAACEF993BF5A0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /react.*\.js/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

74
Requests

99 %
HTTPS

73 %
IPv6

18
Domains

22
Subdomains

22
IPs

4
Countries

866 kB
Transfer

2064 kB
Size

7
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fech0raix-ransomware-variant-targets-qnap-synology-nas-devices%2F
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=eCh0raix+Ransomware+Variant+Targets+QNAP%2C+Synology+NAS+Devices&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fech0raix-ransomware-variant-targets-qnap-synology-nas-devices%2F
Title:

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fech0raix-ransomware-variant-targets-qnap-synology-nas-devices%2F&description=eCh0raix+Ransomware+Variant+Targets+QNAP%2C+Synology+NAS+Devices
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fech0raix-ransomware-variant-targets-qnap-synology-nas-devices%2F&title=eCh0raix+Ransomware+Variant+Targets+QNAP%2C+Synology+NAS+Devices&summary=Timeline.+As+far+as+unit+42+can+determine%2C+there%26%23039%3Bs+been+no+analysis+yet+of+malware+samples+that+would+show+eCh0raix+ransomware+targeting+Synology%26nbsp%3B%26%238230%3BThis+article+was+originally+published+here
Title:

Search URL Search Domain Scan URL

URL: https://threatpost.com/ech0raix-ransomware-variant-qnap-synology-nas-devices/168516/
Title: here

Search URL Search Domain Scan URL

URL: https://wowlayers.com/
Title: WOWLayers.com

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 61

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJiYoLNbOEOHNHaEmRcJjdNaZX6D_7IzF2vDfG1SAmCBuxacDfaXmUcrD16YHsm1sPLGp359NpxBaqCUsS8uSNc6oGAFhKN&google_gid=CAESEPo-Y4c5tyw7SP734DYFJiQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVJTd3R3QUFCUEN6b1M3Uw&google_push=AYg5qPJiYoLNbOEOHNHaEmRcJjdNaZX6D_7IzF2vDfG1SAmCBuxacDfaXmUcrD16YHsm1sPLGp359NpxBaqCUsS8uSNc6oGAFhKN

Request Chain 62

https://d.agkn.com/pixel/2175/?google_gid=CAESEAj1wuEH-A68KOaDQKPoQS8&google_cver=1&google_push=AYg5qPJSZ8J7JjdxOfFgqgFsH54vi6BxegZce7sXW4tjFAkzgXTjx2Sr171bRNQotuc1_AmLb2bUznkTGL6b0Oi9N21n0qRUtd75 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJSZ8J7JjdxOfFgqgFsH54vi6BxegZce7sXW4tjFAkzgXTjx2Sr171bRNQotuc1_AmLb2bUznkTGL6b0Oi9N21n0qRUtd75&google_hm=Q0FFU0VBajF3dUVILUE2OEtPYURRS1BvUVM4

Request Chain 63

https://rtb.openx.net/sync/dds?google_gid=CAESEAZrzFnyeYuxaWC7Yc7FBMk&google_cver=1&google_push=AYg5qPLjot7lZfpCFazVKis7Oh5_q573Qcy_sCMegnpCf0mrL2RD7i8X3g1oE_Kywo1Hmg4F182gfcMaAYVhYCY58a1uZl7ENGQ HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEAZrzFnyeYuxaWC7Yc7FBMk&google_cver=1&google_push=AYg5qPLjot7lZfpCFazVKis7Oh5_q573Qcy_sCMegnpCf0mrL2RD7i8X3g1oE_Kywo1Hmg4F182gfcMaAYVhYCY58a1uZl7ENGQ&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLjot7lZfpCFazVKis7Oh5_q573Qcy_sCMegnpCf0mrL2RD7i8X3g1oE_Kywo1Hmg4F182gfcMaAYVhYCY58a1uZl7ENGQ&google_hm=KyeMNHZnxxMxlUylRA224Q==

Request Chain 64

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPh_s9MF1CMwWQxs7HUH3iQ&google_cver=1&google_push=AYg5qPIzQ4qhFfQWqz4p4w0XSA6bIlVgs0BCKwdkoz6xkCBmAThYusWwyDiq2cVY6dQ5nbwyqC_bMXgBxN8hQkyCaQqonX4OHI8f HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPh_s9MF1CMwWQxs7HUH3iQ&google_cver=1&google_push=AYg5qPIzQ4qhFfQWqz4p4w0XSA6bIlVgs0BCKwdkoz6xkCBmAThYusWwyDiq2cVY6dQ5nbwyqC_bMXgBxN8hQkyCaQqonX4OHI8f&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0glxF5PlRg-fIagdhMoSeA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIzQ4qhFfQWqz4p4w0XSA6bIlVgs0BCKwdkoz6xkCBmAThYusWwyDiq2cVY6dQ5nbwyqC_bMXgBxN8hQkyCaQqonX4OHI8f

Request Chain 65

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENm_TSGG5HVQZvUpDTmgvT4&google_cver=1&google_push=AYg5qPKzPDIQtsCohAvx_F365s1C1fe0H5Aoo5F4ubs3L385FVT3WVyAkYTnIFE5kH3iMaWU_mGG9MpTmS6p7tnbZEB6ARnWX_rt HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1M4SDlHV0UtMUktRFFKTQ==&google_push=AYg5qPKzPDIQtsCohAvx_F365s1C1fe0H5Aoo5F4ubs3L385FVT3WVyAkYTnIFE5kH3iMaWU_mGG9MpTmS6p7tnbZEB6ARnWX_rt

Request Chain 66

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc=

74 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/ 39 KB
11 KB 5272ms
5199ms Document
text/html 2606:4700:3035::ac43:dd76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8348bb1076ca41e3ec8bcf72a82c60c7a652f5659fc3fef6bffe95f9dab26fd

Request headers

:method: GET
:authority: thecybernewsfeed.com
:scheme: https
:path: /malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-type: text/html; charset=UTF-8
link: <https://thecybernewsfeed.com/wp-json/>; rel="https://api.w.org/", <https://thecybernewsfeed.com/wp-json/wp/v2/posts/120586>; rel="alternate"; type="application/json", <https://thecybernewsfeed.com/?p=120586>; rel=shortlink
x-cache: MISS from lin-10-170-0-63.gridhost.co.uk
x-cache-lookup: MISS from lin-10-170-0-63.gridhost.co.uk:3128
set-cookie: DYNSRV=lin-10-170-0-63; path=/
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GpPpo4l9sYxw6sX33%2Be3cNT7Jq7NYiBQOvXGDLIVT3Elnrk8Y5nuZ1ce0zpZdO8j%2BmJsQHzt%2F3UqF9dVAHOoSUUd4UzHBzi8l04YY0BG0f240mlk3lczIWlsRuk3T54waKuo8Ro8s4LuexVUOMwMMuMSZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d747f16b3cdab4-ARN
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 style.css
thecybernewsfeed.com/wp-content/themes/fasto/ 51 KB
13 KB 181ms
135ms Stylesheet
text/css 2606:4700:3035::ac43:dd76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-content/themes/fasto/style.css?ver=1.0
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f072795ef49893425d1998bfe539b5d1ccfbe7cccb46adeba443a9c1ca94361

Request headers

:path: /wp-content/themes/fasto/style.css?ver=1.0
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-63
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5
x-cache: MISS from lin-10-170-0-23.gridhost.co.uk
x-cache-lookup: MISS from lin-10-170-0-23.gridhost.co.uk:3128
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 18 May 2020 21:09:24 GMT
server: cloudflare
etag: W/"6c42aafd-cdc1-5a5f293d27457"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kf02UvvIIKw8G3nGWG8Xd9c5%2FXx%2Bre%2BCvRYxJniKUzs6i9T%2F7zD63ThPb%2BRqkl8bQO2qrE5Rt%2BZEZZvSXD0U1RwGsQNehIB6QfRIdeyHRfso8PmSdbJNaPd2rHkRdy5F97%2B%2FXuqcOUjvFPAsjSgIH5xE6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d7481328e715f0-ARN

GET
H2 200 css
fonts.googleapis.com/ 4 KB
729 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A700%7CRoboto%3A400&display=swap&ver=5.8

Requested by

Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 12 Aug 2021 05:25:10 GMT
server: ESF
date: Thu, 12 Aug 2021 05:25:10 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 12 Aug 2021 05:25:10 GMT

GET
H3-29 200 style.min.css
thecybernewsfeed.com/wp-includes/css/dist/block-library/ 79 KB
11 KB 141ms
96ms Stylesheet
text/css 2606:4700:3035::ac43:dd76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.8
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-63
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5
x-cache: MISS from lin-10-170-0-23.gridhost.co.uk
x-cache-lookup: MISS from lin-10-170-0-23.gridhost.co.uk:3128
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 09:13:16 GMT
server: cloudflare
etag: W/"6c2d33f2-13abe-5c8a41899efe5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jT1FSC%2BoIIagcSeG%2BHk8%2Fl9VlsI91TOJZ1rWQGXgdFktOJBsPnniaX3er15eI30Ge6kUT6%2BmVBp0l0UC8SkyZmbhzhIXgcjBFr5hOVVzfZ%2BFMmK1szGvhZOh%2BhwogeNdjGdXc%2FifexTijVL5%2BohsbF7DlA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 67d7481328dc15f0-ARN

GET
H3-29 200 jquery.min.js Show response
thecybernewsfeed.com/wp-includes/js/jquery/ 87 KB
32 KB 98ms
53ms Script
application/javascript 2606:4700:3035::ac43:dd76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

:path: /wp-includes/js/jquery/jquery.min.js?ver=3.6.0
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-63
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5
x-cache: MISS from lin-10-170-0-23.gridhost.co.uk
x-cache-lookup: MISS from lin-10-170-0-23.gridhost.co.uk:3128
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 09:13:15 GMT
server: cloudflare
etag: W/"e382ebe-15db1-5c8a4188cdeab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wUkNJ34EMdmccgslSTc8CoRxF0Q6gyPK7SyhZp4Xz5lmaT0HtY%2F6umw7n2Fe%2FmjZsk2oBeSWkZyvgaEya5WlfsjL%2BREYFJza0fgHdgccEtcKnpQ4iJEhJWU5jWqk%2FJ7atLfItOS6Kdlsnk4rdfCjDHsw6A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 67d7481328e615f0-ARN

GET
H3-29 200 jquery-migrate.min.js Show response
thecybernewsfeed.com/wp-includes/js/jquery/ 11 KB
5 KB 143ms
98ms Script
application/javascript 2606:4700:3035::ac43:dd76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

:path: /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-63
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5
x-cache: MISS from lin-10-170-0-23.gridhost.co.uk
x-cache-lookup: MISS from lin-10-170-0-23.gridhost.co.uk:3128
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sun, 21 Feb 2021 08:12:32 GMT
server: cloudflare
etag: W/"52d9904-2bd8-5bbd43f452cb9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xvt0kGyoC6hb2uy988n4bb7vOvTwN1mWxLrjYhAxPFMiDXBFvmNpnkjB3n3HSONQadTFq1T1by1I3bNBRjc5y3KSx%2F2thCmDADhmkJ3yXNnT3NS2TWKivm9bvtLvFCD96PIseflE5JqH8zKtBDJQPDhOdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 67d7481328e315f0-ARN

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 100 KB
40 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-71847049-2

Requested by

Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1e4100882681021e831496496e00c155919a6d232110fcea6555375b898b0e23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40853
x-xss-protection: 0
last-modified: Thu, 12 Aug 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Aug 2021 05:25:10 GMT

GET
H3-29 200 wp-emoji-release.min.js Show response
thecybernewsfeed.com/wp-includes/js/ 18 KB
5 KB 55ms
55ms Script
application/javascript 2606:4700:3035::ac43:dd76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=5.8
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-63
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4
x-cache: MISS from lin-10-170-0-23.gridhost.co.uk
x-cache-lookup: MISS from lin-10-170-0-23.gridhost.co.uk:3128
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 03 Aug 2021 09:13:15 GMT
server: cloudflare
etag: W/"52d99dd-4705-5c8a418884211"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VNQ0%2BO%2FFPipbYCuDeNwYFWPnAzH2ykLAhsBF7gb53nFQdv9hLnapLqQbJh9L1Iic7NZo8ULlh15MbuCACFkyizbuxfypAHqTbGDMyXU4pqLFsQoDeTEJhoqw%2FP8ruPagBk8DUAbFIukfeVIHD5Y16PK%2B5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 67d748140b8515f0-ARN

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
49 KB 46ms
25ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7d1ad6799d69e6b2554f3ca7b64411f5f3ca8e4e62e45a746421d8cdbc665e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49886
x-xss-protection: 0
server: cafe
etag: 7032553261440607969
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 05:25:10 GMT

GET
H3-29 200 cropped-93472-scaled-2.jpg
thecybernewsfeed.com/wp-content/uploads/2020/05/ 65 KB
65 KB 76ms
75ms Image
image/jpeg 2606:4700:3035::ac43:dd76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thecybernewsfeed.com/wp-content/uploads/2020/05/cropped-93472-scaled-2.jpg
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 001bfcd7d6260cf429f2ad3dc28067ab53e6e5200155ecd6c0a7acd575a53d7f

Request headers

:path: /wp-content/uploads/2020/05/cropped-93472-scaled-2.jpg
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-63
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
x-cache-lookup: MISS from lin-10-170-0-23.gridhost.co.uk:3128
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4
x-cache: MISS from lin-10-170-0-23.gridhost.co.uk
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 66260
last-modified: Sun, 31 May 2020 10:32:45 GMT
server: cloudflare
etag: "1b21d356-102d4-5a6ef32f107c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VmUxaIoDcaeNS6sHTMgA6j9vCRRORBBkA31P6XXW9JGvFxPc8oYBSO8cmWxQqiMxnkPBDNRjCBpULJoERnKNpfTPW%2FydVh1s9QgEUyJV17eVbk4%2BSA%2BXE9tXNXZvdHihEg8GIsdq53sBB94mf2NshRWQ0A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d748141bae15f0-ARN

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 8ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A700%7CRoboto%3A400&display=swap&ver=5.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://thecybernewsfeed.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 18:26:24 GMT
x-content-type-options: nosniff
age: 212326
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 18:26:24 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
16 KB 9ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A700%7CRoboto%3A400&display=swap&ver=5.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://thecybernewsfeed.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 12:00:01 GMT
x-content-type-options: nosniff
age: 149109
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 12:00:01 GMT

GET
H2 200 652e6a622ca3aa8a2002e0c42f979c4e
secure.gravatar.com/avatar/ 1 KB
2 KB 19ms
5ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/652e6a622ca3aa8a2002e0c42f979c4e?s=80&d=mm&r=g
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 4faa1d5635283a0d49e1933de318b24491751c9a3ccf2fe404b9137929e3eb86

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 12 Aug 2021 05:25:10 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="652e6a622ca3aa8a2002e0c42f979c4e.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/652e6a622ca3aa8a2002e0c42f979c4e?s=80&d=mm&r=g>; rel="canonical"
content-length: 1323
expires: Thu, 12 Aug 2021 05:30:10 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-71847049-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 6516
date: Thu, 12 Aug 2021 03:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 12 Aug 2021 05:36:34 GMT

GET
H3-29 200 placeholder-4.png
thecybernewsfeed.com/wp-content/themes/fasto/images/ 2 KB
2 KB 43ms
43ms Image
image/png 2606:4700:3035::ac43:dd76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thecybernewsfeed.com/wp-content/themes/fasto/images/placeholder-4.png
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6513585441b8e6f73cb020fec38b98e64b4ab966282d376469a495fa288a1228

Request headers

:path: /wp-content/themes/fasto/images/placeholder-4.png
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-63
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
x-cache-lookup: MISS from lin-10-170-0-23.gridhost.co.uk:3128
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4
x-cache: MISS from lin-10-170-0-23.gridhost.co.uk
cf-cache-status: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1554
last-modified: Mon, 18 May 2020 21:09:24 GMT
server: cloudflare
etag: "6c42ab08-612-5a5f293d2e7f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wQ%2F1aRS5xuW1VowVPD1X13r749P9dxmlvGku9gg35gTVkQjc0mv3ucL8JpyziUkHNZwQQ%2Fn9j928a91WsRbwQStXkxp4ccojk7%2FTgTXUFYkGg3hcjGmofJNj0Aw77ec5HEzvzaGgdw93Vq9E4IQIL6L70g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 67d748148cbc15f0-ARN

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108100101/ 252 KB
93 KB 43ms
29ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1463153293518774&plah=thecybernewsfeed.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d05921972a05d43b86b07c7e074afff197f96c2f953a9f8595c2b59ba34cc3d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95570
x-xss-protection: 0
server: cafe
etag: 10066065015092213272
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 05:25:10 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210809/r20190131/ Frame 350C 10 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210809/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5f3085127d154cbd72e219052312767d460633fafa6e38bb9a9446ddb03a270

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210809/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thecybernewsfeed.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://thecybernewsfeed.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 11 Aug 2021 21:06:33 GMT
expires: Wed, 25 Aug 2021 21:06:33 GMT
content-type: text/html; charset=UTF-8
etag: 8999110079160743657
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4576
x-xss-protection: 0
age: 29917
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 email-decode.min.js Show response
thecybernewsfeed.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 41ms
41ms Script
application/javascript 2606:4700:3035::ac43:dd76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thecybernewsfeed.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:dd76 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-63
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 12:35:03 GMT
server: cloudflare
etag: W/"610bdaf7-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=99jV2sS%2FDMPEYces9Ah9QiaeZdDLgIkWzHWb54HCHBPpSKcxSSpg6o02kc%2BOswfTXgjIsziWIbBLkMMGtdTzo17DclGlz%2FzWEPGJ5xFIA12V0jjpXM7iNvzNel7e7fRNA8SU1193cttxv8LPc3wTLSUTKA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 67d74814cd5415f0-ARN
vary: Accept-Encoding
expires: Sat, 14 Aug 2021 05:25:10 GMT

GET
H3-29 200 scripts.js Show response
thecybernewsfeed.com/wp-content/themes/fasto/js/ 8 KB
3 KB 51ms
50ms Script
application/javascript 2606:4700:3035::ac43:dd76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-content/themes/fasto/js/scripts.js?ver=5.8
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a7c97a046515bc0d58203d54c8100496f7a334306af34fa1b29ce68b3488a86

Request headers

:path: /wp-content/themes/fasto/js/scripts.js?ver=5.8
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-63
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4
x-cache: MISS from lin-10-170-0-23.gridhost.co.uk
x-cache-lookup: MISS from lin-10-170-0-23.gridhost.co.uk:3128
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 18 May 2020 21:09:24 GMT
server: cloudflare
etag: W/"6c42ab12-21db-5a5f293d3470e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ictidhSP5JhOa7INUjSVeVGBd%2BHJpBHKhNvdttANEMofpQbKul9zh83a%2FvGAz9a1XJcwXHFG%2FWHQ0T9VNKumi%2BvnCZVwJ%2Fp4gbynR6Ps5J8bH6mQjUeFX4Ppo43n1dFCO8LlGuEX%2BZYIqUfVfeGkvMJsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 67d74814cd5915f0-ARN

GET
H3-29 200 wp-embed.min.js Show response
thecybernewsfeed.com/wp-includes/js/ 1 KB
1 KB 108ms
107ms Script
application/javascript 2606:4700:3035::ac43:dd76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thecybernewsfeed.com/wp-includes/js/wp-embed.min.js?ver=5.8
Requested by: Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:dd76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=5.8
pragma: no-cache
cookie: DYNSRV=lin-10-170-0-63
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: thecybernewsfeed.com
referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4
x-cache: MISS from lin-10-170-0-23.gridhost.co.uk
x-cache-lookup: MISS from lin-10-170-0-23.gridhost.co.uk:3128
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sun, 21 Feb 2021 08:12:33 GMT
server: cloudflare
etag: W/"52d98d9-592-5bbd43f505af8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wWoENAZR%2FluMPZ12rq4xe%2FI17DGXLQHwm32QQyGdT%2Bydv1vHuPiHcfVMvQPa3VKpAdaq1Y2ne17Rjdc9vh8E%2BMvUCDkcQheNIdqmaLusUUEmgE2YQWEnc0wnB7JpFSN%2F2BTHEdGw1CLXPfzpVaotVM16Ng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 67d74814cd5d15f0-ARN

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 27ms
13ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&aip=1&a=1296604982&t=pageview&_s=1&dl=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fech0raix-ransomware-variant-targets-qnap-synology-nas-devices%2F&ul=en-us&de=UTF-8&dt=eCh0raix%20Ransomware%20Variant%20Targets%20QNAP%2C%20Synology%20NAS%20Devices%20-%20The%20Cyber%20News%20Feed&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACUABBAAAAC~&jid=1345557882&gjid=955604555&cid=1924358167.1628745911&tid=UA-71847049-2&_gid=618397769.1628745911&_r=1&gtm=2ou8b0&did=dZTNiMT&z=1935676662

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 12 Aug 2021 05:25:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://thecybernewsfeed.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 210 B
665 B 183ms
64ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=thecybernewsfeed.com&callback=_gfp_s_&client=ca-pub-1463153293518774

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1463153293518774&plah=thecybernewsfeed.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

15f136c7a0f852a5232676505f21551be2984ffb857239b3bf5b55521ad027aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 200
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 36ms
16ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=thecybernewsfeed.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
317 B 15ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=thecybernewsfeed.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 90C8 131 KB
40 KB 312ms
311ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&adk=1812271804&adf=3025194257&lmt=1628745910&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fech0raix-ransomware-variant-targets-qnap-synology-nas-devices%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628745910483&bpp=4&bdt=435&idt=71&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5064252320946&frm=20&pv=2&ga_vid=1924358167.1628745911&ga_sid=1628745911&ga_hid=1296604982&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062248&oid=3&pvsid=3364193868409131&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=91

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a6aa889d20cbd3a54c4dc09d5a6366a6928d7db46b78b8fc3242e571d4cde46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1463153293518774&output=html&adk=1812271804&adf=3025194257&lmt=1628745910&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fech0raix-ransomware-variant-targets-qnap-synology-nas-devices%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628745910483&bpp=4&bdt=435&idt=71&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5064252320946&frm=20&pv=2&ga_vid=1924358167.1628745911&ga_sid=1628745911&ga_hid=1296604982&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062248&oid=3&pvsid=3364193868409131&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=91
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thecybernewsfeed.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://thecybernewsfeed.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 12 Aug 2021 05:25:10 GMT
server: cafe
content-length: 40568
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 12-Aug-2021 05:40:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 12 Aug 2021 05:25:10 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 48ms
28ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eecda7280d7a8779cb5ff8bf7459b430bf970052106a1c4b186ff2eddd8c82d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508781313717"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27998
x-xss-protection: 0
expires: Thu, 12 Aug 2021 05:25:10 GMT

GET
H3-29 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108100101/ 145 KB
52 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108100101/reactive_library_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f8098ca7913e9596af5cd8f3f5547ab95dd70c8020a7f159db715aa66a5c9f44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53275
x-xss-protection: 0
server: cafe
etag: 6303077415426690211
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 05:25:10 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 29ms
14ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=thecybernewsfeed.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 25ms
23ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=thecybernewsfeed.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 Aug 2021 05:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B45A 83 KB
28 KB 744ms
744ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&h=280&adk=1393234796&adf=4092543358&pi=t.aa~a.1625790081~rp.1&w=1060&fwrn=4&fwrnh=100&lmt=1628745910&rafmt=1&to=qs&pwprc=6831576490&tp=site_kit&psa=0&format=1060x280&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fech0raix-ransomware-variant-targets-qnap-synology-nas-devices%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628745910919&bpp=4&bdt=870&idt=4&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da761a4c383c2862e-22b60143a5c900a3%3AT%3D1628745910%3ART%3D1628745910%3AS%3DALNI_MYwY1ICVbDBGqStKgSkepcNfXF-FA&prev_fmts=0x0&nras=2&correlator=5064252320946&frm=20&pv=1&ga_vid=1924358167.1628745911&ga_sid=1628745911&ga_hid=1296604982&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=270&ady=1684&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062248&oid=3&pvsid=3364193868409131&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=nawdxoby5j&p=https%3A//thecybernewsfeed.com&dtd=16

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0959fd5221c31132fe958b4fe241d928d4b0debf5ac3a81ae13bb69ffbc5a3e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1463153293518774&output=html&h=280&adk=1393234796&adf=4092543358&pi=t.aa~a.1625790081~rp.1&w=1060&fwrn=4&fwrnh=100&lmt=1628745910&rafmt=1&to=qs&pwprc=6831576490&tp=site_kit&psa=0&format=1060x280&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fech0raix-ransomware-variant-targets-qnap-synology-nas-devices%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628745910919&bpp=4&bdt=870&idt=4&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da761a4c383c2862e-22b60143a5c900a3%3AT%3D1628745910%3ART%3D1628745910%3AS%3DALNI_MYwY1ICVbDBGqStKgSkepcNfXF-FA&prev_fmts=0x0&nras=2&correlator=5064252320946&frm=20&pv=1&ga_vid=1924358167.1628745911&ga_sid=1628745911&ga_hid=1296604982&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=270&ady=1684&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062248&oid=3&pvsid=3364193868409131&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=nawdxoby5j&p=https%3A//thecybernewsfeed.com&dtd=16
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thecybernewsfeed.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://thecybernewsfeed.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 12 Aug 2021 05:25:11 GMT
server: cafe
content-length: 29001
x-xss-protection: 0
set-cookie: IDE=AHWqTUlH_VlI4QxLUOS2yOwL4dQeTbU3Nc0epLnzgC6tsrBQo8qJJejl9inpWebyuAg; expires=Tue, 06-Sep-2022 05:25:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 12 Aug 2021 05:25:11 GMT
cache-control: private

GET
H3-29 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210809/r20110914/ Frame 0600 10 KB
4 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210809/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5f3085127d154cbd72e219052312767d460633fafa6e38bb9a9446ddb03a270

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210809/r20110914/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thecybernewsfeed.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://thecybernewsfeed.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 11 Aug 2021 21:06:34 GMT
expires: Wed, 25 Aug 2021 21:06:34 GMT
content-type: text/html; charset=UTF-8
etag: 8999110079160743657
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4576
x-xss-protection: 0
age: 29916
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/ Frame 4B5C 15 KB
5 KB 35ms
12ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/index.html

Requested by

Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ec1181f87f40a4f58909ef55bb7841f765596a67b84b2a27c0a7d567e601210

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/16489952301615999136/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3676
date: Fri, 06 Aug 2021 18:01:12 GMT
expires: Sat, 06 Aug 2022 18:01:12 GMT
last-modified: Tue, 20 Apr 2021 01:39:38 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 473039
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0600 0
0 17ms
17ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C0IbItrAUYcHLJLXV7_UPkMqA0AH21YuJZLrioPfWDbPMk-qPJxABIIWSuSxglQKgAa6ezLsCyAEJqQIJLcGcObKzPqgDAcgDSKoEkAJP0I5PfxbJlEmP22zzQkhnInltvZbCEMI4k7dtGuQxJWecWl6S5t5fZmAG_HVvL7IalS2_rLdfDqzj_t6TnIBlkE3qNOLHiWNbb_ED6vd3Hde85zxbDUiFlOIxldvwOL9TTkWvr0MLo3Sm9_QDr76P_T9TpvTEriJzeQPnJhRNye7_NFf182m-mweauuQii8H9rpxep3-_A_98bdpkLjl_KlbeKNUT0vjQYOZyFuP02Ir7MgFBAnRRp7cFpY9UA6PS6wmp_T7gFRF8ZzGy1-kbWNLHGD6CP2FmaJPfQC0IzKMv-j8vAgXk2hl0U2XsjUudYWywHMEM_VZH1w7pFm_AqBSmwFXXJX6SYU8fqxUKcsAElIyppLoDkgUECAQYAZIFBAgFGASgBi6AB6yG1YMCqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEPTJJ9IICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi0xNDYzMTUzMjkzNTE4Nzc0GAA&sigh=qqgkjYI7agA&template_id=419

Requested by

Host: thecybernewsfeed.com
URL: https://thecybernewsfeed.com/malware/ech0raix-ransomware-variant-targets-qnap-synology-nas-devices/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20210809/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 12 Aug 2021 05:25:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 12 Aug 2021 05:25:11 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/ Frame 0600 18 KB
8 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210809/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83cd4afc0672833e8ac46854de805cda18237894e6d5193111af3e2e866a7a3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:19:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 327
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7614
x-xss-protection: 0
server: cafe
etag: 9899176843389144697
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Aug 2021 05:19:44 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 0600 2 KB
1 KB 33ms
12ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210809/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:18:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 402
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Aug 2021 05:18:29 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0600 124 KB
37 KB 51ms
37ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210809/r20110914/zrt_lookup.html?fsb=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:11 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508775336984"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38212
x-xss-protection: 0
expires: Thu, 12 Aug 2021 05:25:11 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 0600 14 KB
6 KB 29ms
9ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210809/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:21:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 217
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Aug 2021 05:21:34 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DA6B 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210809/r20110914/zrt_lookup.html?fsb=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/html/r20210809/r20110914/zrt_lookup.html?fsb=1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnFap3hj6uUvzB5HhzTpplubBifa3o-Aa9uYwCaEICq-cT8jQeZseFt7scq5qM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/html/r20210809/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 12 Aug 2021 05:16:24 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 527
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 4B5C 9 KB
3 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 23:05:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22763
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 12 Aug 2021 23:05:48 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 4B5C 26 KB
10 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 18:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 12 Aug 2021 18:31:13 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DA6B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

16ms
14ms

Document
text/html

2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210809/r20110914/zrt_lookup.html?fsb=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnFap3hj6uUvzB5HhzTpplubBifa3o-Aa9uYwCaEICq-cT8jQeZseFt7scq5qM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 12 Aug 2021 05:25:11 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 12-Aug-2021 06:25:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 12 Aug 2021 05:25:11 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 12 Aug 2021 05:25:11 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0600 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e77800d3fc83276f57e97e786350d2fe9a4e531f7d7d598cba54e9ba38db3f33

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 bg_1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/img/ Frame 4B5C 32 KB
32 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/img/bg_1.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a35e58ed27adb2b3898f7fac4959e9400e56991a06771cd3fa1e2471c8f7d31

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 473085
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32696
x-xss-protection: 0
last-modified: Tue, 20 Apr 2021 01:39:38 GMT
server: sffe
date: Fri, 06 Aug 2021 18:00:26 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Aug 2022 18:00:26 GMT

GET
H3-29 200 bg_2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/img/ Frame 4B5C 27 KB
27 KB 13ms
13ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/img/bg_2.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90c5ec26f06ae4c04369e48776d3b81a6db293f669ccf466e7aa2fe0077ded3a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 473085
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27500
x-xss-protection: 0
last-modified: Tue, 20 Apr 2021 01:39:38 GMT
server: sffe
date: Fri, 06 Aug 2021 18:00:26 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Aug 2022 18:00:26 GMT

GET
H3-29 200 banner.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/img/ Frame 4B5C 20 KB
20 KB 11ms
11ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/img/banner.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16489952301615999136/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81e9cd9c4c8b4bd3d53880fb36277e1cc6ff1fd39f54a83be6af7f4b4a79db77

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 473085
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20412
x-xss-protection: 0
last-modified: Tue, 20 Apr 2021 01:39:38 GMT
server: sffe
date: Fri, 06 Aug 2021 18:00:26 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Aug 2022 18:00:26 GMT

GET
H3-29 200 O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js Show response
pagead2.googlesyndication.com/bg/ Frame 4B5C 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 17:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 129434
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Aug 2022 17:27:57 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame B45A 6 KB
669 B 23ms
21ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&h=280&adk=1393234796&adf=4092543358&pi=t.aa~a.1625790081~rp.1&w=1060&fwrn=4&fwrnh=100&lmt=1628745910&rafmt=1&to=qs&pwprc=6831576490&tp=site_kit&psa=0&format=1060x280&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fech0raix-ransomware-variant-targets-qnap-synology-nas-devices%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628745910919&bpp=4&bdt=870&idt=4&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da761a4c383c2862e-22b60143a5c900a3%3AT%3D1628745910%3ART%3D1628745910%3AS%3DALNI_MYwY1ICVbDBGqStKgSkepcNfXF-FA&prev_fmts=0x0&nras=2&correlator=5064252320946&frm=20&pv=1&ga_vid=1924358167.1628745911&ga_sid=1628745911&ga_hid=1296604982&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=270&ady=1684&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062248&oid=3&pvsid=3364193868409131&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=nawdxoby5j&p=https%3A//thecybernewsfeed.com&dtd=16

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 12 Aug 2021 03:31:39 GMT
server: ESF
date: Thu, 12 Aug 2021 05:25:11 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 12 Aug 2021 05:25:11 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame B45A 1 KB
857 B 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:20:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
server: cafe
etag: 3558876194914413708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Aug 2021 05:20:44 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/ Frame B45A 18 KB
7 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83cd4afc0672833e8ac46854de805cda18237894e6d5193111af3e2e866a7a3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:19:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 327
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7614
x-xss-protection: 0
server: cafe
etag: 9899176843389144697
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Aug 2021 05:19:44 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame B45A 2 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:18:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 402
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Aug 2021 05:18:29 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B45A 124 KB
37 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:11 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508775336984"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38212
x-xss-protection: 0
expires: Thu, 12 Aug 2021 05:25:11 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame B45A 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:17:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 26 Aug 2021 05:17:41 GMT

GET
H2 200 b0784018e1fbf9b21026a03ef4bd1046.js Show response
www.gstatic.com/mysidia/ Frame B45A 26 KB
11 KB 25ms
5ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/b0784018e1fbf9b21026a03ef4bd1046.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

357839b656a38b688c109822362a471abf0cfa1c50b94f913e8c141fba7f59bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 08:10:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76497
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10788
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 15:52:42 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 09 Nov 2021 08:10:14 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/10550276182527628733/ Frame B45A 13 KB
13 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10550276182527628733/downsize_200k_v1?w=400&h=209

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83efb431c62f237d10f9075c3fe2805bb07b22056a693c29f12a65d7623da3f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 07:46:46 GMT
x-content-type-options: nosniff
age: 164305
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13150
x-xss-protection: 0
last-modified: Mon, 27 Jan 2020 14:09:09 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 07:46:46 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/17957733750408464020/ Frame B45A 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17957733750408464020/downsize_200k_v1?w=100&h=100

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

354a68cd5b6ca3e72a16fa3a9050c11dba4459ae3950f42cc08d02a40e41c21e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 05:17:54 GMT
x-content-type-options: nosniff
age: 173237
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1849
x-xss-protection: 0
last-modified: Mon, 27 Jan 2020 14:09:09 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 05:17:54 GMT

GET
DATA 200
OK truncated
/ Frame B45A 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame B45A 0
0 18ms
17ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C7htXtrAUYcSSOqqO7_UPvNyOoA2JhenVY6-pi8PHC7_hHhABIIWSuSxglQKgAeWKqqADyAEJqQIJPk4r0bKzPqgDAcgDywSqBIkCT9Co0LObMiJas3rMYqDATzH5lbzrCdZp6OM-IWxgz3hf7JfnE7zg76YxzgT_dM6_Ucg8TLBYlDyG-ElGo0h8tPMJjIJ74aiJnx0rpCvmNpdmordXKHWys9mK6fVYwE7aD8-AI5N_6WJNo6dDgAhZ_y1B7ahDeix66AedAJSemRZSY9v11Y8touaKr94e3gWQLN7mhR9csJ1QFRTbQEw4qLUzzbD7C_KfudBTWtlrW9KKjAFbj10bci-F0OLcb8Y8Dreuqn7ds9m_umynznkT40pQWZiuzoasFCt_U-EYqGZnabclFfvoUPEZ2TdPTGElB7PJImFkWMZEy14ZYVj5vr9PZnboYr77xcAE7_nMrNECkgUECAQYAZIFBAgFGASgBi6AB4P11V-oB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQyr1D0ggJCIDhgBAQARgfgAoByAsB2BMNiBQG0BUBgBcBshccChoIABIUcHViLTE0NjMxNTMyOTM1MTg3NzQYAA&sigh=kEajqefK0A0&template_id=484

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1463153293518774&output=html&h=280&adk=1393234796&adf=4092543358&pi=t.aa~a.1625790081~rp.1&w=1060&fwrn=4&fwrnh=100&lmt=1628745910&rafmt=1&to=qs&pwprc=6831576490&tp=site_kit&psa=0&format=1060x280&url=https%3A%2F%2Fthecybernewsfeed.com%2Fmalware%2Fech0raix-ransomware-variant-targets-qnap-synology-nas-devices%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628745910919&bpp=4&bdt=870&idt=4&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da761a4c383c2862e-22b60143a5c900a3%3AT%3D1628745910%3ART%3D1628745910%3AS%3DALNI_MYwY1ICVbDBGqStKgSkepcNfXF-FA&prev_fmts=0x0&nras=2&correlator=5064252320946&frm=20&pv=1&ga_vid=1924358167.1628745911&ga_sid=1628745911&ga_hid=1296604982&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=270&ady=1684&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062248&oid=3&pvsid=3364193868409131&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=nawdxoby5j&p=https%3A//thecybernewsfeed.com&dtd=16
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 12 Aug 2021 05:25:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9E61 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 11 Aug 2021 11:56:19 GMT
expires: Thu, 12 Aug 2021 11:56:19 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 62932
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame B45A 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 174a926592d1fe58086ae8a4d2e24fdaa42b858ee1de32cfb2fa8f38823c9084

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame B45A 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 08:57:53 GMT
x-content-type-options: nosniff
age: 160038
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 08:57:53 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame B45A 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 03:00:34 GMT
x-content-type-options: nosniff
age: 181477
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 03:00:34 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 9E61 35 B
463 B 29ms
8ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDeNU2VLO33c4BkR9t40qqo&google_cver=1&google_push=AYg5qPJ0E7ZfDb4Idcid0lqn7J9p1QcIvIDMOTlaqvxXvnGu4s1MMnBRd_nGOF4u5dv-O5m79DKnwD0z9lFORDjvgPf-SFpm460

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Aug 2021 05:25:11 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9E61
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJiYoLNbOEOHNHaEmRcJjdNaZX6D_7IzF2vDfG...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVJTd3R3QUFCUEN6b1M3Uw&google_push=AYg5qPJiYoLNbOEOHNHaEmRcJjdNaZX6D_7IzF2vDfG1SAmCBuxacDfaXmUcrD16YHsm1sPLGp359NpxBaqCUsS8uSNc6oGAFhKN

170 B
188 B

129ms
67ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVJTd3R3QUFCUEN6b1M3Uw&google_push=AYg5qPJiYoLNbOEOHNHaEmRcJjdNaZX6D_7IzF2vDfG1SAmCBuxacDfaXmUcrD16YHsm1sPLGp359NpxBaqCUsS8uSNc6oGAFhKN

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Aug 2021 05:25:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVJTd3R3QUFCUEN6b1M3Uw&google_push=AYg5qPJiYoLNbOEOHNHaEmRcJjdNaZX6D_7IzF2vDfG1SAmCBuxacDfaXmUcrD16YHsm1sPLGp359NpxBaqCUsS8uSNc6oGAFhKN
Date: Thu, 12 Aug 2021 05:25:11 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9E61
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEAj1wuEH-A68KOaDQKPoQS8&google_cver=1&google_push=AYg5qPJSZ8J7JjdxOfFgqgFsH54vi6BxegZce7sXW4tjFAkzgXTjx2Sr171bRNQotuc1_AmLb2bUznkTGL6b0Oi9N21n0qRUtd75
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJSZ8J7JjdxOfFgqgFsH54vi6BxegZce7sXW4tjFAkzgXTjx2Sr171bRNQotuc1_AmLb2bUznkTGL6b0Oi9N21n0qRUtd75&google_hm=Q0FFU0VBajF3dUVILUE2O...

170 B
188 B

131ms
68ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJSZ8J7JjdxOfFgqgFsH54vi6BxegZce7sXW4tjFAkzgXTjx2Sr171bRNQotuc1_AmLb2bUznkTGL6b0Oi9N21n0qRUtd75&google_hm=Q0FFU0VBajF3dUVILUE2OEtPYURRS1BvUVM4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Aug 2021 05:25:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 12 Aug 2021 05:25:11 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPJSZ8J7JjdxOfFgqgFsH54vi6BxegZce7sXW4tjFAkzgXTjx2Sr171bRNQotuc1_AmLb2bUznkTGL6b0Oi9N21n0qRUtd75&google_hm=Q0FFU0VBajF3dUVILUE2OEtPYURRS1BvUVM4
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9E61
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEAZrzFnyeYuxaWC7Yc7FBMk&google_cver=1&google_push=AYg5qPLjot7lZfpCFazVKis7Oh5_q573Qcy_sCMegnpCf0mrL2RD7i8X3g1oE_Kywo1Hmg4F182gfcMaAYVhYCY58a1uZl7ENGQ
https://rtb.openx.net/sync/dds?google_gid=CAESEAZrzFnyeYuxaWC7Yc7FBMk&google_cver=1&google_push=AYg5qPLjot7lZfpCFazVKis7Oh5_q573Qcy_sCMegnpCf0mrL2RD7i8X3g1oE_Kywo1Hmg4F182gfcMaAYVhYCY58a1uZl7ENGQ&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLjot7lZfpCFazVKis7Oh5_q573Qcy_sCMegnpCf0mrL2RD7i8X3g1oE_Kywo1Hmg4F182gfcMaAYVhYCY58a1uZl7ENGQ&google_hm=KyeMNHZnxxMxlUylRA224Q==

170 B
329 B

63ms
62ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLjot7lZfpCFazVKis7Oh5_q573Qcy_sCMegnpCf0mrL2RD7i8X3g1oE_Kywo1Hmg4F182gfcMaAYVhYCY58a1uZl7ENGQ&google_hm=KyeMNHZnxxMxlUylRA224Q==

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Aug 2021 05:25:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 12 Aug 2021 05:25:11 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLjot7lZfpCFazVKis7Oh5_q573Qcy_sCMegnpCf0mrL2RD7i8X3g1oE_Kywo1Hmg4F182gfcMaAYVhYCY58a1uZl7ENGQ&google_hm=KyeMNHZnxxMxlUylRA224Q==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 9s8md90nhor3cuuo0620k0cdkjjjb184

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9E61
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0glxF5PlRg-fIagdhMoSeA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

119ms
68ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0glxF5PlRg-fIagdhMoSeA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIzQ4qhFfQWqz4p4w0XSA6bIlVgs0BCKwdkoz6xkCBmAThYusWwyDiq2cVY6dQ5nbwyqC_bMXgBxN8hQkyCaQqonX4OHI8f

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Aug 2021 05:25:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0glxF5PlRg-fIagdhMoSeA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIzQ4qhFfQWqz4p4w0XSA6bIlVgs0BCKwdkoz6xkCBmAThYusWwyDiq2cVY6dQ5nbwyqC_bMXgBxN8hQkyCaQqonX4OHI8f
date: Thu, 12 Aug 2021 05:25:11 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 9E61
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENm_TSGG5HVQZvUpDTmgvT4&google_cver=1&google_push=AYg5qPKzPDIQtsCohAvx_F365s1C1fe0H5Aoo5F4ubs3L385FVT3WVyAkYTnIFE5kH3iMaWU_mG...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1M4SDlHV0UtMUktRFFKTQ==&google_push=AYg5qPKzPDIQtsCohAvx_F365s1C1fe0H5Aoo5F4ubs3L385FVT3WVyAkYTnIFE5kH3iMaWU_mGG9MpTmS6p7tnbZEB6ARnWX_rt

170 B
188 B

103ms
67ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1M4SDlHV0UtMUktRFFKTQ==&google_push=AYg5qPKzPDIQtsCohAvx_F365s1C1fe0H5Aoo5F4ubs3L385FVT3WVyAkYTnIFE5kH3iMaWU_mGG9MpTmS6p7tnbZEB6ARnWX_rt

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Aug 2021 05:25:12 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1M4SDlHV0UtMUktRFFKTQ==&google_push=AYg5qPKzPDIQtsCohAvx_F365s1C1fe0H5Aoo5F4ubs3L385FVT3WVyAkYTnIFE5kH3iMaWU_mGG9MpTmS6p7tnbZEB6ARnWX_rt
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 9E61
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFh...

0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 9E61 0
253 B 179ms
59ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LWicB8oX6C3VUS8J958Px6XwrSb8qdDeHZ-zu56xRFYZLwkOTEwsBsi4PAWDYZldiDrclH

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:11 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 32ms
18ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210809&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c06e25cb07dca2b8655ea7bc0eeef15f17d86fc4965197fc387f5c7db6df97f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 12 Aug 2021 05:25:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8530
x-xss-protection: 0

GET
H3-29 200 O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js Show response
pagead2.googlesyndication.com/bg/ Frame E1FD 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 17:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 129434
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Aug 2022 17:27:57 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 05:25:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Thu, 12 Aug 2021 05:25:11 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 5179 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thecybernewsfeed.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://thecybernewsfeed.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Wed, 11 Aug 2021 13:59:36 GMT
expires: Thu, 11 Aug 2022 13:59:36 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 55535
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B16A 783 B
529 B 17ms
17ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

48f82599bc923ac2cc01484a2373c43317cc143bfcb1de7c304bc1915e2b38e9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-SAEtLess9WbZY0IgAgbSJg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thecybernewsfeed.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://thecybernewsfeed.com/

Response headers

expires: Thu, 12 Aug 2021 05:25:11 GMT
date: Thu, 12 Aug 2021 05:25:11 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-SAEtLess9WbZY0IgAgbSJg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 510
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js Show response
pagead2.googlesyndication.com/bg/ Frame 5179 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 17:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 129434
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Aug 2022 17:27:57 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 31ms
30ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210809&jk=3364193868409131&bg=!AQKlAkbNAAbOj6irzo87ACkAdvg8WpDgpWODo3tlhuvICVntAhUu4tgYZdaflkT973IMyEfwisLG0AIAAAB5UgAAAA9oAQeZAobDKmmVyfFd2Pv8iKDFXVfIt-kGYgMVRrP7wBwUtIy9oYpQvwLkikueLRpvV3ph4fePdRuT73rnq6voxnFd9iFNWb5067Wat5VgqrIR6klL2BI_UBq7MvSlgzPT9oA_OXZL-odEFd4tHpQlPfg1c_rrvQhSbT0zTN-5IQA8QLQo921QKNn7A7AakOW2qEJ5Ub6ny0sNuGRTMdcwZFB4i9aJddQrqzKgnTf4Z723X0f0Y8fJ7ncZ_eQnvtMy22VTdrDwBXas53le9KcKDnVyoJHDNz0C55sYk66iJKhlFYrLoHLJrgPQHFiDWsSd5-u0Qv5-7agmmZe8vlXTOgXuJSj8GOhmGDKgYcz0MgOLdI400x__zGR7gIOcK1Lg3oHfTN1OgYoH2EYzRE2cgQhO_dY7CQli7O48dDTLCyT03fDnhRWQo8TT-q6cbXYdaMCu0N9DfS4PDZ06IiKNQM9RIqfd9XopqxW8i3t2Xek3oyNpxH54lRNFBWP4mpX-twpMwkaMfdjmOg1tLoKepddolF8QLAGwFFZKL0QpfglCCfyI1KPHUYWK8wYE8TC3myq3puFxonh8TVxU5XuWa9Nz-49QZItSXkIEtZ8nFdedXcgEEh66bJDOpVuJIv6sK4s5N5FqtX6YIEp4D-HoToWMa9_N9HIX4Lv_gueoVUD2w_TkaIvT0p5sn7fMLMcOAozL7E7Zxy6z4htmMO1F0KZw9jVRbCiIeTsALkg8pXSBN6jpCKBBbZlEslwn-dALGf4eRZkqTwWoZ-Uwy7l1Gj6ilwc2H-XDrYjhkAWeuq6soqybEmrYF89a9LGkVhQeg_mEgqxU5e_cEfezC1Z0c7fgyflh-z0n2F7V

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thecybernewsfeed.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Aug 2021 05:25:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0600 42 B
64 B 30ms
30ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssgGkDkOfgD3BmRsE2Mt8YToUssUBvB4Ek765cT3nJTz7o-xQh48B28gNymiP1a1GNN3AJTF98lFrh4bcHvTJi1IROTz1GT7mGnRA36NEQiPtLz5qL9rPF9wX5ueA&sai=AMfl-YQvq_NPPaieobDIgXUMQOZLy7seaHwCEZUWd0Y-WbTSVXvZseKAICR70_F5PJkBscF_OL_YogFx26ct&sig=Cg0ArKJSzPh4pjRTg3NuEAE&id=lidar2&mcvt=1000&p=1106,299,1231,1304&mtos=0,766,1000,1091,1218&tos=0,766,234,91,127&v=20210809&bin=7&avms=nio&bs=0,0&mc=0.76&if=1&app=0&itpl=2&adk=1812271801&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1628745910967&dlt=7&rpt=143&msd=0&r=v&speed=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Aug 2021 05:25:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRSwuM1BtteHnSsYMBW0pwAAAPEAAAIB&google_gid=CAESENe6oQxGwg6B5p2ErvE6k8c&google_cver=1&google_push=AYg5qPLtcvvVaz5S7BMtg810dL-5AnOV3LWFhEboh1dY9dj7LcoNHxveXIeWy3Av6rkWxgnMSOtZx8BVhLHnXApTevFNBuXiEKc&google_tc=

Verdicts & Comments Add Verdict or Comment

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 20:25:49	Name: DSID Value: NO_DATA
.thecybernewsfeed.com/	1970-01-20 05:47:21	Name: __gads Value: ID=a761a4c383c2862e-22b60143a5c900a3:T=1628745910:RT=1628745910:S=ALNI_MYwY1ICVbDBGqStKgSkepcNfXF-FA
.thecybernewsfeed.com/	1970-01-19 20:25:45	Name: _gat_gtag_UA_71847049_2 Value: 1
.doubleclick.net/	1970-01-20 05:47:21	Name: IDE Value: AHWqTUlH_VlI4QxLUOS2yOwL4dQeTbU3Nc0epLnzgC6tsrBQo8qJJejl9inpWebyuAg
.thecybernewsfeed.com/	1970-01-19 20:27:12	Name: _gid Value: GA1.2.618397769.1628745911
.thecybernewsfeed.com/	1970-01-20 13:56:57	Name: _ga Value: GA1.2.1924358167.1628745911
thecybernewsfeed.com/	1969-12-31 23:59:59	Name: DYNSRV Value: lin-10-170-0-63

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://thecybernewsfeed.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cm.g.doubleclick.net
cms.quantserve.com
d.agkn.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
image6.pubmatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.rubiconproject.com
rtb.openx.net
secure.gravatar.com
thecybernewsfeed.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
cm.g.doubleclick.net
142.250.181.226
142.250.184.226
18.195.172.136
185.64.189.115
2606:4700:3035::ac43:dd76
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:800::2003
2a00:1450:4001:803::2003
2a00:1450:4001:803::200e
2a00:1450:4001:808::200a
2a00:1450:4001:809::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2002
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:828::2002
2a00:1450:4001:82b::2008
2a00:1450:4001:82f::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a04:fa87:fffe::c000:4902
35.186.253.211
63.32.201.39
69.173.144.139
001bfcd7d6260cf429f2ad3dc28067ab53e6e5200155ecd6c0a7acd575a53d7f
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0959fd5221c31132fe958b4fe241d928d4b0debf5ac3a81ae13bb69ffbc5a3e1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
15f136c7a0f852a5232676505f21551be2984ffb857239b3bf5b55521ad027aa
174a926592d1fe58086ae8a4d2e24fdaa42b858ee1de32cfb2fa8f38823c9084
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1e4100882681021e831496496e00c155919a6d232110fcea6555375b898b0e23
1ec1181f87f40a4f58909ef55bb7841f765596a67b84b2a27c0a7d567e601210
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2a7c97a046515bc0d58203d54c8100496f7a334306af34fa1b29ce68b3488a86
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
354a68cd5b6ca3e72a16fa3a9050c11dba4459ae3950f42cc08d02a40e41c21e
357839b656a38b688c109822362a471abf0cfa1c50b94f913e8c141fba7f59bf
3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9
3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7
3f072795ef49893425d1998bfe539b5d1ccfbe7cccb46adeba443a9c1ca94361
48f82599bc923ac2cc01484a2373c43317cc143bfcb1de7c304bc1915e2b38e9
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
4faa1d5635283a0d49e1933de318b24491751c9a3ccf2fe404b9137929e3eb86
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
6513585441b8e6f73cb020fec38b98e64b4ab966282d376469a495fa288a1228
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7a35e58ed27adb2b3898f7fac4959e9400e56991a06771cd3fa1e2471c8f7d31
81e9cd9c4c8b4bd3d53880fb36277e1cc6ff1fd39f54a83be6af7f4b4a79db77
83cd4afc0672833e8ac46854de805cda18237894e6d5193111af3e2e866a7a3a
83efb431c62f237d10f9075c3fe2805bb07b22056a693c29f12a65d7623da3f0
87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad
8a6aa889d20cbd3a54c4dc09d5a6366a6928d7db46b78b8fc3242e571d4cde46
90c5ec26f06ae4c04369e48776d3b81a6db293f669ccf466e7aa2fe0077ded3a
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a8348bb1076ca41e3ec8bcf72a82c60c7a652f5659fc3fef6bffe95f9dab26fd
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c06e25cb07dca2b8655ea7bc0eeef15f17d86fc4965197fc387f5c7db6df97f0
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d05921972a05d43b86b07c7e074afff197f96c2f953a9f8595c2b59ba34cc3d9
d5f3085127d154cbd72e219052312767d460633fafa6e38bb9a9446ddb03a270
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d7d1ad6799d69e6b2554f3ca7b64411f5f3ca8e4e62e45a746421d8cdbc665e9
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e2b5d4752ac81478ad36860fbe67b75bad20bbee7a93e835a25283d310c78999
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e77800d3fc83276f57e97e786350d2fe9a4e531f7d7d598cba54e9ba38db3f33
eecda7280d7a8779cb5ff8bf7459b430bf970052106a1c4b186ff2eddd8c82d7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f8098ca7913e9596af5cd8f3f5547ab95dd70c8020a7f159db715aa66a5c9f44
fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549

thecybernewsfeed.com Open in urlscan Pro 2606:4700:3035::ac43:dd76 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

74 Requests

99 %HTTPS

73 %IPv6

18 Domains

22 Subdomains

22 IPs

4 Countries

866 kBTransfer

2064 kBSize

7 Cookies

6 Outgoing links

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

thecybernewsfeed.com Open in urlscan Pro
2606:4700:3035::ac43:dd76 Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

99 %
HTTPS

73 %
IPv6

18
Domains

22
Subdomains

22
IPs

4
Countries

866 kB
Transfer

2064 kB
Size

7
Cookies

74 HTTP transactions
3 data transactions