www.malwaretech.com Open in urlscan Pro
2606:4700:10::6814:5037 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Submission Tags: falconsandbox
Submission: On July 29 via api (July 29th 2021, 4:53:45 pm UTC) from US

Summary HTTP 341 Redirects Links 29 Behaviour Indicators

Summary

This website contacted 33 IPs in 6 countries across 29 domains to perform 341 HTTP transactions. The main IP is 2606:4700:10::6814:5037, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.malwaretech.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 7th 2021. Valid for: a year.

This is the only time www.malwaretech.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
46	2606:4700:10:... 2606:4700:10::6814:5037	13335 (CLOUDFLAR...) (CLOUDFLARENET)
44	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
55	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
4	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0d::9c	15169 (GOOGLE) (GOOGLE)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
4	151.101.12.134 151.101.12.134	54113 (FASTLY) (FASTLY)
4	2606:4700:303... 2606:4700:3036::ac43:8259	13335 (CLOUDFLAR...) (CLOUDFLARENET)
28	2600:9000:219... 2600:9000:2190:8200:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
8	151.101.192.134 151.101.192.134	54113 (FASTLY) (FASTLY)
12	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
44	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
5 8	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2 3	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
2 2	23.45.99.241 23.45.99.241	16625 (AKAMAI-AS) (AKAMAI-AS)
26 48	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
4 4	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
4 4	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
4 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	217.182.200.19 217.182.200.19	16276 (OVH) (OVH)
1 1	34.246.227.69 34.246.227.69	16509 (AMAZON-02) (AMAZON-02)
1 1	35.157.140.213 35.157.140.213	16509 (AMAZON-02) (AMAZON-02)
9	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:4700::68... 2606:4700::6810:a30d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST)
5	151.101.12.64 151.101.12.64	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:808::200d	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
341	33

46 2606:4700:10::6814:5037 (United States)

ASN13335 (CLOUDFLARENET, US)

www.malwaretech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
malwaretech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

55 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0d::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.12.134 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

malwaretech2.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3036::ac43:8259 (United States)

ASN13335 (CLOUDFLARENET, US)

lab.subinsb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2600:9000:2190:8200:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.192.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 5 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:51e4:db4b:4436:b305 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.45.99.241 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-99-241.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 142.250.185.162 (United States) 26 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.186.253.211 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.78 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.139 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.182.200.19 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: gcm5.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.246.227.69 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.140.213 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-140-213.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.14.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

a.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:a30d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.12.64 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

links.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glitter.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
73	doubleclick.net 26 redirects googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	187 KB
67	twitter.com platform.twitter.com syndication.twitter.com	1 MB
62	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	853 KB
46	malwaretech.com www.malwaretech.com malwaretech.com	397 KB
37	disquscdn.com c.disquscdn.com a.disquscdn.com	1 MB
17	twimg.com cdn.syndication.twimg.com pbs.twimg.com	237 KB
17	disqus.com malwaretech2.disqus.com disqus.com links.services.disqus.com glitter.services.disqus.com referrer.disqus.com	113 KB
17	google.com 5 redirects apis.google.com adservice.google.com www.google.com accounts.google.com	43 KB
9	gstatic.com fonts.gstatic.com www.gstatic.com ssl.gstatic.com	221 KB
7	googletagservices.com www.googletagservices.com	252 KB
4	casalemedia.com 4 redirects ssum-sec.casalemedia.com	4 KB
4	pubmatic.com 4 redirects image6.pubmatic.com	2 KB
4	openx.net 4 redirects rtb.openx.net	1 KB
4	subinsb.com lab.subinsb.com	9 KB
3	rubiconproject.com 3 redirects pixel.rubiconproject.com	1 KB
3	quantserve.com 2 redirects cms.quantserve.com	1 KB
3	google.de adservice.google.de	1 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	viglink.com cdn.viglink.com	541 B
2	facebook.net connect.facebook.net	70 KB
2	rlcdn.com 2 redirects id.rlcdn.com	887 B
2	addthis.com 2 redirects e.dlx.addthis.com	1 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	facebook.com www.facebook.com
1	agkn.com 1 redirects d.agkn.com	763 B
1	everesttech.net 1 redirects pixel.everesttech.net	378 B
1	gemius.pl 1 redirects googlecm.hit.gemius.pl	337 B
1	mookie1.com odr.mookie1.com	324 B
1	googleadservices.com partner.googleadservices.com	660 B
341	29

	Domain	Requested by
55	platform.twitter.com	www.malwaretech.com platform.twitter.com
48	cm.g.doubleclick.net	26 redirects www.malwaretech.com googleads.g.doubleclick.net
44	tpc.googlesyndication.com	googleads.g.doubleclick.net www.malwaretech.com tpc.googlesyndication.com pagead2.googlesyndication.com
43	www.malwaretech.com	www.malwaretech.com
28	c.disquscdn.com	malwaretech2.disqus.com disqus.com c.disquscdn.com www.malwaretech.com
24	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.malwaretech.com googleads.g.doubleclick.net
18	pagead2.googlesyndication.com	www.malwaretech.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
12	pbs.twimg.com	platform.twitter.com
12	syndication.twitter.com	platform.twitter.com
9	a.disquscdn.com	www.malwaretech.com c.disquscdn.com
8	www.google.com	5 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
8	disqus.com	malwaretech2.disqus.com c.disquscdn.com
7	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
7	fonts.gstatic.com	fonts.googleapis.com
5	cdn.syndication.twimg.com	platform.twitter.com
4	links.services.disqus.com	c.disquscdn.com
4	ssum-sec.casalemedia.com	4 redirects
4	image6.pubmatic.com	4 redirects
4	rtb.openx.net	4 redirects
4	lab.subinsb.com	www.malwaretech.com
4	apis.google.com	www.malwaretech.com c.disquscdn.com apis.google.com
3	pixel.rubiconproject.com	3 redirects
3	cms.quantserve.com	2 redirects googleads.g.doubleclick.net
3	malwaretech2.disqus.com	www.malwaretech.com malwaretech2.disqus.com
3	malwaretech.com	www.malwaretech.com malwaretech.com
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	fonts.googleapis.com	www.malwaretech.com googleads.g.doubleclick.net tpc.googlesyndication.com
2	accounts.google.com	apis.google.com ssl.gstatic.com
2	cdn.viglink.com	www.malwaretech.com
2	connect.facebook.net	c.disquscdn.com connect.facebook.net
2	id.rlcdn.com	2 redirects
2	e.dlx.addthis.com	2 redirects
2	www.google-analytics.com	www.malwaretech.com www.google-analytics.com
1	referrer.disqus.com
1	glitter.services.disqus.com	c.disquscdn.com
1	ssl.gstatic.com	accounts.google.com
1	www.facebook.com	c.disquscdn.com
1	d.agkn.com	1 redirects
1	pixel.everesttech.net	1 redirects
1	googlecm.hit.gemius.pl	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	www.gstatic.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
341	45

This site contains links to these domains. Also see Links.

Domain
malwaretech-podcast.simplecast.com
discord.gg
malwaretech.com
www.facebook.com
twitter.com
plus.google.com
www.pinterest.com
www.linkedin.com
www.tumblr.com
blog.talosintelligence.com
blogs.technet.microsoft.com
securingtomorrow.mcafee.com
blog.emsisoft.com
blog.comae.io
en.wikipedia.org
securelist.com
blog.kryptoslogic.com
intel.malwaretech.com
youtube.com
twitch.tv
www.instagram.com
www.patreon.com
demos.subinsb.com

Subject Issuer	Validity	Valid
malwaretech.com Cloudflare Inc ECC CA-3	`2021-06-07` - `2022-06-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-05` - `2021-09-27`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-07-05` - `2021-09-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-07-05` - `2021-09-27`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-25` - `2022-06-24`	a year	crt.sh
a.disquscdn.com Amazon	`2020-11-30` - `2021-12-29`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-07-05` - `2021-09-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.disquscdn.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
ssl1029306.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2021-07-12` - `2022-06-30`	a year	crt.sh
*.services.disqus.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-26` - `2022-05-28`	a year	crt.sh
accounts.google.com GTS CA 1O1	`2021-06-28` - `2021-09-20`	3 months	crt.sh

This page contains 36 frames:

Primary Page: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Frame ID: A4D356278DC7A4B79B8B620DA38A6A73
Requests: 91 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20190131/zrt_lookup.html
Frame ID: 4847910015EE8F513583ED75FFB740AE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&adk=1812271804&adf=3025194257&lmt=1627577597&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577597250&bpp=4&bdt=858&idt=119&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=920484415588&frm=20&pv=2&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=155
Frame ID: 1159CEF9A473B20A0B1D5B9D6E66AC08
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwww.malwaretech.com
Frame ID: 4A95021E0CC59019EC1DC23275714C7F
Requests: 2 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
Frame ID: 5C72C1C05C1B7AC4B94798D71939332A
Requests: 29 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=1959655354&pi=t.aa~a.776170153~i.21~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=4&bdt=2100&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0&nras=2&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=1712&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yvO7n89rXJ&p=https%3A//www.malwaretech.com&dtd=93
Frame ID: 8C05360EAF0C07936B64D2C6EFAFA447
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123
Frame ID: 9BC79A7BF50B9ECE38EFC6D4F9D9E71A
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155
Frame ID: 60242598F5640E1F091E7215F50ECD0C
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=943188358&pi=t.aa~a.776170153~i.59~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280&nras=5&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=038e2dKZ4C&p=https%3A//www.malwaretech.com&dtd=188
Frame ID: FEC00B43296E768C30ABE5FB9ADAF926
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=600&adk=3579329306&adf=3454879259&pi=t.aa~a.3105528995~rp.4&w=263&fwrn=4&fwrnh=100&lmt=1627577598&rafmt=1&to=qs&pwprc=6231692264&psa=0&format=263x600&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=1&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280%2C848x280&nras=6&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1108&ady=1063&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=nGRoBoGiDL&p=https%3A//www.malwaretech.com&dtd=225
Frame ID: F07664ECC22BB8EA1FE42B066EBE14B5
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/recommendations/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known
Frame ID: B38FE88E7CD17FB66FDF2761F7AFF269
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1
Frame ID: 2ECA90F7064560F977A3340D25369B23
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/index.html
Frame ID: 3C7753FF81D18346B110BE2CAE929093
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=C8YPF_twCYdWLK4eHgAfB4ZOYC8uK26li2aHnotgN2dkeEAEg5bPaIWCVAqABtZDEwAPIAQmoAwHIA0iqBIQCT9BAuVOheEfUleLN6Kelnbwuc86ZzcJcPJx4uUCFZ-V5NHc53NFyodFkNGK4F0vUsxWzd8XsZHyO8CGVEbheyGFAlFpnmlHb4vzRpmpNBSY3_i3f0LG2fCzSCmy0mqOlPVINiBo4PT0hqS3Dd6yq94VpFjfjZxDS3OqO1aVl7ssXosIry5vWX3sXpS8DS0zEjy8yzecFWCJZTFeDGMDIKhmRD92DaRs7R6wQEhDuUZ4nmxJQBsLYLKWxZNojuBQ5fRDSjiVgaJLik9zTtb4O9vDRlYaERPLTtF0BZWGz14XsvepN8NG00w6vR5E5L_EwrHadIYVyoNygcnfcUVM4aphVY5TABL-Vj_PNA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAez77s_qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEODZAtIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXGgoYCAASFHB1Yi0zMzM3NjA5MTgyNDg5OTc0&sigh=8f5YQ5uAnoQ&template_id=419
Frame ID: F19768C7C3AD9309CD55B82B85F0960B
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 61E8B58D0179482C9605F7682D3D8DA3
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Frame ID: 333A06B0988F3775B243044682DC6963
Requests: 17 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Frame ID: 6C8E7A09073B47370B42C18AD5660BA3
Requests: 14 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Frame ID: 9961ECB0A496BAF4677B70057C0F4BF8
Requests: 15 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Frame ID: 9BE5B751584D223F4CF074DBACEFD974
Requests: 16 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Frame ID: 0CDA7575AFFB794FB406FBB0B7C71DE7
Requests: 18 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 80E817008FF53CF68E12EDCF2C850473
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html
Frame ID: EA1036C853D9CE5FAB56806FD0CA8653
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=C8VIc_twCYbmoLaq7x_APyLeagA2Xv8mYY-qpnMr5DYyLhZ4LEAEg5bPaIWCVAqAB-OD0-gPIAQmpAsNTgknp7LM-qAMByANIqgSFAk_QVQr5S1rM8uNAQe0_yneA0IKTaklwPLlh7eytt2oUUewtGN1d5YftDJfK0_7qUli_fG46y2Wr_3RH2t-GL3VrTvtjKkhdnPemeP6OuRCp1FsYy_0p50Z93ezaGvgIrMkJq9CavSfzwRFg93deZFqslwOZL-J7U9Wjc97X_wDTr04qljDV7EeS8zM4ow5asH0ypCke61b2ANYi61R1LXRFwJxTR_AyRwzjc0Ps2nUSZwR7qz8rnk71fUp0FqFlpLbafSJHt3YFhtzc1yd6oIJ-2mGKMZ_nD3kyfI01E1GGxn-gN6RWRMamwcwpclv7N0hOV7Tpa79l9c77IPsDq6OXwU5bjMAEwPviucUDkgUECAQYAZIFBAgFGASgBi6AB_CeiwWoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQxrID0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBmBYBgBcBshcaChgIABIUcHViLTMzMzc2MDkxODI0ODk5NzQ&sigh=Opxfuf7hAVs&template_id=419
Frame ID: 4CE47EAAEBEE55DA8ED491A2E4722FC3
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 058C40EC615603244C3ADC40B7BA3B8D
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 04C32179893B305A9E0A9E8BA71BE612
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E5DD1D33CC7C3DCF407B92B039D45C66
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 0BCF1F6B1540590D436520865DAEB612
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 07ABC3723252AF74924FE4A55C01B814
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 70D67CDDA8312BA2284D3B800F1E2199
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js
Frame ID: 0CC967B06D36E2AD1149DB0D4B4E43AB
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js
Frame ID: AAA2231AFEF6E486072354305CCFA371
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js
Frame ID: AADAF89B051D3B41D6CDE0CD631F8383
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js
Frame ID: 430B4B5C985795F53E3EBD6E5D481CFE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 129E0510ABF7A628CA0AF99C9F42E0F1
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9939705119BBC4B3E957CCF720A5008A
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: E4494DB18A8DB3605AB8687FE8CB6550
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /react.*\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

341
Requests

100 %
HTTPS

59 %
IPv6

29
Domains

45
Subdomains

33
IPs

6
Countries

5067 kB
Transfer

11448 kB
Size

1
Cookies

29 Outgoing links

These are links going to different origins than the main page.

URL: https://malwaretech-podcast.simplecast.com/
Title: Podcast

Search URL Search Domain Scan URL

URL: https://discord.gg/4tUrsPu
Title: Discord

Search URL Search Domain Scan URL

URL: http://malwaretech.com/challenges
Title: Challenges

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Search URL Search Domain Scan URL

URL: http://twitter.com/home?status=https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/button/?url=https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html&media=&description=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html&title=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&source=https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Search URL Search Domain Scan URL

URL: http://www.tumblr.com/share/link?url=https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Search URL Search Domain Scan URL

URL: https://twitter.com/fwosar
Title: Fabian Wosar

Search URL Search Domain Scan URL

URL: https://www.facebook.com/medoc.ua/posts/1904044929883085
Title: and even denied by the company itself

Search URL Search Domain Scan URL

URL: http://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html
Title: source1

Search URL Search Domain Scan URL

URL: https://twitter.com/thedefensedude/status/879764193913716737
Title: source2

Search URL Search Domain Scan URL

URL: https://www.facebook.com/cyberpoliceua/posts/536947343096100
Title: source3

Search URL Search Domain Scan URL

URL: https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/
Title: latest blog post

Search URL Search Domain Scan URL

URL: https://securingtomorrow.mcafee.com/mcafee-labs/new-variant-petya-ransomware-spreading-like-wildfire/
Title: source

Search URL Search Domain Scan URL

URL: https://twitter.com/PolarToffee
Title: xXToffeeXx

Search URL Search Domain Scan URL

URL: http://blog.emsisoft.com/2017/06/27/petya-petna-ransomware/
Title: Emsisoft

Search URL Search Domain Scan URL

URL: https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b
Title: this blog post

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Wiper_(malware)
Title: Wiper

Search URL Search Domain Scan URL

URL: https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/
Title: Kaspersky

Search URL Search Domain Scan URL

URL: https://blog.kryptoslogic.com/malware/2017/06/28/petya.html
Title: https://blog.kryptoslogic.com/malware/2017/06/28/petya.html

Search URL Search Domain Scan URL

URL: https://intel.malwaretech.com/botnet/wcrypt
Title: https://intel.malwaretech.com/botnet/wcrypt

Search URL Search Domain Scan URL

URL: https://twitter.com/MalwareTechBlog
Title:

Search URL Search Domain Scan URL

URL: https://youtube.com/c/MalwareTechBlog
Title:

Search URL Search Domain Scan URL

URL: https://twitch.tv/MalwareTechBlog
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/malwaretech/
Title:

Search URL Search Domain Scan URL

URL: https://www.patreon.com/bePatron?u=8204812

Search URL Search Domain Scan URL

URL: https://demos.subinsb.com/Francium/CryptoDonate/
Title: CryptoDonate

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 206

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPK4BEExPq4DVvUoKZWcO-P0CypRvvUwdSQvnDo9SoJEahJjnIExvfa0EKitlzL7xMOYsXoS5tp1relIU_LP5Tr1w3HWVWc&google_gid=CAESEI5PMEV5q1h0D0hYCYc3gSU&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPK4BEExPq4DVvUoKZWcO-P0CypRvvUwdSQvnDo9SoJEahJjnIExvfa0EKitlzL7xMOYsXoS5tp1relIU_LP5Tr1w3HWVWc&google_gid=CAESEI5PMEV5q1h0D0hYCYc3gSU&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA3MjkxNjUzMjIwMDAyMDc5MDY1NzM1Mw%3D%3D&google_push=AYg5qPK4BEExPq4DVvUoKZWcO-P0CypRvvUwdSQvnDo9SoJEahJjnIExvfa0EKitlzL7xMOYsXoS5tp1relIU_LP5Tr1w3HWVWc

Request Chain 208

https://rtb.openx.net/sync/dds?google_gid=CAESEHSjWMT0y4jtThNJNXINEH8&google_cver=1&google_push=AYg5qPKuvse6WqWnJ73ufchb9tiW_BuRC2ScWteInWuc5DySao-7Ma5xXT0KN5eqDKe-fcJDcUeP1rU9LM789-HnY-p9tnmTadHM HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEHSjWMT0y4jtThNJNXINEH8&google_cver=1&google_push=AYg5qPKuvse6WqWnJ73ufchb9tiW_BuRC2ScWteInWuc5DySao-7Ma5xXT0KN5eqDKe-fcJDcUeP1rU9LM789-HnY-p9tnmTadHM&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKuvse6WqWnJ73ufchb9tiW_BuRC2ScWteInWuc5DySao-7Ma5xXT0KN5eqDKe-fcJDcUeP1rU9LM789-HnY-p9tnmTadHM&google_hm=PMwRDeZ4wR8yvLtIGuM8eA==

Request Chain 209

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIyDNffL-Pc2VrhTpBNu11A&google_cver=1&google_push=AYg5qPLucSQhJ-kZFQ-s6V55m1H4nKj0yO3EfW74qer7Rwlk4uh3qxd-kVGgxLtg7CHtr65q_IU_JSuM6mk7Bjuydft_Tgw0th68 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIyDNffL-Pc2VrhTpBNu11A&google_cver=1&google_push=AYg5qPLucSQhJ-kZFQ-s6V55m1H4nKj0yO3EfW74qer7Rwlk4uh3qxd-kVGgxLtg7CHtr65q_IU_JSuM6mk7Bjuydft_Tgw0th68&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rm4-0P10RPCT_HoZswXb_A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLucSQhJ-kZFQ-s6V55m1H4nKj0yO3EfW74qer7Rwlk4uh3qxd-kVGgxLtg7CHtr65q_IU_JSuM6mk7Bjuydft_Tgw0th68

Request Chain 210

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMqexDoclusLB3vuXg9m7qA&google_cver=1&google_push=AYg5qPKumWDyOix2x14Nh_trYK6QYE389Cn0eO_9G2UZLl8DEIGM80ZmME9QYlHaNhpPTcEMLwx0OY93ALZYP5O9NaaO3hXKYImc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1JQNU9JVDQtMVMtNkc4TA==&google_push=AYg5qPKumWDyOix2x14Nh_trYK6QYE389Cn0eO_9G2UZLl8DEIGM80ZmME9QYlHaNhpPTcEMLwx0OY93ALZYP5O9NaaO3hXKYImc

Request Chain 211

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_cver=1&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOqVkrIgYVe-m5b3McNKnritOX6Ni2nQAWYxcR9YA9BmPnhAoshF HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOqVkrIgYVe-m5b3McNKnritOX6Ni2nQAWYxcR9YA9BmPnhAoshF&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOqVkrIgYVe-m5b3McNKnritOX6Ni2nQAWYxcR9YA9BmPnhAoshF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOqVkrIgYVe-m5b3McNKnritOX6Ni2nQAWYxcR9YA9BmPnhAoshF&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOqVkrIgYVe-m5b3McNKnritOX6Ni2nQAWYxcR9YA9BmPnhAoshF&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOqVkrIgYVe-m5b3McNKnritOX6Ni2nQAWYxcR9YA9BmPnhAoshF&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOqVkrIgYVe-m5b3McNKnritOX6Ni2nQAWYxcR9YA9BmPnhAoshF&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOqVkrIgYVe-m5b3McNKnritOX6Ni2nQAWYxcR9YA9BmPnhAoshF&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOqVkrIgYVe-m5b3McNKnritOX6Ni2nQAWYxcR9YA9BmPnhAoshF&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOqVkrIgYVe-m5b3McNKnritOX6Ni2nQAWYxcR9YA9BmPnhAoshF&google_cver=1&google_tc=

Request Chain 218

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEK1MlnWh__V-YYadiniWJrY&google_cver=1&google_push=AYg5qPIH1jFObwqbrqZc5u6cHz4-vgR4iDxOTWjJIZ-wK8Np0oJ2lKQhGOaanCdajmijY6OYApewObvAsA1rozn1lO4QUj3NQhw HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIH1jFObwqbrqZc5u6cHz4-vgR4iDxOTWjJIZ-wK8Np0oJ2lKQhGOaanCdajmijY6OYApewObvAsA1rozn1lO4QUj3NQhw&google_hm=P1N4q2G6NWuj-sk2mIQqHQ

Request Chain 219

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJrAl3eSkByoTiVOMS0V_c-auJlG81QX8rmERB2LZvLmaki9sbk_8JcZcFXwJDnxUwpfgOFXpNUUhIftpEqyCuam2VQajs&google_gid=CAESEIHjqzspcNuSkB9CBWAAh9g&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCIK6i4gGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBKckFsM2VTa0J5b1RpVk9NUzBWX2MtYXVKbEc4MVFYOHJtRVJCMkxadkxtYWtpOXNia184SmNaY0ZYd0pEbnhVd3BmZ09GWHBOVVVoSWZ0cEVxeUN1YW0yVlFhanM HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwZUVOQ243VXJWTGttbVpJdUJteVVQM1hpc1BreGNPdjdpM2tOMnNQV0lCYw==&google_push

Request Chain 220

https://rtb.openx.net/sync/dds?google_gid=CAESELL1aDWVa6Vhan1Q_tDaA3w&google_cver=1&google_push=AYg5qPI5PaSUH2CQLJheuu3at54AvqCjEFesH3L4eieupFFB6Nox2bkq2HKmAfuN70LG7VjkU5EtVWDrANOATkUqExLdL6CNuA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPI5PaSUH2CQLJheuu3at54AvqCjEFesH3L4eieupFFB6Nox2bkq2HKmAfuN70LG7VjkU5EtVWDrANOATkUqExLdL6CNuA&google_hm=PMwRDeZ4wR8yvLtIGuM8eA==

Request Chain 221

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELc99w13uosc581Jg5Uq4zg&google_cver=1&google_push=AYg5qPLdToWCIBzh7btmlFnnKYR4ZDCeDBAEMR39ISgGGoG7GZ4UF8gOuL5e7oJjr5-1nBrv6PFGJ41NRNTL5ZIMta2gO6J6jg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rm4-0P10RPCT_HoZswXb_A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLdToWCIBzh7btmlFnnKYR4ZDCeDBAEMR39ISgGGoG7GZ4UF8gOuL5e7oJjr5-1nBrv6PFGJ41NRNTL5ZIMta2gO6J6jg

Request Chain 222

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBl_ZqNi_P-wD0fS7XE4Xak&google_cver=1&google_push=AYg5qPKZT8K5i9GnAGKNaZDid4YTmvnn0WYd_LOSBZlypeZ0BbMLxG2C_qAG04Xod60ItwDCFghlMiMc05VoiyyioEWs530dkso HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1JQNU9KOEYtWC1HTVpV&google_push=AYg5qPKZT8K5i9GnAGKNaZDid4YTmvnn0WYd_LOSBZlypeZ0BbMLxG2C_qAG04Xod60ItwDCFghlMiMc05VoiyyioEWs530dkso

Request Chain 223

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_cver=1&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM&google_tc=

Request Chain 224

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEGG-HI6Z-YWj_dc64e3stkU&google_cver=1&google_push=AYg5qPLsLND-HSCS2j7CzxcKQ4K6TtyQEpDjm9GFA7CxOe7VBRsjcR3TQFRpdO41P_6xow6Du3-giDuNYMwaTQWsQqb7hdgVxfnu HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLsLND-HSCS2j7CzxcKQ4K6TtyQEpDjm9GFA7CxOe7VBRsjcR3TQFRpdO41P_6xow6Du3-giDuNYMwaTQWsQqb7hdgVxfnu&google_hm=

Request Chain 226

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 237

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 239

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 240

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGdJuiZBGgZYldhFcAyugaY&google_cver=1&google_push=AYg5qPJYKx4qhx2a5ZAfHK90brYptZk3IIi_NJbRcwE5_JJ2eA7IrC-AI5ECKZ-orYRowAwEBF_QHIHtUhHJEXr_kUv6Z_kB4r1ETQ HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJYKx4qhx2a5ZAfHK90brYptZk3IIi_NJbRcwE5_JJ2eA7IrC-AI5ECKZ-orYRowAwEBF_QHIHtUhHJEXr_kUv6Z_kB4r1ETQ&google_hm=P1N4q2G6NWuj-sk2mIQqHQ

Request Chain 241

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJM1oASz2JrGtt2ZS2V_4s4lQdHp6h5fW-CiSLLSN_yEmHaGm3eoBCgq9NWx5-8k7j2b3swEzj70Gayrt1Kt4LZm9af8pmsAA&google_gid=CAESELpNbDqw2_9sDhAlZ41ZdSU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVFMZEFnQUFBRURAUWdNaA&google_push=AYg5qPJM1oASz2JrGtt2ZS2V_4s4lQdHp6h5fW-CiSLLSN_yEmHaGm3eoBCgq9NWx5-8k7j2b3swEzj70Gayrt1Kt4LZm9af8pmsAA

Request Chain 242

https://d.agkn.com/pixel/2175/?google_gid=CAESELI49_x1Y_Lu7E9-JhuABkE&google_cver=1&google_push=AYg5qPKOoHpVvA_FhfdxqLjYpn2rN7JsGBe5r0MaE6Es351GbLtpIDy7wZCZubuTm4nfEn-lT_ojW34oRFt2TfrekYLhvs_bnitI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKOoHpVvA_FhfdxqLjYpn2rN7JsGBe5r0MaE6Es351GbLtpIDy7wZCZubuTm4nfEn-lT_ojW34oRFt2TfrekYLhvs_bnitI&google_hm=Q0FFU0VMSTQ5X3gxWV9MdTdFOS1KaHVBQmtF

Request Chain 243

https://rtb.openx.net/sync/dds?google_gid=CAESEOMQTPSo4nBnAP0e6quhFHE&google_cver=1&google_push=AYg5qPKqW1iGj3zVgvY8Wy2QuiM_Ck3qpt0KlLJaRW1KcxGdNiqBTj7XlcQNyeHw7MgIlXKv6IVS8vngM-ElvqkPLTtkRcDT5JLFVg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKqW1iGj3zVgvY8Wy2QuiM_Ck3qpt0KlLJaRW1KcxGdNiqBTj7XlcQNyeHw7MgIlXKv6IVS8vngM-ElvqkPLTtkRcDT5JLFVg&google_hm=PMwRDeZ4wR8yvLtIGuM8eA==

Request Chain 244

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBsHSXLc1eRtluLsYQFra8I&google_cver=1&google_push=AYg5qPLftKDLEPWcL1SeNYHQL4nrl2XQ7qezVweiWXBMzxFc9558QIA8bcx11BDH6ptvS0gla7N_yAgFq3igs1CXWONQ2mqFKypJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rm4-0P10RPCT_HoZswXb_A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLftKDLEPWcL1SeNYHQL4nrl2XQ7qezVweiWXBMzxFc9558QIA8bcx11BDH6ptvS0gla7N_yAgFq3igs1CXWONQ2mqFKypJ

Request Chain 245

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENUqWxjKAyUmPKCPcU3kYpM&google_cver=1&google_push=AYg5qPLNtcYxuCy3ArHR25fKxZY0BvUeKJm95LIaPTPPTJ3pxveNCOy5_X3lf9tVePp1R9ejx413cyweXMIfqoUTwJwERUAlyhaAkw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1JQNU9KU0EtOS1IRFZN&google_push=AYg5qPLNtcYxuCy3ArHR25fKxZY0BvUeKJm95LIaPTPPTJ3pxveNCOy5_X3lf9tVePp1R9ejx413cyweXMIfqoUTwJwERUAlyhaAkw

Request Chain 246

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WSg4UQmQppxArwWSPotbYH_61tpw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WSg4UQmQppxArwWSPotbYH_61tpw&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WSg4UQmQppxArwWSPotbYH_61tpw&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WSg4UQmQppxArwWSPotbYH_61tpw&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WSg4UQmQppxArwWSPotbYH_61tpw&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WSg4UQmQppxArwWSPotbYH_61tpw&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WSg4UQmQppxArwWSPotbYH_61tpw&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WSg4UQmQppxArwWSPotbYH_61tpw&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WSg4UQmQppxArwWSPotbYH_61tpw&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WSg4UQmQppxArwWSPotbYH_61tpw&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WSg4UQmQppxArwWSPotbYH_61tpw&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ&google_tc=

Request Chain 251

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 259

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

341 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request petya-ransomware-attack-whats-known.html Show response
www.malwaretech.com/2017/06/ 86 KB
20 KB 79ms
38ms Document
text/html 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32fb7898060ccbd3a367ac28e5208ccc4b3c545561001abec7d1ae13869982f7

Request headers

:method: GET
:authority: www.malwaretech.com
:scheme: https
:path: /2017/06/petya-ransomware-attack-whats-known.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-type: text/html; charset=UTF-8
cf-edge-cache: cache,platform=wordpress
link: <https://www.malwaretech.com/wp-json/>; rel="https://api.w.org/" <https://www.malwaretech.com/wp-json/wp/v2/posts/1535>; rel="alternate"; type="application/json" <https://www.malwaretech.com/?p=1535>; rel=shortlink
cache-control: max-age=7200
cf-cache-status: HIT
age: 6776
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 6767dcc939e61f3d-FRA
content-encoding: gzip

GET
H2 200 n9TF-6GWbkpYTiDSgDnrjC9AIZM.js Show response
www.malwaretech.com/cdn-cgi/apps/head/ 6 KB
2 KB 37ms
33ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/cdn-cgi/apps/head/n9TF-6GWbkpYTiDSgDnrjC9AIZM.js
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3685d730d5d09bf4ccf8f33281ed51d4935f4a8ab3d43a61f6aac8aeacbb32b0

Request headers

:path: /cdn-cgi/apps/head/n9TF-6GWbkpYTiDSgDnrjC9AIZM.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 8421665
cf-ray: 6767dcc98aa81f3d-FRA
content-length: 2027
x-amz-id-2: CX5VuPpP8n0sryE7OpkHYlbXPUvUSOY89RZs/8wOYoJ0On4EC5KGMoTQF0XSqeoBLT3IljR3vq0=
last-modified: Mon, 24 Jul 2017 18:55:19 GMT
server: cloudflare
etag: "c4bd684d33313ebe7a7cf71f089b92a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: 3TYFCTP521XJZC0C
cache-control: public, max-age=31536000
x-amz-version-id: j1YSFYax2pcSNYJDFUkV6sMPxa3w4gKF
accept-ranges: bytes
content-type: application/javascript; charset=utf-8

GET
H2 200 crayon.min.css
www.malwaretech.com/wp-content/plugins/crayon-syntax-highlighter/css/min/ 20 KB
4 KB 32ms
29ms Stylesheet
text/css 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css?ver=_2.7.2_beta
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3d961493e244e06bf91a9857442891e2e2ad8d49cf8e0a7781c53f0707443d7

Request headers

:path: /wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css?ver=_2.7.2_beta
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:19:00 GMT
server: cloudflare
age: 3727
etag: W/"5b58a2f4-4ecc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200
cf-ray: 6767dcc98a9d1f3d-FRA

GET
H2 200 style.min.css
www.malwaretech.com/wp-includes/css/dist/block-library/ 57 KB
9 KB 46ms
43ms Stylesheet
text/css 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 15 Apr 2021 08:17:02 GMT
server: cloudflare
age: 3727
etag: W/"6077f67e-e33b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200
cf-ray: 6767dcc98a9f1f3d-FRA

GET
H2 200 styles.css
www.malwaretech.com/wp-content/plugins/contact-form-7/includes/css/ 2 KB
1 KB 116ms
113ms Stylesheet
text/css 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 284401fd9cc6074e6211119acdfbb4abb56b1d4c0be4323ccce1d6f6da7642ea

Request headers

:path: /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 29 Mar 2021 03:21:27 GMT
server: cloudflare
age: 3727
etag: W/"606147b7-a46"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200
cf-polished: origSize=2630
cf-ray: 6767dcc98aa11f3d-FRA
cf-bgj: minify

GET
H2 200 font-awesome.min.css
www.malwaretech.com/wp-content/themes/imnewspro/css/ 30 KB
7 KB 42ms
39ms Stylesheet
text/css 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/css/font-awesome.min.css?ver=4.7.0
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

:path: /wp-content/themes/imnewspro/css/font-awesome.min.css?ver=4.7.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:42 GMT
server: cloudflare
age: 3727
etag: W/"5b58a3d2-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200
cf-ray: 6767dcc98aa21f3d-FRA

GET
H2 200 animate.css
www.malwaretech.com/wp-content/themes/imnewspro/css/ 55 KB
4 KB 33ms
30ms Stylesheet
text/css 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/css/animate.css?ver=5.7.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06d5a77f098b6b2451dfa88134800ca4c98d3262f92ed3c6e1dac1fb89ff5a8f

Request headers

:path: /wp-content/themes/imnewspro/css/animate.css?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:42 GMT
server: cloudflare
age: 3727
etag: W/"5b58a3d2-13537"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200
cf-polished: origSize=79159
cf-ray: 6767dcc98aa31f3d-FRA
cf-bgj: minify

GET
H2 200 stellarnav.css
www.malwaretech.com/wp-content/themes/imnewspro/css/ 5 KB
1 KB 43ms
40ms Stylesheet
text/css 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/css/stellarnav.css?ver=1.1
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b4810564b571191a09dd7dcaf40d08b02f51cdbbd6f97227a08f417cb7e09e4

Request headers

:path: /wp-content/themes/imnewspro/css/stellarnav.css?ver=1.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:42 GMT
server: cloudflare
age: 3727
etag: W/"5b58a3d2-165a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200
cf-polished: origSize=5722
cf-ray: 6767dcc98aa41f3d-FRA
cf-bgj: minify

GET
H2 200 owl.carousel.min.css
www.malwaretech.com/wp-content/themes/imnewspro/css/ 3 KB
973 B 44ms
41ms Stylesheet
text/css 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/css/owl.carousel.min.css?ver=2.2.1
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 016ab0bd0de4839680e4a717a57db9b182a8c2c5fdeec4c24db7a8df761fca4d

Request headers

:path: /wp-content/themes/imnewspro/css/owl.carousel.min.css?ver=2.2.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:42 GMT
server: cloudflare
age: 3727
etag: W/"5b58a3d2-b78"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200
cf-ray: 6767dcc98aa51f3d-FRA

GET
H2 200 bootstrap.min.css
www.malwaretech.com/wp-content/themes/imnewspro/css/ 118 KB
19 KB 40ms
38ms Stylesheet
text/css 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/css/bootstrap.min.css?ver=3.3.7
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 81fb74b605de7c59fe465ea0b15dbf963e5d7fa719834ae6e96240848d7dd9f8

Request headers

:path: /wp-content/themes/imnewspro/css/bootstrap.min.css?ver=3.3.7
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:42 GMT
server: cloudflare
age: 3727
etag: W/"5b58a3d2-1d959"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200
cf-ray: 6767dcc98aa61f3d-FRA

GET
H2 200 owl.theme.css
www.malwaretech.com/wp-content/themes/imnewspro/css/ 1 KB
533 B 31ms
29ms Stylesheet
text/css 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/css/owl.theme.css?ver=1.3.3
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 412752ed1c97f0aef8acf02f8ced68186ecdf81b8182f11c981b1e3436748c52

Request headers

:path: /wp-content/themes/imnewspro/css/owl.theme.css?ver=1.3.3
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:42 GMT
server: cloudflare
age: 3727
etag: W/"5b58a3d2-681"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200
cf-polished: origSize=1665
cf-ray: 6767dcc98aa71f3d-FRA
cf-bgj: minify

GET
H2 200 jquery.simplyscroll.css
www.malwaretech.com/wp-content/themes/imnewspro/css/ 3 KB
715 B 106ms
98ms Stylesheet
text/css 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/css/jquery.simplyscroll.css?ver=5.7.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 965e4348118ecf7960a924654b0a7572056dc55fb4f03f8c143f8d6b7d38f0d1

Request headers

:path: /wp-content/themes/imnewspro/css/jquery.simplyscroll.css?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:42 GMT
server: cloudflare
age: 3727
etag: W/"5b58a3d2-136b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200
cf-polished: origSize=4971
cf-ray: 6767dcc99ac71f3d-FRA
cf-bgj: minify

GET
H2 200 default.css
www.malwaretech.com/wp-content/themes/imnewspro/css/ 31 KB
7 KB 36ms
28ms Stylesheet
text/css 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/css/default.css?ver=5.7.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b62a40906eeaa1e1d6c1d220801a6ff2ee420d94193d768d65f43a7aa5c840f1

Request headers

:path: /wp-content/themes/imnewspro/css/default.css?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 04 Jul 2019 16:26:34 GMT
server: cloudflare
age: 3727
etag: W/"5d1e28ba-aa25"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200
cf-polished: origSize=43557
cf-ray: 6767dcc99acb1f3d-FRA
cf-bgj: minify

GET
H2 200 style.css
www.malwaretech.com/wp-content/themes/imnewspro/ 0
90 B 49ms
41ms Stylesheet
text/css 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/style.css?ver=5.7.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /wp-content/themes/imnewspro/style.css?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:38 GMT
server: cloudflare
age: 3727
etag: "5b58a3ce-2d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200
cf-polished: origSize=724
accept-ranges: bytes
cf-ray: 6767dcc99ace1f3d-FRA
content-length: 0
cf-bgj: minify

GET
H2 200 jquery.min.js Show response
www.malwaretech.com/wp-includes/js/jquery/ 87 KB
30 KB 45ms
43ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

:path: /wp-includes/js/jquery/jquery.min.js?ver=3.5.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 29 Dec 2020 21:02:23 GMT
server: cloudflare
age: 3727
etag: W/"5feb995f-15d98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dcc99ad01f3d-FRA

GET
H2 200 jquery-migrate.min.js Show response
www.malwaretech.com/wp-includes/js/jquery/ 11 KB
4 KB 44ms
42ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

:path: /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 29 Dec 2020 21:02:23 GMT
server: cloudflare
age: 3727
etag: W/"5feb995f-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dcc99ad41f3d-FRA

GET
H2 200 crayon.min.js Show response
www.malwaretech.com/wp-content/plugins/crayon-syntax-highlighter/js/min/ 22 KB
7 KB 86ms
85ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.min.js?ver=_2.7.2_beta
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b

Request headers

:path: /wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.min.js?ver=_2.7.2_beta
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:18:56 GMT
server: cloudflare
age: 3727
etag: W/"5b58a2f0-5741"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dcc99ad51f3d-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 136 KB
48 KB 89ms
28ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83343529aac74abdbf4ebdefd6eb15cf706f46eedb3f3347f57dbb647c296f5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49338
x-xss-protection: 0
server: cafe
etag: 10822840083594062077
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 29 Jul 2021 16:53:16 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 74ms
9ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668C) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:16 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/668C)
Age: 589
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

GET
H2 403 platform.js
apis.google.com/js/ 0
0 388ms
266ms Script
text/html 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apis.google.com/js/platform.js
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 twitter.png
www.malwaretech.com/wp-content/themes/mt/includes/images/ 3 KB
3 KB 85ms
29ms Image
image/png 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.malwaretech.com/wp-content/themes/mt/includes/images/twitter.png
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a3409c07f69b58691261f7706f3c7f7aab5875fcb27f6314d306631722c90aa

Request headers

:path: /wp-content/themes/mt/includes/images/twitter.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:36 GMT
server: cloudflare
age: 3727
etag: "5b58a3cc-c3e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 6767dccb4e2f1f3d-FRA
content-length: 3134

GET
H2 200 youtube.png
www.malwaretech.com/wp-content/themes/mt/includes/images/ 4 KB
4 KB 89ms
33ms Image
image/png 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.malwaretech.com/wp-content/themes/mt/includes/images/youtube.png
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57a9f18341bdc109eb19087061ed0c36563cd726fdd2cfe82becabe62c3e8bb9

Request headers

:path: /wp-content/themes/mt/includes/images/youtube.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:36 GMT
server: cloudflare
age: 3727
etag: "5b58a3cc-e94"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 6767dccb4e311f3d-FRA
content-length: 3732

GET
H2 200 twitch.png
www.malwaretech.com/wp-content/themes/mt/includes/images/ 1 KB
2 KB 91ms
35ms Image
image/png 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.malwaretech.com/wp-content/themes/mt/includes/images/twitch.png
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6772c7abf5a3cc7794b7eedc385be0f2a64ff5bf358ab0ca85c846e7d8998f40

Request headers

:path: /wp-content/themes/mt/includes/images/twitch.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:36 GMT
server: cloudflare
age: 3727
etag: "5b58a3cc-5cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 6767dccb4e321f3d-FRA
content-length: 1485

GET
H2 200 discord.png
www.malwaretech.com/wp-content/themes/mt/includes/images/ 2 KB
2 KB 88ms
32ms Image
image/png 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.malwaretech.com/wp-content/themes/mt/includes/images/discord.png
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 710636751a9f8b74353c03e68f515926978f48c6cbda1242842608071a750b8c

Request headers

:path: /wp-content/themes/mt/includes/images/discord.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
cf-cache-status: HIT
last-modified: Sun, 04 Aug 2019 21:03:28 GMT
server: cloudflare
age: 3727
etag: "5d474820-80a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 6767dccb4e331f3d-FRA
content-length: 2058

GET
H2 200 instagram2.png
www.malwaretech.com/wp-content/themes/mt/includes/images/ 3 KB
3 KB 74ms
19ms Image
image/png 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.malwaretech.com/wp-content/themes/mt/includes/images/instagram2.png
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e34a6af51bb4d4f14eb8a61a56affc7708eae7aea45cca6a70e36dd118793b70

Request headers

:path: /wp-content/themes/mt/includes/images/instagram2.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
cf-cache-status: HIT
last-modified: Sun, 04 Aug 2019 21:31:44 GMT
server: cloudflare
age: 3727
etag: "5d474ec0-a50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 6767dccb4e341f3d-FRA
content-length: 2640

GET
H2 200 rss.png
www.malwaretech.com/wp-content/themes/mt/includes/images/ 3 KB
3 KB 87ms
32ms Image
image/png 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.malwaretech.com/wp-content/themes/mt/includes/images/rss.png
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab4529baacdbbc2917b158b1ec42ef35bf04d2ef0b5a1236a74561d4364e62c4

Request headers

:path: /wp-content/themes/mt/includes/images/rss.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:36 GMT
server: cloudflare
age: 3727
etag: "5b58a3cc-d9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 6767dccb4e361f3d-FRA
content-length: 3483

GET
H2 200 become_a_patron_button.png
www.malwaretech.com/wp-content/themes/mt/includes/images/ 3 KB
3 KB 83ms
30ms Image
image/png 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.malwaretech.com/wp-content/themes/mt/includes/images/become_a_patron_button.png
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: adedb4d78780884e3d7848c921f4c9bf2511c4bae25bb4cbc466c7d4d96a4884

Request headers

:path: /wp-content/themes/mt/includes/images/become_a_patron_button.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:36 GMT
server: cloudflare
age: 3727
etag: "5b58a3cc-c0e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 6767dccb4e391f3d-FRA
content-length: 3086

GET
H2 200 wp-polyfill.min.js Show response
www.malwaretech.com/wp-includes/js/dist/vendor/ 97 KB
34 KB 33ms
33ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3

Request headers

:path: /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 29 Dec 2020 21:02:23 GMT
server: cloudflare
age: 3727
etag: W/"5feb995f-183ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dccabd0d1f3d-FRA

GET
H2 200 hooks.min.js Show response
www.malwaretech.com/wp-includes/js/dist/ 7 KB
2 KB 69ms
67ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-includes/js/dist/hooks.min.js?ver=50e23bed88bcb9e6e14023e9961698c1
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21a9753c3327bf6348a1e76b45a2a620694f77283564c6728068467cf1b3868b

Request headers

:path: /wp-includes/js/dist/hooks.min.js?ver=50e23bed88bcb9e6e14023e9961698c1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 29 Mar 2021 03:20:48 GMT
server: cloudflare
age: 3727
etag: W/"60614790-1b19"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dccaed4f1f3d-FRA

GET
H2 200 i18n.min.js Show response
www.malwaretech.com/wp-includes/js/dist/ 10 KB
4 KB 26ms
25ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-includes/js/dist/i18n.min.js?ver=db9a9a37da262883343e941c3731bc67
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fef7a46a32609d5704fa770e930a73ecefd399e367bf8a2d0b6e18292126bef

Request headers

:path: /wp-includes/js/dist/i18n.min.js?ver=db9a9a37da262883343e941c3731bc67
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 29 Mar 2021 03:20:48 GMT
server: cloudflare
age: 3727
etag: W/"60614790-27b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dccaed521f3d-FRA

GET
H2 200 lodash.min.js Show response
www.malwaretech.com/wp-includes/js/dist/vendor/ 71 KB
25 KB 39ms
38ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.19
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26f87df80e0735b6d6b169750f0ee403336c537cbc7a51888cb9d449434cb4b8

Request headers

:path: /wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.19
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 29 Dec 2020 21:02:23 GMT
server: cloudflare
age: 3727
etag: W/"5feb995f-11c65"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dccaed541f3d-FRA

GET
H2 200 url.min.js Show response
www.malwaretech.com/wp-includes/js/dist/ 8 KB
3 KB 37ms
36ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-includes/js/dist/url.min.js?ver=0ac7e0472c46121366e7ce07244be1ac
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bec20adaf53a0573ead4dd69e2360e7a78341073cceb950949a64d60ef0a67e1

Request headers

:path: /wp-includes/js/dist/url.min.js?ver=0ac7e0472c46121366e7ce07244be1ac
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 29 Mar 2021 03:20:48 GMT
server: cloudflare
age: 3727
etag: W/"60614790-21ac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dccaed551f3d-FRA

GET
H2 200 api-fetch.min.js Show response
www.malwaretech.com/wp-includes/js/dist/ 12 KB
3 KB 36ms
36ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-includes/js/dist/api-fetch.min.js?ver=a783d1f442d2abefc7d6dbd156a44561
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9ff36d920672b4076a5d58283d7a4332d094bbfcb2a8c146bc9311150e5c43c

Request headers

:path: /wp-includes/js/dist/api-fetch.min.js?ver=a783d1f442d2abefc7d6dbd156a44561
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 29 Mar 2021 03:20:48 GMT
server: cloudflare
age: 3727
etag: W/"60614790-307c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dccaed571f3d-FRA

GET
H2 200 index.js Show response
www.malwaretech.com/wp-content/plugins/contact-form-7/includes/js/ 11 KB
3 KB 64ms
61ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ccff49c86ee1937dd371734a05307e1abc057b3c255587ed918e47b1cf728d93

Request headers

:path: /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 29 Mar 2021 03:21:27 GMT
server: cloudflare
age: 3727
etag: W/"606147b7-2ac2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dccaed621f3d-FRA
cf-bgj: minify

GET
H2 200 comment_count.js Show response
www.malwaretech.com/wp-content/plugins/disqus-comment-system/public/js/ 708 B
521 B 32ms
30ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.21
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6

Request headers

:path: /wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.21
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 29 Mar 2021 03:21:39 GMT
server: cloudflare
age: 3727
etag: W/"606147c3-379"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-polished: origSize=889
cf-ray: 6767dccaed641f3d-FRA
cf-bgj: minify

GET
H2 200 comment_embed.js Show response
www.malwaretech.com/wp-content/plugins/disqus-comment-system/public/js/ 828 B
462 B 59ms
57ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.21
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7f5a831ead8920451598097754bb1d4fbf16fff1fd90794b950724867345794

Request headers

:path: /wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.21
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 29 Mar 2021 03:21:39 GMT
server: cloudflare
age: 136
etag: W/"606147c3-47e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-polished: origSize=1150
cf-ray: 6767dccaed671f3d-FRA
cf-bgj: minify

GET
H2 200 comment-reply.min.js Show response
www.malwaretech.com/wp-includes/js/ 3 KB
1 KB 83ms
81ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-includes/js/comment-reply.min.js?ver=5.7.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103

Request headers

:path: /wp-includes/js/comment-reply.min.js?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 15 Apr 2021 08:17:02 GMT
server: cloudflare
age: 136
etag: W/"6077f67e-ba8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dccafd6a1f3d-FRA

GET
H2 200 bootstrap.min.js Show response
www.malwaretech.com/wp-content/themes/imnewspro/js/ 36 KB
10 KB 61ms
59ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/js/bootstrap.min.js?ver=5.7.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

:path: /wp-content/themes/imnewspro/js/bootstrap.min.js?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:42 GMT
server: cloudflare
age: 3727
etag: W/"5b58a3d2-90b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dccafd6b1f3d-FRA

GET
H2 200 owl.carousel.min.js Show response
www.malwaretech.com/wp-content/themes/imnewspro/js/ 42 KB
11 KB 50ms
48ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/js/owl.carousel.min.js?ver=5.7.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43

Request headers

:path: /wp-content/themes/imnewspro/js/owl.carousel.min.js?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:40 GMT
server: cloudflare
age: 3727
etag: W/"5b58a3d0-a70e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dccafd6c1f3d-FRA

GET
H2 200 stellarnav.js Show response
www.malwaretech.com/wp-content/themes/imnewspro/js/ 2 KB
889 B 59ms
57ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/js/stellarnav.js?ver=5.7.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae088365040d1cd3d2656c8504d90719f44added660f44517b57b81c86560f1d

Request headers

:path: /wp-content/themes/imnewspro/js/stellarnav.js?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:42 GMT
server: cloudflare
age: 3727
etag: W/"5b58a3d2-d8c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-polished: origSize=3468
cf-ray: 6767dccafd6e1f3d-FRA
cf-bgj: minify

GET
H2 200 jquery.simplyscroll.js Show response
www.malwaretech.com/wp-content/themes/imnewspro/js/ 8 KB
2 KB 32ms
30ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/js/jquery.simplyscroll.js?ver=5.7.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e27b22c6660c123d106669f3c72e66629ea0b7f05fcedb10ba081ed9483dbb3c

Request headers

:path: /wp-content/themes/imnewspro/js/jquery.simplyscroll.js?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:40 GMT
server: cloudflare
age: 3727
etag: W/"5b58a3d0-30a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-polished: origSize=12455
cf-ray: 6767dccafd711f3d-FRA
cf-bgj: minify

GET
H2 200 custom.js Show response
www.malwaretech.com/wp-content/themes/imnewspro/js/ 2 KB
634 B 62ms
61ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/js/custom.js?ver=5.7.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1cfb51f3a30a24d0db22abf4f09eb7ca19b7773c2b97baea77233fb367046bf1

Request headers

:path: /wp-content/themes/imnewspro/js/custom.js?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:40 GMT
server: cloudflare
age: 3727
etag: W/"5b58a3d0-d30"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-polished: origSize=3376
cf-ray: 6767dccafd741f3d-FRA
cf-bgj: minify

GET
H2 200 wp-embed.min.js Show response
www.malwaretech.com/wp-includes/js/ 1 KB
880 B 82ms
25ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-includes/js/wp-embed.min.js?ver=5.7.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 04 Feb 2021 08:17:29 GMT
server: cloudflare
age: 3727
etag: W/"601bad99-592"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dccb4e2c1f3d-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 57ms
3ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/cdn-cgi/apps/head/n9TF-6GWbkpYTiDSgDnrjC9AIZM.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 5692
date: Thu, 29 Jul 2021 15:18:24 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Thu, 29 Jul 2021 17:18:24 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.malwaretech.com/wp-includes/js/ 14 KB
5 KB 90ms
37ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-includes/js/wp-emoji-release.min.js?ver=5.7.2
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 04 Feb 2021 08:17:29 GMT
server: cloudflare
age: 3727
etag: W/"601bad99-3795"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-ray: 6767dccb5e711f3d-FRA

GET
H2 200 css
fonts.googleapis.com/ 11 KB
781 B 22ms
22ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway:300,400,500,600,700,800,900

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/wp-content/themes/imnewspro/css/default.css?ver=5.7.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

48b2377c74c9ea0b87b9c14a63f3a93960ca119a0d31d34628442184dc64e325

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 16:53:16 GMT
server: ESF
date: Thu, 29 Jul 2021 16:53:16 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Jul 2021 16:53:16 GMT

GET
H2 200 1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v22/ 46 KB
46 KB 18ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v22/1Ptug8zYS_SKggPNyC0ITw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:300,400,500,600,700,800,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.malwaretech.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 01:45:28 GMT
x-content-type-options: nosniff
age: 227268
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47312
x-xss-protection: 0
last-modified: Tue, 29 Jun 2021 19:40:30 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 01:45:28 GMT

GET
H2 200 fontawesome-webfont.woff2
www.malwaretech.com/wp-content/themes/imnewspro/fonts/ 75 KB
76 KB 73ms
68ms Font
application/octet-stream 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.malwaretech.com/wp-content/themes/imnewspro/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/wp-content/themes/imnewspro/css/font-awesome.min.css?ver=4.7.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

:path: /wp-content/themes/imnewspro/fonts/fontawesome-webfont.woff2?v=4.7.0
pragma: no-cache
origin: https://www.malwaretech.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/wp-content/themes/imnewspro/css/font-awesome.min.css?ver=4.7.0
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.malwaretech.com
Referer: https://www.malwaretech.com/wp-content/themes/imnewspro/css/font-awesome.min.css?ver=4.7.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:22:40 GMT
server: cloudflare
age: 4840
etag: "5b58a3d0-12d68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 6767dccb5e741f3d-FRA
content-length: 77160

GET
H3-29 200 1Ptug8zYS_SKggPNyCkIT5lu.woff2
fonts.gstatic.com/s/raleway/v22/ 25 KB
25 KB 10ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v22/1Ptug8zYS_SKggPNyCkIT5lu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:300,400,500,600,700,800,900

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c28cf9531a92b13f64e6bde8578d730da9920d06883a826a944ba161e3cda818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.malwaretech.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 00:15:33 GMT
x-content-type-options: nosniff
age: 232663
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25584
x-xss-protection: 0
last-modified: Tue, 29 Jun 2021 19:43:43 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 00:15:33 GMT

GET
H2 200 overwritten.png
www.malwaretech.com/wp-content/uploads/2017/06/ 75 KB
75 KB 33ms
23ms Image
image/png 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.malwaretech.com/wp-content/uploads/2017/06/overwritten.png
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0389191e5573be2ec04a849b6e8d052dc5c5e0cad93de1d81a6823af9f9e64dd

Request headers

:path: /wp-content/uploads/2017/06/overwritten.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.malwaretech.com
referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:16 GMT
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:12:24 GMT
server: cloudflare
age: 6776
etag: "5b58a168-12be6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200
accept-ranges: bytes
cf-ray: 6767dcccf9411f3d-FRA
content-length: 76774

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 13ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=967855583&t=pageview&_s=1&dl=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&ul=en-us&de=UTF-8&dt=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=2114038207&gjid=714776282&cid=2108697425.1627577597&tid=UA-56814785-2&_gid=730964720.1627577597&_r=1&_slc=1&z=727376198

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.malwaretech.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 403 platform.js
apis.google.com/js/ 0
0 365ms
343ms Script
text/html 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apis.google.com/js/platform.js
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107280101/ 250 KB
93 KB 54ms
34ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107280101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3337609182489974&plah=www.malwaretech.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4874d00f8999743ad740176788e25f25fb60ce668ce7e410975092ee271ea904

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95279
x-xss-protection: 0
server: cafe
etag: 5035717091892317449
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 29 Jul 2021 16:53:17 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210727/r20190131/ Frame 4847 10 KB
5 KB 10ms
10ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210727/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1310353e02e0a006b79b7d607131cb6d9411543a8957b772f565816fdf3ce4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210727/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.malwaretech.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 28 Jul 2021 19:25:37 GMT
expires: Wed, 11 Aug 2021 19:25:37 GMT
content-type: text/html; charset=UTF-8
etag: 4389807852502320046
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4579
x-xss-protection: 0
age: 77260
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
88 B 20ms
19ms XHR
text/plain 2a00:1450:400c:c0d::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-56814785-2&cid=2108697425.1627577597&jid=2114038207&gjid=714776282&_gid=730964720.1627577597&_u=IEBAAEAAAAAAAC~&z=530240918

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0d::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 29 Jul 2021 16:53:17 GMT
content-type: text/plain
access-control-allow-origin: https://www.malwaretech.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 205 B
660 B 51ms
17ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.malwaretech.com&callback=_gfp_s_&client=ca-pub-3337609182489974

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107280101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3337609182489974&plah=www.malwaretech.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e325ec42752d28139419ddc0b35ef8286b052890a6547191ad103d436d106c39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 48ms
16ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.malwaretech.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 29 Jul 2021 16:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 45ms
16ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.malwaretech.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 29 Jul 2021 16:53:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1159 84 KB
27 KB 317ms
316ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&adk=1812271804&adf=3025194257&lmt=1627577597&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577597250&bpp=4&bdt=858&idt=119&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=920484415588&frm=20&pv=2&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=155

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c631de8cea5883c158a59abde14cea384df3d66bd1f1dea8522485f7f299566

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3337609182489974&output=html&adk=1812271804&adf=3025194257&lmt=1627577597&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577597250&bpp=4&bdt=858&idt=119&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=920484415588&frm=20&pv=2&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=155
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.malwaretech.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 29 Jul 2021 16:53:17 GMT
server: cafe
content-length: 27495
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Jul-2021 17:08:17 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Jul 2021 16:53:17 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 48ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

727d06f38b813004baa0b6a9c96c24e2bce04b7be4c05f9486499f4250f9a772

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:17 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627298829912756"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27995
x-xss-protection: 0
expires: Thu, 29 Jul 2021 16:53:17 GMT

GET
H2 200 widget.js Show response
malwaretech.com/wp-content/plugins/cryptodonate/ 895 B
618 B 46ms
26ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malwaretech.com/wp-content/plugins/cryptodonate/widget.js
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7a843066ece31f30d69ddf42e687855fe094150c782e7f06a96857d3efc506e

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:17 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:13:20 GMT
server: cloudflare
age: 137
etag: W/"5b58a1a0-5b7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-polished: origSize=1463
cf-ray: 6767dcd10fa11f3d-FRA
cf-bgj: minify

GET
H/1.1 200
OK count.js Show response
malwaretech2.disqus.com/ 1 KB
1 KB 34ms
7ms Script
application/javascript 151.101.12.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwaretech2.disqus.com/count.js

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.21

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:17 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 212
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 23 Jul 2021 20:15:53 GMT
Server: nginx
ETag: "60fb2379-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
X-Amz-Cf-Pop: DFW55-C3
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: 8cX38RpsScLj0s2Eld5nqhk69GLjVMasUUKunDipYu1V5SiNIl2iqA==

GET
H/1.1 200
OK embed.js Show response
malwaretech2.disqus.com/ 75 KB
25 KB 203ms
176ms Script
application/javascript 151.101.12.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwaretech2.disqus.com/embed.js

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.21

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

aae44ee57ea61f562da9cf211a2a0896009903aada268ce626ec33016995f2fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:17 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 24719

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame 4A95 319 KB
103 KB 18ms
12ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwww.malwaretech.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6760) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.malwaretech.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 684941
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 29 Jul 2021 16:53:17 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6760)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
H2 200 cryptodonate.css
malwaretech.com/wp-content/plugins/cryptodonate//css/ 2 KB
792 B 22ms
21ms Stylesheet
text/css 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malwaretech.com/wp-content/plugins/cryptodonate//css/cryptodonate.css
Requested by: Host: malwaretech.com
URL: https://malwaretech.com/wp-content/plugins/cryptodonate/widget.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2563f05f9585ce46cf6dc648049b0ef3e0a5f9c038c45c732b2bdbc7de8bf71f

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:17 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:13:20 GMT
server: cloudflare
age: 137
etag: W/"5b58a1a0-a7f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200
cf-polished: origSize=2687
cf-ray: 6767dcd1787a1f3d-FRA
cf-bgj: minify

GET
H2 200 cryptodonate.js Show response
malwaretech.com/wp-content/plugins/cryptodonate/ 4 KB
1 KB 22ms
22ms Script
application/javascript 2606:4700:10::6814:5037
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://malwaretech.com/wp-content/plugins/cryptodonate/cryptodonate.js
Requested by: Host: malwaretech.com
URL: https://malwaretech.com/wp-content/plugins/cryptodonate/widget.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:5037 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d9a99f2605112c60740456c379042f17041e4f678f083c659874f1748fcb124

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:17 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 25 Jul 2018 16:13:20 GMT
server: cloudflare
age: 137
etag: W/"5b58a1a0-1b44"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
cf-polished: origSize=6980
cf-ray: 6767dcd1787d1f3d-FRA
cf-bgj: minify

GET
H2 200 icon_litecoin.png
lab.subinsb.com/projects/francium/cryptodonate/img/ 2 KB
2 KB 533ms
19ms Image
image/png 2606:4700:3036::ac43:8259
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lab.subinsb.com/projects/francium/cryptodonate/img/icon_litecoin.png
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:8259 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 118ef07563848a2b497c416852714497e942cb8dd15eff3fd5495d2462eaf2d3

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: ad100355cb9483a2cbb3c3fe31e2634321fd8858
date: Thu, 29 Jul 2021 16:53:18 GMT
via: 1.1 varnish
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 137
x-cache: HIT
x-cache-hits: 1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1907
x-served-by: cache-fra19162-FRA
last-modified: Sat, 15 Aug 2020 11:32:42 GMT
server: cloudflare
x-github-request-id: BEB2:801A:254B6:2692C:60DB0BEB
x-timer: S1625052237.723729,VS0,VE87
etag: "5f37c7da-773"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TkXiJ%2FYMHTWUbDm238NbR3TtehusRHjoYiM0pZ%2BSdYloHkAjKMhgp2JuU54pmzPwURyAkPG%2B8Ihu%2FMV4MvbyJAHMCFqRVom6%2BMawoS5PgHPat3BDM%2FC2D3jSQAzO8BNklL4axIDN9ORGsQCwAe8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6767dcd4ff7e05bb-FRA
x-proxy-cache: MISS
expires: Thu, 29 Jul 2021 06:12:13 GMT

GET
H2 200 wallet.png
lab.subinsb.com/projects/francium/cryptodonate/img/ 2 KB
3 KB 537ms
24ms Image
image/png 2606:4700:3036::ac43:8259
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lab.subinsb.com/projects/francium/cryptodonate/img/wallet.png
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:8259 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 082d133f7e02e15049decb21330faf910885ab023204c60f0613bbbfea3edc1a

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 436959d133e49a3c9c8a93bef816d1608ff1b9b3
date: Thu, 29 Jul 2021 16:53:18 GMT
via: 1.1 varnish
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 524
x-cache: HIT
x-cache-hits: 1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2395
x-served-by: cache-fra19134-FRA
last-modified: Sat, 15 Aug 2020 11:32:42 GMT
server: cloudflare
x-github-request-id: EA3C:7293:1F9725:20474C:60805DF6
x-timer: S1619155380.047283,VS0,VE1
etag: "5f37c7da-95b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wEf%2Fs%2FrxebXaUwijITPQn0dgRKH6dXFeNN0DqVngnL9FidP6XJCoJdxN62qQGlJci4s7Vlj0A27YWdiH09M4CXUnNZda5z8ehWWZKiyghu5JomvvMThDNbmsTWMx2NVN2LrlFdtQU6e%2F5V8KvlE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6767dcd4ff8105bb-FRA
x-proxy-cache: MISS
expires: Thu, 29 Jul 2021 03:36:11 GMT

GET
H2 200 icon_ethereum.png
lab.subinsb.com/projects/francium/cryptodonate/img/ 1 KB
2 KB 520ms
14ms Image
image/png 2606:4700:3036::ac43:8259
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lab.subinsb.com/projects/francium/cryptodonate/img/icon_ethereum.png
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:8259 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 523756a966da1c8dde3cc1e0d5f4018161819dd0e94cc0f45c2845e366112dce

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 258101930d9ae3d3f70a22df0cda63c46cc18bf0
date: Thu, 29 Jul 2021 16:53:18 GMT
via: 1.1 varnish
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 548
x-cache: HIT
x-cache-hits: 1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1151
x-served-by: cache-fra19162-FRA
last-modified: Sat, 15 Aug 2020 11:32:42 GMT
server: cloudflare
x-github-request-id: 9000:76F0:1D549C6:1E4A772:607F9361
x-timer: S1619155380.046895,VS0,VE1
etag: "5f37c7da-47f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DHmHKm9CkUhxHy8LQVDQObqDTqZ5MCulUlRx6jP6ZBaVv9A%2F3DmFuh9emIhUdpaET74wgANVqdqo05GfZlVGriw5wowqaXDQ%2FE2QBtdqXr2ax7iH87QI09kZNbNjyn3e7N7FWu7ueB0b66P6dTE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6767dcd4ff7605bb-FRA
x-proxy-cache: MISS
expires: Wed, 28 Jul 2021 20:38:04 GMT

GET
H2 200 icon_bitcoin.png
lab.subinsb.com/projects/francium/cryptodonate/img/ 2 KB
2 KB 521ms
16ms Image
image/png 2606:4700:3036::ac43:8259
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lab.subinsb.com/projects/francium/cryptodonate/img/icon_bitcoin.png
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:8259 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20b37ded4e153d334d44fb14ae8a9179e7b28cf7aa75951631dd4d38fdbecc6f

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 5aedbb238aae0b333f4e197cef09b09bbc459d55
date: Thu, 29 Jul 2021 16:53:18 GMT
via: 1.1 varnish
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 524
x-cache: HIT
x-cache-hits: 1
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1786
x-served-by: cache-fra19141-FRA
last-modified: Sat, 15 Aug 2020 11:32:42 GMT
server: cloudflare
x-github-request-id: 461A:71C6:1C9A8E:1DEC97:60822DB8
x-timer: S1619155380.046748,VS0,VE0
etag: "5f37c7da-6fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WWO0RTFEd%2F6nF4wSY611h8AqS7oQfBkEoLsgV6BbSc2nDZNP4GICzul51Prht1NbW94f65%2FkRxovF4OQfEOj50s7XkgBIDKYipE3sBgSztjo8QN5GRIiFy18i0G8rmsnAlO%2Fn7ZQMck5LgZ4slA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6767dcd4ff7c05bb-FRA
x-proxy-cache: MISS
expires: Wed, 28 Jul 2021 22:29:36 GMT

GET
H2 200 lounge.e16bb81d3982e913e07bd7f31be71a6c.css
c.disquscdn.com/next/embed/styles/ 0
26 KB 50ms
19ms Other
text/css 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.e16bb81d3982e913e07bd7f31be71a6c.css

Requested by

Host: malwaretech2.disqus.com
URL: https://malwaretech2.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:21:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1459931
x-cache: Hit from cloudfront
content-length: 25871
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Thu, 08 Jul 2021 22:07:43 GMT
server: nginx
etag: "60e7772f-650f"
content-type: text/css; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Tue, 12 Jul 2022 19:21:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: AFHI8fInBGWufFRKEUtHDzxQWk4l86UV5N6MaMFEBSvgzsZUJLkLIg==
x-cache-hits: 0

GET
H2 200 common.bundle.ee2555081038338ea4f41cbb3ea1bc17.js
c.disquscdn.com/next/embed/ 0
93 KB 66ms
48ms Other
application/javascript 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.ee2555081038338ea4f41cbb3ea1bc17.js

Requested by

Host: malwaretech2.disqus.com
URL: https://malwaretech2.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 20:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 852365
x-cache: Hit from cloudfront
content-length: 94790
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 19 Jul 2021 19:39:06 GMT
server: nginx
etag: "60f5d4da-17246"
content-type: application/javascript; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Tue, 19 Jul 2022 20:07:13 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: zxAQ1QHQQPCaIeSrRgTGkprNdPvSkL8llM5dwHzYMGZ16INwl_QZpQ==
x-cache-hits: 0

GET
H2 200 lounge.bundle.106faac21c6c76e0298d1a260d46eaf3.js
c.disquscdn.com/next/embed/ 0
119 KB 49ms
31ms Other
application/javascript 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.106faac21c6c76e0298d1a260d46eaf3.js

Requested by

Host: malwaretech2.disqus.com
URL: https://malwaretech2.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 18:46:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 770826
x-cache: Hit from cloudfront
content-length: 120690
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 20 Jul 2021 18:26:52 GMT
server: nginx
etag: "60f7156c-1d772"
content-type: application/javascript; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Wed, 20 Jul 2022 18:46:12 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: y2Pvm_bl0-d5EXrMGsdD94dHnu9xwEalt2u8TKKSCeT2IrrkRI8H-w==
x-cache-hits: 0

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
12 KB 51ms
13ms Other
application/javascript 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: malwaretech2.disqus.com
URL: https://malwaretech2.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:18 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 2
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 12171
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK recommendations.js Show response
malwaretech2.disqus.com/ 62 KB
21 KB 171ms
158ms Script
application/javascript 151.101.12.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwaretech2.disqus.com/recommendations.js

Requested by

Host: malwaretech2.disqus.com
URL: https://malwaretech2.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

28f08e71d4ada2db8c7b06458fb50f024ce7bb840753209e03202395060412c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:18 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding, Accept, Accept-Encoding, X-Forwarded-Proto, X-Disqus-Shortname, X-Disqus-Device, X-Disqus-Experiment, X-Disqus-Is-Private, X-Disqus-Development-Base
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: stale-while-revalidate=60, public, stale-if-error=86400, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 20836

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame 5C72 31 KB
8 KB 242ms
221ms Document
text/html 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default

Requested by

Host: malwaretech2.disqus.com
URL: https://malwaretech2.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e53444541f1206a0c62d424657f960f31f44c743962d90877ff0c3d6a2a17276

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.malwaretech.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

Connection: keep-alive
Content-Length: 7361
Server: nginx
Content-Type: text/html; charset=utf-8
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified: Sun, 11 Jul 2021 10:43:55 GMT
ETag: W/"lounge:view:5946851682.907bc24c8280dfeb5b24299c1422b473.2"
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Referrer-Policy: no-referrer-when-downgrade
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Date: Thu, 29 Jul 2021 16:53:18 GMT
Age: 0
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 recommendations.eff219b98b7c4167b4b289065f36f391.css
c.disquscdn.com/next/recommendations/styles/ 0
4 KB 40ms
37ms Other
text/css 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/styles/recommendations.eff219b98b7c4167b4b289065f36f391.css

Requested by

Host: malwaretech2.disqus.com
URL: https://malwaretech2.disqus.com/recommendations.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 06 May 2021 10:11:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7281723
x-cache: Hit from cloudfront
content-length: 3748
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 28 Apr 2021 21:48:08 GMT
server: nginx
etag: "6089d818-ea4"
content-type: text/css; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Fri, 06 May 2022 10:11:15 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: 9BAst2RjJCVpDM-Ko1Z3S0B9316YHxqyRCpUe2ailnHg8iq-N5S76g==
x-cache-hits: 0

GET
H2 200 common.bundle.72e35017d98ea7f210961b0d5c38444a.js
c.disquscdn.com/next/recommendations/ 0
87 KB 39ms
38ms Other
application/javascript 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/common.bundle.72e35017d98ea7f210961b0d5c38444a.js

Requested by

Host: malwaretech2.disqus.com
URL: https://malwaretech2.disqus.com/recommendations.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 20:07:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 852377
x-cache: Hit from cloudfront
content-length: 88853
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 19 Jul 2021 19:39:06 GMT
server: nginx
etag: "60f5d4da-15b15"
content-type: application/javascript; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Tue, 19 Jul 2022 20:07:01 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: BQJww-GJPdywNUNSqweJoqVTBBlV7hO3HeZ7-nh3WU0G_0u4U8Da1A==
x-cache-hits: 0

GET
H2 200 recommendations.bundle.37a289e2ed6acdf6cbf01e83d4fb3ce6.js
c.disquscdn.com/next/recommendations/ 0
20 KB 58ms
57ms Other
application/javascript 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/recommendations.bundle.37a289e2ed6acdf6cbf01e83d4fb3ce6.js

Requested by

Host: malwaretech2.disqus.com
URL: https://malwaretech2.disqus.com/recommendations.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:34:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2499527
x-cache: Hit from cloudfront
content-length: 20103
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 30 Jun 2021 17:42:54 GMT
server: nginx
etag: "60dcad1e-4e87"
content-type: application/javascript; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Thu, 30 Jun 2022 18:34:31 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: _V2pdf9JdoFRBAieii9Wyo9BByvP8xnpYUym_Dt3nLPbg8zofgkNZw==
x-cache-hits: 0

GET
H3-29 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107280101/ 144 KB
52 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202107280101/reactive_library_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0f8f8557ca5f78cdd71a94adfd019dfcf3892f3cfe4934010385c9edd5656cb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52782
x-xss-protection: 0
server: cafe
etag: 10487210710369137243
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 29 Jul 2021 16:53:18 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 51ms
18ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.malwaretech.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 29 Jul 2021 16:53:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 55ms
15ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.malwaretech.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 29 Jul 2021 16:53:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8C05 76 KB
26 KB 676ms
669ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=1959655354&pi=t.aa~a.776170153~i.21~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=4&bdt=2100&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0&nras=2&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=1712&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yvO7n89rXJ&p=https%3A//www.malwaretech.com&dtd=93

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

075b50bae8769be08137c9db435659f20ec808c4d2ae805b97d420f35456752e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=1959655354&pi=t.aa~a.776170153~i.21~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=4&bdt=2100&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0&nras=2&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=1712&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yvO7n89rXJ&p=https%3A//www.malwaretech.com&dtd=93
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.malwaretech.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 29 Jul 2021 16:53:19 GMT
server: cafe
content-length: 26363
x-xss-protection: 0
set-cookie: IDE=AHWqTUmpPojFHM-0tYvsk-o9zPRb3VuxEvENLdDDCMFzLk_p_MJU960OCul99OWh9_c; expires=Tue, 23-Aug-2022 16:53:18 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Jul 2021 16:53:19 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9BC7 61 KB
24 KB 673ms
673ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58348d199591125aa31d2c5e195013e0a19d6ee15bb4f2edb9718cd25d233690

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.malwaretech.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 29 Jul 2021 16:53:19 GMT
server: cafe
content-length: 24326
x-xss-protection: 0
set-cookie: IDE=AHWqTUm65gNSi2J-K5mUAXuKBPWakqO4Scdo9q0MylpUvJZK4FrHd9sywVotR4plKDg; expires=Tue, 23-Aug-2022 16:53:18 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Jul 2021 16:53:19 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6024 64 KB
25 KB 697ms
697ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ba549310c037c829d40af1068deccd1b106c7a2f4838d1a40e8ab5c6ce64686

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.malwaretech.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 29 Jul 2021 16:53:19 GMT
server: cafe
content-length: 25130
x-xss-protection: 0
set-cookie: IDE=AHWqTUm3kCy9iVXIL3dPC2HJMOv3dc0Zl1InTfknUWC1UmJbtLNF-CinpJAhgyX45iY; expires=Tue, 23-Aug-2022 16:53:18 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Jul 2021 16:53:19 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FEC0 111 KB
35 KB 522ms
522ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=943188358&pi=t.aa~a.776170153~i.59~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280&nras=5&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=038e2dKZ4C&p=https%3A//www.malwaretech.com&dtd=188

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e04d0bf05e50eef8fcdb6f32f13f5d12ed18f4163f09e9e6894d4f85070fc6c6

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNWC9oTfiPICFYcD4AodwfAEsw&gqi=_twCYfS4Ksyr3gPR2raABQ&layout=/sadbundle/%24csp%253Der3%24/5751629574223798899/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=943188358&pi=t.aa~a.776170153~i.59~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280&nras=5&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=038e2dKZ4C&p=https%3A//www.malwaretech.com&dtd=188
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.malwaretech.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNWC9oTfiPICFYcD4AodwfAEsw&gqi=_twCYfS4Ksyr3gPR2raABQ&layout=/sadbundle/%24csp%253Der3%24/5751629574223798899/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 29 Jul 2021 16:53:19 GMT
server: cafe
content-length: 36033
x-xss-protection: 0
set-cookie: IDE=AHWqTUk3mFgcR6fjhE8pM_8uMyxuwRXgrbV6aPniJITRIkUI8i3IbkB7omP3aqtySRk; expires=Tue, 23-Aug-2022 16:53:18 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Jul 2021 16:53:19 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F076 111 KB
35 KB 602ms
601ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=600&adk=3579329306&adf=3454879259&pi=t.aa~a.3105528995~rp.4&w=263&fwrn=4&fwrnh=100&lmt=1627577598&rafmt=1&to=qs&pwprc=6231692264&psa=0&format=263x600&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=1&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280%2C848x280&nras=6&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1108&ady=1063&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=nGRoBoGiDL&p=https%3A//www.malwaretech.com&dtd=225

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e040722e5d2b44277dd353a6a20ff3e2a651722ce207f1bb914f8b36948d5b2

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLmf-ITfiPICFardEQgdyJsG0A&gqi=_twCYffZLI_t3wOotZ-YCw&layout=/sadbundle/%24csp%253Der3%24/4849682593519171290/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3337609182489974&output=html&h=600&adk=3579329306&adf=3454879259&pi=t.aa~a.3105528995~rp.4&w=263&fwrn=4&fwrnh=100&lmt=1627577598&rafmt=1&to=qs&pwprc=6231692264&psa=0&format=263x600&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=1&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280%2C848x280&nras=6&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1108&ady=1063&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=nGRoBoGiDL&p=https%3A//www.malwaretech.com&dtd=225
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.malwaretech.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLmf-ITfiPICFardEQgdyJsG0A&gqi=_twCYffZLI_t3wOotZ-YCw&layout=/sadbundle/%24csp%253Der3%24/4849682593519171290/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 29 Jul 2021 16:53:19 GMT
server: cafe
content-length: 36133
x-xss-protection: 0
set-cookie: IDE=AHWqTUnYtXwAMMlTxq0KbLkFrx-AwMrJX5PEEx87diCyREW307E_ObYQGE4iSf7_h3U; expires=Tue, 23-Aug-2022 16:53:18 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Jul 2021 16:53:19 GMT
cache-control: private

GET
H/1.1 200
OK / Show response
disqus.com/recommendations/ Frame B38F 5 KB
3 KB 15ms
11ms Document
text/html 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/recommendations/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known

Requested by

Host: malwaretech2.disqus.com
URL: https://malwaretech2.disqus.com/recommendations.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

82e842083b548eaae5a1bf28d704da26d2156b4b21985c68e5b88b7d916d6187

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.malwaretech.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

Connection: keep-alive
Content-Length: 2241
Server: nginx
Content-Type: text/html; charset=utf-8
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified: Tue, 08 Dec 2020 03:16:51 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-while-revalidate=30, no-cache, must-revalidate, stale-if-error=3600, public
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Date: Thu, 29 Jul 2021 16:53:19 GMT
Age: 138
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 4A95 232 B
430 B 149ms
114ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=68b49fcef48fbcc4a7f304102b505c593fb2d821

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwww.malwaretech.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:18 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 16:53:19 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: a111fc70cb667f7bce9ae0b4666d20c102e5295ebc6fa12560dcd0a0f588a718
content-length: 166

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 21ms
20ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.malwaretech.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 29 Jul 2021 16:53:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 20ms
19ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.malwaretech.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 29 Jul 2021 16:53:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/ Frame 2ECA 10 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1310353e02e0a006b79b7d607131cb6d9411543a8957b772f565816fdf3ce4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.malwaretech.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 29 Jul 2021 01:54:48 GMT
expires: Thu, 12 Aug 2021 01:54:48 GMT
content-type: text/html; charset=UTF-8
etag: 4389807852502320046
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4579
x-xss-protection: 0
age: 53911
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 lounge.load.7302391be467f75d298eac65b5cfa2cc.js Show response
c.disquscdn.com/next/embed/ Frame 5C72 1 KB
1 KB 45ms
12ms Script
application/javascript 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.7302391be467f75d298eac65b5cfa2cc.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

aa9ee4c2caf4f0c4054f1da752a01fec1ff1a656983327b69a75c3c0b63ef270

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: https://disqus.com
Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 18:46:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 770826
x-cache: Hit from cloudfront
content-length: 534
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 20 Jul 2021 18:26:52 GMT
server: nginx
etag: "60f7156c-216"
content-type: application/javascript; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Wed, 20 Jul 2022 18:46:13 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: p7c8HBEwMzw_7qlSVlBHwlWkdX0pQgK9_iBqkOIimKsd5rKZwae-WQ==
x-cache-hits: 0

GET
H2 200 recommendations.load.6e7f054bb6cc96f751074c81258a6dd5.js Show response
c.disquscdn.com/next/recommendations/ Frame B38F 923 B
1020 B 22ms
13ms Script
application/javascript 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/recommendations.load.6e7f054bb6cc96f751074c81258a6dd5.js

Requested by

Host: disqus.com
URL: https://disqus.com/recommendations/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

04c365d6279560ce2ab2deb46552d79e5807c4aee9fca98543def716fa890123

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: https://disqus.com
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 20:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 852377
x-cache: Hit from cloudfront
content-length: 447
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 19 Jul 2021 19:39:06 GMT
server: nginx
etag: "60f5d4da-1bf"
content-type: application/javascript; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Tue, 19 Jul 2022 20:07:02 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: KwNzM7M_cniFTUd29Qz71CJY9L9JDIBa0CHy3vk93mFpByxN1Kl4kA==
x-cache-hits: 0

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2ECA 0
0 40ms
26ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CvwSd_dwCYdajGo2agQewubzAB8iardRjx_zN-aIO0KDW96wBEAEg5bPaIWCVAqAB07XCjgPIAQKpAqSqrLIA7LM-qAMByAPJBKoE-wFP0E4rugOIwdppIaFKCpa7xn6gdme6jQ8oIAZ-pfSKkXNzlcJJK__KmOgdJBmyephTKqge2cb0sYibcNMmqNHYNux8d8jK5ln4UF-DwRWtDM7Jg8IFOW0AN8FPrqRPqoLnebFhJqFFHrP5cfGKFaYFg2LUDlGoUjd0gFUAKR6UQGKtMPqQ_wxI8rlj1WM0XWCWm0-S1qSPn9IIIZP1f7aBu_1Z9uxZMjtvbTU9urerPIg1Cw6FUsFpRb5LS-nsxuUBfvSBiTxvcLVuKkTMfKDTm9yO2XApdYB-Tw2JHOZe-AOlsGmteGuEl5i8-PPQBj565a4WIIXIcXvaTcAElcXE8b0DkgUECAQYAZIFBAgFGASgBgKAB5ywl8ICqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEJ6dMNIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXGgoYCAASFHB1Yi0zMzM3NjA5MTgyNDg5OTc0&sigh=m-5oeDyCRdU

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 29 Jul 2021 16:53:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/ Frame 2ECA 18 KB
8 KB 92ms
14ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b6a55c5d865e518cbf4451782c130c5e487f72d7194c68832f61c4914e8f818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7612
x-xss-protection: 0
server: cafe
etag: 18375530890449129318
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:53:12 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 2ECA 2 KB
1 KB 94ms
16ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:45:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 484
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:45:15 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2ECA 124 KB
37 KB 57ms
31ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ee596b76772ac1263c57b05c3d05329db5e875cbcec8e917047b5d221fbb1c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:19 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627298817379074"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38160
x-xss-protection: 0
expires: Thu, 29 Jul 2021 16:53:19 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 2ECA 14 KB
6 KB 93ms
16ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d8a9aaecb7cd39329dcfad9a882ce0d174802ded027e150440484e097c73cb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 179
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6207
x-xss-protection: 0
server: cafe
etag: 18081889583213459188
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:50:20 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 2ECA 26 KB
11 KB 102ms
25ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f62a8ff7c0b7077bb1c9c33b29d6276bbde33e88b1833aecedc248526509a083

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 07:01:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35483
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10769
x-xss-protection: 0
server: cafe
etag: 6617245152184291830
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 07:01:56 GMT

GET
H2 200 4053675380233309100
tpc.googlesyndication.com/simgad/ Frame 2ECA 45 KB
45 KB 59ms
31ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4053675380233309100?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkCg7upsxf36b0050hdXIMIdS6gBw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1938de748ea61cae8deff150772b8df810269d025395a1a276157978f2ad72ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Jul 2021 22:02:46 GMT
x-content-type-options: nosniff
last-modified: Wed, 07 Jul 2021 08:12:27 GMT
server: sffe
age: 67833
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45660
x-xss-protection: 0
expires: Thu, 28 Jul 2022 22:02:46 GMT

GET
H/1.1 200
OK horizon_tweet.2bd42981e3af03ce9186a5655508da28.js Show response
platform.twitter.com/js/ 7 KB
3 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_tweet.2bd42981e3af03ce9186a5655508da28.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669E) /
Resource Hash: 263627ec362c25037d69022de008fad33cf85ec7267604a5ae5c8e6fe4ad9e38

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:19 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:56:41 GMT
Server: ECS (frb/669E)
Age: 684943
Etag: "43544c32afe87494042045e40e7b3213+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2436

GET
H3-29 200 css
fonts.googleapis.com/ Frame 8C05 3 KB
578 B 26ms
22ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=1959655354&pi=t.aa~a.776170153~i.21~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=4&bdt=2100&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0&nras=2&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=1712&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yvO7n89rXJ&p=https%3A//www.malwaretech.com&dtd=93

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 16:19:37 GMT
server: ESF
date: Thu, 29 Jul 2021 16:53:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Jul 2021 16:53:19 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/ Frame 3C77 13 KB
3 KB 45ms
9ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/index.html

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92075c52408692d80ea1b377bc02ddd07ddcef79301a747de9fe6f3bff77fc3a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/5751629574223798899/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3422
date: Mon, 26 Jul 2021 06:42:20 GMT
expires: Tue, 26 Jul 2022 06:42:20 GMT
last-modified: Thu, 01 Apr 2021 16:57:04 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 295859
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame F197 0
0 27ms
22ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C8YPF_twCYdWLK4eHgAfB4ZOYC8uK26li2aHnotgN2dkeEAEg5bPaIWCVAqABtZDEwAPIAQmoAwHIA0iqBIQCT9BAuVOheEfUleLN6Kelnbwuc86ZzcJcPJx4uUCFZ-V5NHc53NFyodFkNGK4F0vUsxWzd8XsZHyO8CGVEbheyGFAlFpnmlHb4vzRpmpNBSY3_i3f0LG2fCzSCmy0mqOlPVINiBo4PT0hqS3Dd6yq94VpFjfjZxDS3OqO1aVl7ssXosIry5vWX3sXpS8DS0zEjy8yzecFWCJZTFeDGMDIKhmRD92DaRs7R6wQEhDuUZ4nmxJQBsLYLKWxZNojuBQ5fRDSjiVgaJLik9zTtb4O9vDRlYaERPLTtF0BZWGz14XsvepN8NG00w6vR5E5L_EwrHadIYVyoNygcnfcUVM4aphVY5TABL-Vj_PNA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAez77s_qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEODZAtIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXGgoYCAASFHB1Yi0zMzM3NjA5MTgyNDg5OTc0&sigh=8f5YQ5uAnoQ&template_id=419

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=943188358&pi=t.aa~a.776170153~i.59~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280&nras=5&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=038e2dKZ4C&p=https%3A//www.malwaretech.com&dtd=188
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 29 Jul 2021 16:53:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/ Frame F197 18 KB
7 KB 18ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=943188358&pi=t.aa~a.776170153~i.59~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280&nras=5&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=038e2dKZ4C&p=https%3A//www.malwaretech.com&dtd=188

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b6a55c5d865e518cbf4451782c130c5e487f72d7194c68832f61c4914e8f818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:51:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7612
x-xss-protection: 0
server: cafe
etag: 18375530890449129318
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:51:12 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame F197 2 KB
1 KB 16ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=943188358&pi=t.aa~a.776170153~i.59~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280&nras=5&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=038e2dKZ4C&p=https%3A//www.malwaretech.com&dtd=188

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:45:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 484
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:45:15 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F197 124 KB
37 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=943188358&pi=t.aa~a.776170153~i.59~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280&nras=5&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=038e2dKZ4C&p=https%3A//www.malwaretech.com&dtd=188

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ee596b76772ac1263c57b05c3d05329db5e875cbcec8e917047b5d221fbb1c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:19 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627298817379074"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38160
x-xss-protection: 0
expires: Thu, 29 Jul 2021 16:53:19 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame F197 14 KB
6 KB 14ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=943188358&pi=t.aa~a.776170153~i.59~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280&nras=5&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=038e2dKZ4C&p=https%3A//www.malwaretech.com&dtd=188

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d8a9aaecb7cd39329dcfad9a882ce0d174802ded027e150440484e097c73cb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 179
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6207
x-xss-protection: 0
server: cafe
etag: 18081889583213459188
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:50:20 GMT

GET
H2 200 common.bundle.ee2555081038338ea4f41cbb3ea1bc17.js Show response
c.disquscdn.com/next/embed/ Frame 5C72 282 KB
93 KB 34ms
12ms Script
application/javascript 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.ee2555081038338ea4f41cbb3ea1bc17.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.7302391be467f75d298eac65b5cfa2cc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

443211c7845e0012dea1dfe8cda1ce659e7fef3c7b5af2b470704ed8186945c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 20:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 852366
x-cache: Hit from cloudfront
content-length: 94790
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 19 Jul 2021 19:39:06 GMT
server: nginx
etag: "60f5d4da-17246"
content-type: application/javascript; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Tue, 19 Jul 2022 20:07:13 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: j0PcpwO8OIu58sXpBr8V08Ca4LV4dWu0mIPcurwPjcZbvMeCD-8Dww==
x-cache-hits: 0

GET
H2 200 common.bundle.72e35017d98ea7f210961b0d5c38444a.js Show response
c.disquscdn.com/next/recommendations/ Frame B38F 262 KB
87 KB 50ms
29ms Script
application/javascript 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/common.bundle.72e35017d98ea7f210961b0d5c38444a.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/recommendations.load.6e7f054bb6cc96f751074c81258a6dd5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

1a9b2621dcaa88ed6a5d03a96cf38e466a9c2928e5fae60b5b977a33f8b63460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 20:07:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 852378
x-cache: Hit from cloudfront
content-length: 88853
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 19 Jul 2021 19:39:06 GMT
server: nginx
etag: "60f5d4da-15b15"
content-type: application/javascript; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Tue, 19 Jul 2022 20:07:01 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: 78Ytcl95a-h43KInK6bZwuz7eFiu0A7qTaDkjjWEJik1Nane56pD5w==
x-cache-hits: 0

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 8C05 1 KB
857 B 8ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:48:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 290
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
server: cafe
etag: 3558876194914413708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:48:29 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/ Frame 8C05 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b6a55c5d865e518cbf4451782c130c5e487f72d7194c68832f61c4914e8f818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:51:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7612
x-xss-protection: 0
server: cafe
etag: 18375530890449129318
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:51:12 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 8C05 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:45:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 484
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:45:15 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8C05 124 KB
37 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ee596b76772ac1263c57b05c3d05329db5e875cbcec8e917047b5d221fbb1c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:19 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627298817379074"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38160
x-xss-protection: 0
expires: Thu, 29 Jul 2021 16:53:19 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 8C05 14 KB
6 KB 20ms
12ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d8a9aaecb7cd39329dcfad9a882ce0d174802ded027e150440484e097c73cb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 179
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6207
x-xss-protection: 0
server: cafe
etag: 18081889583213459188
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:50:20 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 8C05 0
0 45ms
0ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQQOglTqwO7C6visaRSM90hOShecsAjcTQADvVHN0Bhm-DjfJhsf58_aihWOYFKwRsq-U88W7SL-YfAsCjuvPnaREBkzQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=1959655354&pi=t.aa~a.776170153~i.21~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=4&bdt=2100&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0&nras=2&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=1712&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yvO7n89rXJ&p=https%3A//www.malwaretech.com&dtd=93
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 638cf57158770915db314ccd85b2248b.js Show response
www.gstatic.com/mysidia/ Frame 8C05 26 KB
11 KB 68ms
7ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/638cf57158770915db314ccd85b2248b.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2815473cb317930b4e63191154c2bbbf5d3b3165b461207ac7548af646b8a19e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Jul 2021 17:22:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 343860
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10810
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 08:17:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 23 Oct 2021 17:22:19 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/6528039975527766319/ Frame 8C05 14 KB
14 KB 28ms
11ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6528039975527766319/downsize_200k_v1?w=400&h=209

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b3f9e0eec5b585b86c19bc175b155922daf524f542bba4703c5d1675e0f01b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 06:53:12 GMT
x-content-type-options: nosniff
age: 208807
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14771
x-xss-protection: 0
last-modified: Fri, 06 Mar 2020 14:22:35 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 06:53:12 GMT

GET
DATA 200
OK truncated
/ Frame 8C05 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 18192786727768004824
tpc.googlesyndication.com/simgad/ Frame 9BC7 105 KB
105 KB 9ms
9ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18192786727768004824?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlVCOFboN202U3-Hxv1f8iSJstbHg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3016d849a84c1a09a3ad8eda96b8fc296f89a3c5208241bbd10f42f5669da499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 09:56:12 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Jul 2021 08:46:53 GMT
server: sffe
age: 25027
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107790
x-xss-protection: 0
expires: Fri, 29 Jul 2022 09:56:12 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/ Frame 9BC7 18 KB
7 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b6a55c5d865e518cbf4451782c130c5e487f72d7194c68832f61c4914e8f818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:51:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7612
x-xss-protection: 0
server: cafe
etag: 18375530890449129318
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:51:12 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 9BC7 2 KB
1 KB 19ms
15ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:45:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 484
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:45:15 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9BC7 124 KB
37 KB 22ms
17ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ee596b76772ac1263c57b05c3d05329db5e875cbcec8e917047b5d221fbb1c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:19 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627298817379074"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38160
x-xss-protection: 0
expires: Thu, 29 Jul 2021 16:53:19 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 9BC7 14 KB
6 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d8a9aaecb7cd39329dcfad9a882ce0d174802ded027e150440484e097c73cb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 179
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6207
x-xss-protection: 0
server: cafe
etag: 18081889583213459188
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:50:20 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 9BC7 26 KB
11 KB 19ms
15ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f62a8ff7c0b7077bb1c9c33b29d6276bbde33e88b1833aecedc248526509a083

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 07:01:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35483
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10769
x-xss-protection: 0
server: cafe
etag: 6617245152184291830
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 07:01:56 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9BC7 0
0 26ms
23ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CsPcL_twCYbyeJ4GbgQe7-L-ACMyJoPxjmouRoKIOhpjT-aUeEAEg5bPaIWCVAqABlKScxwLIAQKpAqSqrLIA7LM-qAMByAPJBKoE_QFP0Li26sEtndzqZzBw9zbIUioyVGZnFC1lPvTvG6ha2cd8gq70GSVOut_9t5-mWEhBpiPP7x6tU4g99x3nccJJFBYj73hwD5Xw0S_cwO8rnnmFyPcrw-_M37m6eQSovIGcq8b70Csf1g19f3K1bWOsyjveJiAf9XyhmZmhiBmB1yp-8-iKsL6JGXrvIjeTns4iiF10ipRXeNDP97pOOUSqgLIZi89o_2hLfV7Hh_WRAWuHm0XHC6Xz-Mr2JwJvQzYfTpBxFv0ncBsV91MI1G0kloLjLdHNu27oerzRhW8AQmQScvf_W5V7QE4EnC7cwYHlCWDIdFipb61ateyCwATP3Nj53gOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGAoAH7KLj7gGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQ5_0L0ggJCIDhgBAQARgfgAoByAsB2BML0BUBgBcBshcaChgIABIUcHViLTMzMzc2MDkxODI0ODk5NzQ&sigh=NPKk4v2Z1xc

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 29 Jul 2021 16:53:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 8C05 0
0 23ms
18ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CPWnj_twCYcenJoacgAezxrKwBMXUm8xi_M-e66oLp7DTxKcPEAEg5bPaIWCVAqAByLGpzQPIAQmoAwHIA8sEqgSDAk_QcS7hAK3TJwFLhBQsfyKQi65_yPej0wqCBC1UdQzQncl-V2StEbD4dps-KBAgNX-qyEvWQgeOmWDCZQnKQAYrtKO-v4t-Qbt6d0AiA65kAxi1r4c6thcnmdYmkaJ6VAmNHhMNLQDyLo_Lv5PlhaviEJvpHUDV_2Sn9H7juQ2NMvmzzBP_btqmLAZjjfLAlchp90vsCITWEBjOHWzSQjmsuwxBQmmqSbLcwFoOTGpid5hVBMy_yEv-3yaN1a22_g3mUWJl1ofMzA3i2GJ8MBCc-kI4lUvOk-S6-IbmXsp4V-WXCAgdjFP8C5dA0IywBDPiz-3SCcuWi_7parJyU058l2TABJ7d4bjqAZIFBAgEGAGSBQQIBRgEoAYugAfk6uI1qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEOftA9IICQiA4YAQEAEYH4AKAcgLAbgTiCfYEwyIFAXQFQGAFwGyFxoKGAgAEhRwdWItMzMzNzYwOTE4MjQ4OTk3NA&sigh=F8uCOq1tjvA&template_id=5000

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=1959655354&pi=t.aa~a.776170153~i.21~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=4&bdt=2100&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0&nras=2&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=1712&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yvO7n89rXJ&p=https%3A//www.malwaretech.com&dtd=93
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 29 Jul 2021 16:53:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 5467743648573951516
tpc.googlesyndication.com/daca_images/simgad/ Frame 6024 117 KB
117 KB 9ms
8ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/5467743648573951516

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27a6c34b6c17501e2544c982fc23cbdb5b471a2a049bb98e9e7fb6d79d0db82a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 13:44:31 GMT
x-content-type-options: nosniff
age: 184128
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119809
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 09:06:06 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 13:44:31 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/ Frame 6024 18 KB
7 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b6a55c5d865e518cbf4451782c130c5e487f72d7194c68832f61c4914e8f818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:51:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7612
x-xss-protection: 0
server: cafe
etag: 18375530890449129318
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:51:12 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 6024 2 KB
1 KB 72ms
20ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:45:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 484
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:45:15 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6024 124 KB
37 KB 73ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ee596b76772ac1263c57b05c3d05329db5e875cbcec8e917047b5d221fbb1c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:19 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627298817379074"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38160
x-xss-protection: 0
expires: Thu, 29 Jul 2021 16:53:19 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 6024 14 KB
6 KB 72ms
21ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d8a9aaecb7cd39329dcfad9a882ce0d174802ded027e150440484e097c73cb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 179
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6207
x-xss-protection: 0
server: cafe
etag: 18081889583213459188
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:50:20 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 6024 0
0 73ms
14ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaShov08kqa4LbEGxKgh9-Qahci3PGCoUUwrXnCPawZJPaBsUvXITK8HJI6xEe-0eGXY1rno_CJCSW5gZ55rp4ma7AGBzg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 6024 26 KB
11 KB 60ms
21ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f62a8ff7c0b7077bb1c9c33b29d6276bbde33e88b1833aecedc248526509a083

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 07:01:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35483
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10769
x-xss-protection: 0
server: cafe
etag: 6617245152184291830
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 07:01:56 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6024 0
0 57ms
38ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C1caj_twCYeqbKYG_gQfFuYigBe3Hq4RkhriqhZYOChABIOWz2iFglQKgAcj-q6cCyAECqQKvDAM9MUWBPqgDAcgDyQSqBP4BT9DujrY4PHtNSBIWLdKbYI2LJny3t8NAhyfohPmpsMg9Lt7WVZX7_Jlyl6zpBeV_XC-mZowX2E5Bx5yIdMwZGp_SXExz2Eskqj2gCbpCDjdUtfOYNOiqyDvoUjbqjF4AezPLp7310Igrm-jyk40bn6mgllQMpUxiONVfSbhS-SA5b_5Z1FaMoYqdXdfBtWvCxxclzwIMm18NfuNKBrvrdH-wqfXhxf9IdZm-gcwNQ2411QOobWTN48SQou2DrZGdbKcpXKDo3EF5TkUcyhg_HKCCp831TgZdHZzBM2-R7LAM_BbpXGOFSJRsfQcM25ZVoqSqkbl1HnvOKVk8YUnABLPulZnhA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYCgAfQ3cHeAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDAjgXSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItMzMzNzYwOTE4MjQ4OTk3NA&sigh=CNj0JpE8iBo

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 29 Jul 2021 16:53:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 61E8 143 B
163 B 51ms
33ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=943188358&pi=t.aa~a.776170153~i.59~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280&nras=5&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=038e2dKZ4C&p=https%3A//www.malwaretech.com&dtd=188

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=943188358&pi=t.aa~a.776170153~i.59~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280&nras=5&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=038e2dKZ4C&p=https%3A//www.malwaretech.com&dtd=188
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm3kCy9iVXIL3dPC2HJMOv3dc0Zl1InTfknUWC1UmJbtLNF-CinpJAhgyX45iY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=943188358&pi=t.aa~a.776170153~i.59~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280&nras=5&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=038e2dKZ4C&p=https%3A//www.malwaretech.com&dtd=188

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 29 Jul 2021 16:42:56 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 623
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame F197 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf73d940fc8f9d2831ca4c0bb2c0a22759c1a76f9400b68377de64e5a09abd8c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK Tweet.html Show response
platform.twitter.com/embed/ Frame 333A 487 B
1002 B 22ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668C) /
Resource Hash: 1213db95f0237c979926368c0be6ec5f279f8fe3ea268ba5d1347eb6d5d3e1e7

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.malwaretech.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 1067
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Thu, 29 Jul 2021 16:53:20 GMT
Etag: "db17450488b4ee5f8b5e7ec8f27b5220"
Last-Modified: Wed, 21 Jul 2021 18:26:16 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/668C)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 487

GET
H/1.1 200
OK Tweet.html Show response
platform.twitter.com/embed/ Frame 6C8E 487 B
1002 B 41ms
16ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668C) /
Resource Hash: 1213db95f0237c979926368c0be6ec5f279f8fe3ea268ba5d1347eb6d5d3e1e7

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.malwaretech.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 1067
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Thu, 29 Jul 2021 16:53:20 GMT
Etag: "db17450488b4ee5f8b5e7ec8f27b5220"
Last-Modified: Wed, 21 Jul 2021 18:26:16 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/668C)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 487

GET
H/1.1 200
OK Tweet.html Show response
platform.twitter.com/embed/ Frame 9961 487 B
972 B 53ms
10ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6725) /
Resource Hash: 1213db95f0237c979926368c0be6ec5f279f8fe3ea268ba5d1347eb6d5d3e1e7

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.malwaretech.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1066
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Thu, 29 Jul 2021 16:53:20 GMT
Etag: "db17450488b4ee5f8b5e7ec8f27b5220"
Last-Modified: Wed, 21 Jul 2021 18:26:16 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6725)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 487

GET
H/1.1 200
OK Tweet.html Show response
platform.twitter.com/embed/ Frame 9BE5 487 B
1002 B 53ms
9ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668C) /
Resource Hash: 1213db95f0237c979926368c0be6ec5f279f8fe3ea268ba5d1347eb6d5d3e1e7

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.malwaretech.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 1067
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Thu, 29 Jul 2021 16:53:20 GMT
Etag: "db17450488b4ee5f8b5e7ec8f27b5220"
Last-Modified: Wed, 21 Jul 2021 18:26:16 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/668C)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 487

GET
H/1.1 200
OK Tweet.html Show response
platform.twitter.com/embed/ Frame 0CDA 487 B
1001 B 51ms
8ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6724) /
Resource Hash: 1213db95f0237c979926368c0be6ec5f279f8fe3ea268ba5d1347eb6d5d3e1e7

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.malwaretech.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 521
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Thu, 29 Jul 2021 16:53:20 GMT
Etag: "db17450488b4ee5f8b5e7ec8f27b5220"
Last-Modified: Wed, 21 Jul 2021 18:26:16 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6724)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 487

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 80E8 1 KB
749 B 23ms
8ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 29 Jul 2021 03:09:05 GMT
expires: Fri, 30 Jul 2021 03:09:05 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 49455
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 8C05 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e79327663253a8d4ddbe92115ecf402509cd07ba335cf616282f5525dd51c850

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/ Frame EA10 8 KB
3 KB 11ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2be16fa9eb52c6af3c3edf1bc20955e396a4d0de7a8883d9c115820740d592cc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/4849682593519171290/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2577
date: Sun, 25 Jul 2021 07:42:02 GMT
expires: Mon, 25 Jul 2022 07:42:02 GMT
last-modified: Wed, 21 Apr 2021 15:46:46 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 378678
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4CE4 0
0 47ms
42ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C8VIc_twCYbmoLaq7x_APyLeagA2Xv8mYY-qpnMr5DYyLhZ4LEAEg5bPaIWCVAqAB-OD0-gPIAQmpAsNTgknp7LM-qAMByANIqgSFAk_QVQr5S1rM8uNAQe0_yneA0IKTaklwPLlh7eytt2oUUewtGN1d5YftDJfK0_7qUli_fG46y2Wr_3RH2t-GL3VrTvtjKkhdnPemeP6OuRCp1FsYy_0p50Z93ezaGvgIrMkJq9CavSfzwRFg93deZFqslwOZL-J7U9Wjc97X_wDTr04qljDV7EeS8zM4ow5asH0ypCke61b2ANYi61R1LXRFwJxTR_AyRwzjc0Ps2nUSZwR7qz8rnk71fUp0FqFlpLbafSJHt3YFhtzc1yd6oIJ-2mGKMZ_nD3kyfI01E1GGxn-gN6RWRMamwcwpclv7N0hOV7Tpa79l9c77IPsDq6OXwU5bjMAEwPviucUDkgUECAQYAZIFBAgFGASgBi6AB_CeiwWoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQxrID0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBmBYBgBcBshcaChgIABIUcHViLTMzMzc2MDkxODI0ODk5NzQ&sigh=Opxfuf7hAVs&template_id=419

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=600&adk=3579329306&adf=3454879259&pi=t.aa~a.3105528995~rp.4&w=263&fwrn=4&fwrnh=100&lmt=1627577598&rafmt=1&to=qs&pwprc=6231692264&psa=0&format=263x600&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=1&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280%2C848x280&nras=6&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1108&ady=1063&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=nGRoBoGiDL&p=https%3A//www.malwaretech.com&dtd=225
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 29 Jul 2021 16:53:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/ Frame 4CE4 18 KB
7 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=600&adk=3579329306&adf=3454879259&pi=t.aa~a.3105528995~rp.4&w=263&fwrn=4&fwrnh=100&lmt=1627577598&rafmt=1&to=qs&pwprc=6231692264&psa=0&format=263x600&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=1&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280%2C848x280&nras=6&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1108&ady=1063&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=nGRoBoGiDL&p=https%3A//www.malwaretech.com&dtd=225

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b6a55c5d865e518cbf4451782c130c5e487f72d7194c68832f61c4914e8f818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:51:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 128
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7612
x-xss-protection: 0
server: cafe
etag: 18375530890449129318
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:51:12 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 4CE4 2 KB
1 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:45:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 485
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:45:15 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4CE4 124 KB
37 KB 29ms
26ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ee596b76772ac1263c57b05c3d05329db5e875cbcec8e917047b5d221fbb1c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:20 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1627298817379074"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38160
x-xss-protection: 0
expires: Thu, 29 Jul 2021 16:53:20 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/ Frame 4CE4 14 KB
6 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210727/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d8a9aaecb7cd39329dcfad9a882ce0d174802ded027e150440484e097c73cb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:50:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 180
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6207
x-xss-protection: 0
server: cafe
etag: 18081889583213459188
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Aug 2021 16:50:20 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 058C 143 B
163 B 16ms
8ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm3kCy9iVXIL3dPC2HJMOv3dc0Zl1InTfknUWC1UmJbtLNF-CinpJAhgyX45iY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 29 Jul 2021 16:42:56 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2ECA 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6926814f550e717f0ca7d0b4d26a4600d87a983980c3ee92e483d09a87d0d809

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 04C3 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm3kCy9iVXIL3dPC2HJMOv3dc0Zl1InTfknUWC1UmJbtLNF-CinpJAhgyX45iY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 29 Jul 2021 16:42:56 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E5DD 1 KB
749 B 8ms
6ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 29 Jul 2021 03:09:05 GMT
expires: Fri, 30 Jul 2021 03:09:05 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 49455
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame F197 0
20 B 55ms
41ms Other
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNWC9oTfiPICFYcD4AodwfAEsw&gqi=_twCYfS4Ksyr3gPR2raABQ&layout=/sadbundle/%24csp%253Der3%24/5751629574223798899/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=943188358&pi=t.aa~a.776170153~i.59~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280&nras=5&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=038e2dKZ4C&p=https%3A//www.malwaretech.com&dtd=188

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 9BC7 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c5c7fb02085c140f5cc26b107cb68a54ebc425b04decfbbf3555719642ea514

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0BCF 143 B
163 B 12ms
11ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm3kCy9iVXIL3dPC2HJMOv3dc0Zl1InTfknUWC1UmJbtLNF-CinpJAhgyX45iY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 29 Jul 2021 16:42:56 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 07AB 1 KB
749 B 24ms
12ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 29 Jul 2021 03:09:05 GMT
expires: Fri, 30 Jul 2021 03:09:05 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 49455
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 6024 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc9d18e904dcdc26e0837b49531f596500835f0737757c8d57a3609e1d09a2b5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 3C77 9 KB
3 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Jul 2021 23:05:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64052
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 29 Jul 2021 23:05:48 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 3C77 26 KB
10 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Jul 2021 18:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80527
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 29 Jul 2021 18:31:13 GMT

GET
H3-29 200 2b9bca78717e44645984f4bd46ca7462.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/ Frame 3C77 71 KB
19 KB 9ms
8ms Script
application/x-javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/2b9bca78717e44645984f4bd46ca7462.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05a6817c5341d7fb32880cf79cc5b3ed89340d3bdf5d240c1c1a14349a16e759

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 210984
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19087
x-xss-protection: 0
last-modified: Thu, 01 Apr 2021 16:57:04 GMT
server: sffe
date: Tue, 27 Jul 2021 06:16:56 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 06:16:56 GMT

GET
H2 200 lounge.e16bb81d3982e913e07bd7f31be71a6c.css
c.disquscdn.com/next/embed/styles/ Frame 5C72 163 KB
26 KB 12ms
12ms Stylesheet
text/css 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.e16bb81d3982e913e07bd7f31be71a6c.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.ee2555081038338ea4f41cbb3ea1bc17.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2df50c8c00e4f9f84fc1506798291ba26c73f181154596d3f2d6209978d6bc51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 19:21:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1459933
x-cache: Hit from cloudfront
content-length: 25871
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Thu, 08 Jul 2021 22:07:43 GMT
server: nginx
etag: "60e7772f-650f"
content-type: text/css; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Tue, 12 Jul 2022 19:21:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: 2UHbmORj-JS8bHjH41EkRpSzoAuQWq5nwL12JQKlrmCvRVPIvgf_FA==
x-cache-hits: 0

GET
H2 200 recommendations.eff219b98b7c4167b4b289065f36f391.css
c.disquscdn.com/next/recommendations/styles/ Frame B38F 17 KB
4 KB 12ms
11ms Stylesheet
text/css 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/styles/recommendations.eff219b98b7c4167b4b289065f36f391.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.72e35017d98ea7f210961b0d5c38444a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7964d033f829ae2809f61810c4efa9adf6aff915ded111a9c346bca2b1302b62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 06 May 2021 10:11:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7281726
x-cache: Hit from cloudfront
content-length: 3748
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 28 Apr 2021 21:48:08 GMT
server: nginx
etag: "6089d818-ea4"
content-type: text/css; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Fri, 06 May 2022 10:11:15 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: Coa-ZGwjE7HKT3_ffbfLONJFWKu0KX-WLjVKNEeaZF66XUwCYwyMDw==
x-cache-hits: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 70D6 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=600&adk=3579329306&adf=3454879259&pi=t.aa~a.3105528995~rp.4&w=263&fwrn=4&fwrnh=100&lmt=1627577598&rafmt=1&to=qs&pwprc=6231692264&psa=0&format=263x600&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=1&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280%2C848x280&nras=6&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1108&ady=1063&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=nGRoBoGiDL&p=https%3A//www.malwaretech.com&dtd=225
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm3kCy9iVXIL3dPC2HJMOv3dc0Zl1InTfknUWC1UmJbtLNF-CinpJAhgyX45iY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=600&adk=3579329306&adf=3454879259&pi=t.aa~a.3105528995~rp.4&w=263&fwrn=4&fwrnh=100&lmt=1627577598&rafmt=1&to=qs&pwprc=6231692264&psa=0&format=263x600&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=1&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280%2C848x280&nras=6&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1108&ady=1063&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=nGRoBoGiDL&p=https%3A//www.malwaretech.com&dtd=225

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 29 Jul 2021 16:42:56 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 625
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 4CE4 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d535f58372c73d05b5cde9816ab0003136a79dc5fc5f0c38204bd3fcd64ecc0e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 lounge.bundle.106faac21c6c76e0298d1a260d46eaf3.js Show response
c.disquscdn.com/next/embed/ Frame 5C72 468 KB
119 KB 15ms
14ms Script
application/javascript 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.106faac21c6c76e0298d1a260d46eaf3.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.ee2555081038338ea4f41cbb3ea1bc17.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

bd3479f3c97c6aa3b27aaaae6eb5407fbdc64a942d876db9fbbb08ce06ad63d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 18:46:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 770829
x-cache: Hit from cloudfront
content-length: 120690
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 20 Jul 2021 18:26:52 GMT
server: nginx
etag: "60f7156c-1d772"
content-type: application/javascript; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Wed, 20 Jul 2022 18:46:12 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: SgoOi_EMNYWyFOK3Nklp4u-cmiGj65_lfVO0M-tTTr5m5P7fGalsJg==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame 5C72 12 KB
12 KB 20ms
18ms Script
application/javascript 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.ee2555081038338ea4f41cbb3ea1bc17.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

afe589efee16e4e0fac361657e77f458e40646e192447a97305a16b0d0cca468

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 5
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 12171
X-XSS-Protection: 1; mode=block

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 4CE4 0
20 B 79ms
78ms Other
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CLmf-ITfiPICFardEQgdyJsG0A&gqi=_twCYffZLI_t3wOotZ-YCw&layout=/sadbundle/%24csp%253Der3%24/4849682593519171290/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 recommendations.bundle.37a289e2ed6acdf6cbf01e83d4fb3ce6.js Show response
c.disquscdn.com/next/recommendations/ Frame B38F 65 KB
20 KB 13ms
12ms Script
application/javascript 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/recommendations/recommendations.bundle.37a289e2ed6acdf6cbf01e83d4fb3ce6.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.72e35017d98ea7f210961b0d5c38444a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

922f390e4a57640ef5eef814166ea4b04eef303a2d2cf71f8c98d5f5be494e76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 18:34:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2499530
x-cache: Hit from cloudfront
content-length: 20103
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 30 Jun 2021 17:42:54 GMT
server: nginx
etag: "60dcad1e-4e87"
content-type: application/javascript; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Thu, 30 Jun 2022 18:34:31 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: WW8o1_tgHYbcdqePiV-TGV6s3xf41D-CiQERtHoq9kg1rwz2nhTmYA==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame B38F 12 KB
12 KB 10ms
9ms Script
application/javascript 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.72e35017d98ea7f210961b0d5c38444a.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

afe589efee16e4e0fac361657e77f458e40646e192447a97305a16b0d0cca468

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/recommendations/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 5
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 12171
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK embed.runtime.e851ed62c68a230e9f26.js Show response
platform.twitter.com/embed/ Frame 333A 8 KB
4 KB 17ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6713) /
Resource Hash: 4274adbd0c17d2e823d30dd39dc1de6028fdb879fad9cc4c1b0e36f3fffb61bc

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6713)
Age: 684946
Etag: "acb89077381e8db67d8f763448cf5f09+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 3516

GET
H/1.1 200
OK embed.modules.b77b7cad63a09dd863a4.js Show response
platform.twitter.com/embed/ Frame 333A 501 KB
160 KB 20ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6795) /
Resource Hash: ce2c83aa57d73b90ff0266ebe6d8631a0a090a0406e1108a36056a28b7128a61

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6795)
Age: 684945
Etag: "835a67b4167ec7940920d0e1f512c7f5+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 163558

GET
H/1.1 200
OK embed.i18n.c12629618c7555761d5d.js Show response
platform.twitter.com/embed/ Frame 333A 146 B
651 B 40ms
27ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.i18n.c12629618c7555761d5d.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: bcce16468496437c5089ea25ac4a21df4b96043deb2220bda588d72283991fff

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67BE)
Age: 684946
Etag: "5f4a09fa71bda22516384aa36d71d94d"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 146

GET
H/1.1 200
OK embed.Tweet.029da80f8b26453e0b38.js Show response
platform.twitter.com/embed/ Frame 333A 15 KB
6 KB 56ms
10ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.Tweet.029da80f8b26453e0b38.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: fe615fbd950642329b3fad3c7188e0da5447a0a8228073f0f693d363d4687a3d

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/674C)
Age: 684945
Etag: "e572b278e1d13dc770eefde2bb667ff6+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5568

GET
H/1.1 200
OK embed.runtime.e851ed62c68a230e9f26.js Show response
platform.twitter.com/embed/ Frame 6C8E 8 KB
4 KB 16ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6713) /
Resource Hash: 4274adbd0c17d2e823d30dd39dc1de6028fdb879fad9cc4c1b0e36f3fffb61bc

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6713)
Age: 684946
Etag: "acb89077381e8db67d8f763448cf5f09+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 3516

GET
H/1.1 200
OK embed.modules.b77b7cad63a09dd863a4.js Show response
platform.twitter.com/embed/ Frame 6C8E 501 KB
160 KB 30ms
20ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6795) /
Resource Hash: ce2c83aa57d73b90ff0266ebe6d8631a0a090a0406e1108a36056a28b7128a61

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6795)
Age: 684945
Etag: "835a67b4167ec7940920d0e1f512c7f5+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 163558

GET
H/1.1 200
OK embed.i18n.c12629618c7555761d5d.js Show response
platform.twitter.com/embed/ Frame 6C8E 146 B
651 B 48ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.i18n.c12629618c7555761d5d.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: bcce16468496437c5089ea25ac4a21df4b96043deb2220bda588d72283991fff

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67BE)
Age: 684946
Etag: "5f4a09fa71bda22516384aa36d71d94d"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 146

GET
H/1.1 200
OK embed.Tweet.029da80f8b26453e0b38.js Show response
platform.twitter.com/embed/ Frame 6C8E 15 KB
6 KB 50ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.Tweet.029da80f8b26453e0b38.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: fe615fbd950642329b3fad3c7188e0da5447a0a8228073f0f693d363d4687a3d

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/674C)
Age: 684945
Etag: "e572b278e1d13dc770eefde2bb667ff6+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5568

GET
H/1.1 200
OK embed.runtime.e851ed62c68a230e9f26.js Show response
platform.twitter.com/embed/ Frame 0CDA 8 KB
4 KB 63ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6713) /
Resource Hash: 4274adbd0c17d2e823d30dd39dc1de6028fdb879fad9cc4c1b0e36f3fffb61bc

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6713)
Age: 684946
Etag: "acb89077381e8db67d8f763448cf5f09+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 3516

GET
H/1.1 200
OK embed.modules.b77b7cad63a09dd863a4.js Show response
platform.twitter.com/embed/ Frame 0CDA 501 KB
160 KB 68ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6795) /
Resource Hash: ce2c83aa57d73b90ff0266ebe6d8631a0a090a0406e1108a36056a28b7128a61

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6795)
Age: 684945
Etag: "835a67b4167ec7940920d0e1f512c7f5+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 163558

GET
H/1.1 200
OK embed.i18n.c12629618c7555761d5d.js Show response
platform.twitter.com/embed/ Frame 0CDA 146 B
651 B 68ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.i18n.c12629618c7555761d5d.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: bcce16468496437c5089ea25ac4a21df4b96043deb2220bda588d72283991fff

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67BE)
Age: 684946
Etag: "5f4a09fa71bda22516384aa36d71d94d"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 146

GET
H/1.1 200
OK embed.Tweet.029da80f8b26453e0b38.js Show response
platform.twitter.com/embed/ Frame 0CDA 15 KB
6 KB 103ms
13ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.Tweet.029da80f8b26453e0b38.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: fe615fbd950642329b3fad3c7188e0da5447a0a8228073f0f693d363d4687a3d

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/674C)
Age: 684945
Etag: "e572b278e1d13dc770eefde2bb667ff6+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5568

GET
H/1.1 200
OK embed.runtime.e851ed62c68a230e9f26.js Show response
platform.twitter.com/embed/ Frame 9BE5 8 KB
4 KB 73ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6713) /
Resource Hash: 4274adbd0c17d2e823d30dd39dc1de6028fdb879fad9cc4c1b0e36f3fffb61bc

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6713)
Age: 684946
Etag: "acb89077381e8db67d8f763448cf5f09+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 3516

GET
H/1.1 200
OK embed.modules.b77b7cad63a09dd863a4.js Show response
platform.twitter.com/embed/ Frame 9BE5 501 KB
160 KB 67ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6725) /
Resource Hash: ce2c83aa57d73b90ff0266ebe6d8631a0a090a0406e1108a36056a28b7128a61

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6725)
Age: 684945
Etag: "835a67b4167ec7940920d0e1f512c7f5+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 163558

GET
H/1.1 200
OK embed.i18n.c12629618c7555761d5d.js Show response
platform.twitter.com/embed/ Frame 9BE5 146 B
651 B 95ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.i18n.c12629618c7555761d5d.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: bcce16468496437c5089ea25ac4a21df4b96043deb2220bda588d72283991fff

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67BE)
Age: 684946
Etag: "5f4a09fa71bda22516384aa36d71d94d"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 146

GET
H/1.1 200
OK embed.Tweet.029da80f8b26453e0b38.js Show response
platform.twitter.com/embed/ Frame 9BE5 15 KB
6 KB 103ms
13ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.Tweet.029da80f8b26453e0b38.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: fe615fbd950642329b3fad3c7188e0da5447a0a8228073f0f693d363d4687a3d

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/674C)
Age: 684945
Etag: "e572b278e1d13dc770eefde2bb667ff6+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5568

GET
H/1.1 200
OK embed.runtime.e851ed62c68a230e9f26.js Show response
platform.twitter.com/embed/ Frame 9961 8 KB
4 KB 103ms
12ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6713) /
Resource Hash: 4274adbd0c17d2e823d30dd39dc1de6028fdb879fad9cc4c1b0e36f3fffb61bc

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6713)
Age: 684946
Etag: "acb89077381e8db67d8f763448cf5f09+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 3516

GET
H/1.1 200
OK embed.modules.b77b7cad63a09dd863a4.js Show response
platform.twitter.com/embed/ Frame 9961 501 KB
160 KB 169ms
20ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6795) /
Resource Hash: ce2c83aa57d73b90ff0266ebe6d8631a0a090a0406e1108a36056a28b7128a61

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6795)
Age: 684945
Etag: "835a67b4167ec7940920d0e1f512c7f5+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 163558

GET
H/1.1 200
OK embed.i18n.c12629618c7555761d5d.js Show response
platform.twitter.com/embed/ Frame 9961 146 B
651 B 170ms
20ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.i18n.c12629618c7555761d5d.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: bcce16468496437c5089ea25ac4a21df4b96043deb2220bda588d72283991fff

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67BE)
Age: 684946
Etag: "5f4a09fa71bda22516384aa36d71d94d"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 146

GET
H/1.1 200
OK embed.Tweet.029da80f8b26453e0b38.js Show response
platform.twitter.com/embed/ Frame 9961 15 KB
6 KB 170ms
19ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.Tweet.029da80f8b26453e0b38.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: fe615fbd950642329b3fad3c7188e0da5447a0a8228073f0f693d363d4687a3d

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/674C)
Age: 684945
Etag: "e572b278e1d13dc770eefde2bb667ff6+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5568

GET
H3-29 200 css
fonts.googleapis.com/ Frame 3C77 5 KB
589 B 49ms
19ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:700|Montserrat:600|Montserrat:500

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/2b9bca78717e44645984f4bd46ca7462.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6aeda827f439d97c90a633d8fa27a1f01d882d133573c2f694c7ae9dabb5f9f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 16:42:31 GMT
server: ESF
date: Thu, 29 Jul 2021 16:53:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Jul 2021 16:53:21 GMT

GET
H3-29 200 120f29fae9cba472e72f224764eb9c30.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/media/ Frame 3C77 58 KB
58 KB 37ms
12ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/media/120f29fae9cba472e72f224764eb9c30.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a90b77c97ce937272123cb002004c1fb08c3c16498982ed1205334fa47cc53a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 200446
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59832
x-xss-protection: 0
last-modified: Thu, 01 Apr 2021 16:57:04 GMT
server: sffe
date: Tue, 27 Jul 2021 09:12:35 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 09:12:35 GMT

GET
H3-29 200 770014eeb40f7795a0007324325ed550.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/media/ Frame 3C77 8 KB
8 KB 36ms
11ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/media/770014eeb40f7795a0007324325ed550.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8f0baf1841205aef52bf8ea0979c956101be27b9b02f32084c3c507347d3afb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 183342
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7848
x-xss-protection: 0
last-modified: Thu, 01 Apr 2021 16:57:04 GMT
server: sffe
date: Tue, 27 Jul 2021 13:57:39 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 13:57:39 GMT

GET
H3-29 200 64596c29fe077100bc3d5b095c1c96e7.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/media/ Frame 3C77 2 KB
2 KB 52ms
24ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/media/64596c29fe077100bc3d5b095c1c96e7.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5751629574223798899/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7abe79b6d8d622f570fd7b9eb6ef35ff746280fd196e663eedc0963da4301a4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 380995
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1921
x-xss-protection: 0
last-modified: Thu, 01 Apr 2021 16:57:04 GMT
server: sffe
date: Sun, 25 Jul 2021 07:03:26 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Jul 2022 07:03:26 GMT

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame EA10 9 KB
3 KB 38ms
13ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Jul 2021 23:05:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64053
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 29 Jul 2021 23:05:48 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame EA10 26 KB
10 KB 27ms
12ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Jul 2021 18:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80528
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 29 Jul 2021 18:31:13 GMT

GET
H3-29 200 background.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/ Frame EA10 12 KB
12 KB 12ms
9ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/background.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3f135fc58a1ee797411711849ad166a5b794f55afe2286741614305023d9fc9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 191105
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11945
x-xss-protection: 0
last-modified: Wed, 21 Apr 2021 15:46:46 GMT
server: sffe
date: Tue, 27 Jul 2021 11:48:17 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 11:48:17 GMT

GET
H3-29 200 cta.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/ Frame EA10 798 B
830 B 18ms
15ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/cta.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fe48477b81a97da78279177960fcafa766f7e518514167908f373e2966791b8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 210730
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 798
x-xss-protection: 0
last-modified: Wed, 21 Apr 2021 15:46:46 GMT
server: sffe
date: Tue, 27 Jul 2021 06:21:12 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 06:21:12 GMT

GET
H3-29 200 copytext.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/ Frame EA10 2 KB
2 KB 13ms
11ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/copytext.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e12f00039ca757048adc18cd51608890ae586e3ce45a502f8637a2e0c944bf2a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 205666
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1733
x-xss-protection: 0
last-modified: Wed, 21 Apr 2021 15:46:46 GMT
server: sffe
date: Tue, 27 Jul 2021 07:45:36 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 07:45:36 GMT

GET
H3-29 200 headline.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/ Frame EA10 2 KB
2 KB 12ms
10ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/headline.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b7df01e229e0b4dac62fd4772f81c105e717d74fcf487c344a5d5fcdf85df38

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 205666
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1693
x-xss-protection: 0
last-modified: Wed, 21 Apr 2021 15:46:46 GMT
server: sffe
date: Tue, 27 Jul 2021 07:45:36 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 07:45:36 GMT

GET
H3-29 200 eyecatcher.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/ Frame EA10 2 KB
2 KB 22ms
20ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/eyecatcher.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3bef2f0fdeb167c854f55da47c469109525ba4fb4e87a4dd93bf1b01d7d018e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 205666
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2355
x-xss-protection: 0
last-modified: Wed, 21 Apr 2021 15:46:46 GMT
server: sffe
date: Tue, 27 Jul 2021 07:45:36 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 07:45:36 GMT

GET
H3-29 200 logo.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/ Frame EA10 4 KB
4 KB 18ms
17ms Image
image/png 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/logo.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4849682593519171290/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0d912d2012407ce026e3c0cf9720f9430fb6af27658a7cc5575cd7583fb476a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 205666
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4517
x-xss-protection: 0
last-modified: Wed, 21 Apr 2021 15:46:46 GMT
server: sffe
date: Tue, 27 Jul 2021 07:45:36 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 07:45:36 GMT

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 8C05 21 KB
21 KB 20ms
11ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 02:22:18 GMT
x-content-type-options: nosniff
age: 225063
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 02:22:18 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 8C05 21 KB
21 KB 60ms
43ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 13:46:22 GMT
x-content-type-options: nosniff
age: 184019
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 13:46:22 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 80E8 35 B
463 B 86ms
7ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEM4rhZaY_gmhxB1fUotbDPE&google_cver=1&google_push=AYg5qPJWaXPxr1nG08_nZaQi0lp7hytUbkpUkamkyj-287DzN-Nid_1c6KclepH9wLTxkuDWSTazS_eJHT_a3G3p3iWwhr9dwOKr

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:21 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 80E8
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPK4BEEx...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPK4BEEx...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA3MjkxNjUzMjIwMDAyMDc5MDY1NzM1Mw%3D%3D&google_push=AYg5qPK4BEExPq4DVvUoKZWcO-P0CypRvvUwdSQvnDo9SoJEahJjnIExvfa0EKitlzL7xM...

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA3MjkxNjUzMjIwMDAyMDc5MDY1NzM1Mw%3D%3D&google_push=AYg5qPK4BEExPq4DVvUoKZWcO-P0CypRvvUwdSQvnDo9SoJEahJjnIExvfa0EKitlzL7xMOYsXoS5tp1relIU_LP5Tr1w3HWVWc

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA3MjkxNjUzMjIwMDAyMDc5MDY1NzM1Mw%3D%3D&google_push=AYg5qPK4BEExPq4DVvUoKZWcO-P0CypRvvUwdSQvnDo9SoJEahJjnIExvfa0EKitlzL7xMOYsXoS5tp1relIU_LP5Tr1w3HWVWc
pragma: no-cache
date: Thu, 29 Jul 2021 16:53:22 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Thu, 29 Jul 2021 16:53:22 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 80E8 43 B
324 B 98ms
20ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEOLDYomZacEImoCzcnlItL0&google_push=AYg5qPJAOrQp-cpARzC4GLa_NAXyVvBY6Lm2QtTueKvIEzFfA9ISbWXjKZtJbImqCAiFii_Wetg1k4U16O5C4DcYkENRNHcYZLp-&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=1959655354&pi=t.aa~a.776170153~i.21~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=4&bdt=2100&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0&nras=2&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=1712&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=yvO7n89rXJ&p=https%3A//www.malwaretech.com&dtd=93
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:21 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 80E8
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEHSjWMT0y4jtThNJNXINEH8&google_cver=1&google_push=AYg5qPKuvse6WqWnJ73ufchb9tiW_BuRC2ScWteInWuc5DySao-7Ma5xXT0KN5eqDKe-fcJDcUeP1rU9LM789-HnY-p9tnmTadHM
https://rtb.openx.net/sync/dds?google_gid=CAESEHSjWMT0y4jtThNJNXINEH8&google_cver=1&google_push=AYg5qPKuvse6WqWnJ73ufchb9tiW_BuRC2ScWteInWuc5DySao-7Ma5xXT0KN5eqDKe-fcJDcUeP1rU9LM789-HnY-p9tnmTadHM&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKuvse6WqWnJ73ufchb9tiW_BuRC2ScWteInWuc5DySao-7Ma5xXT0KN5eqDKe-fcJDcUeP1rU9LM789-HnY-p9tnmTadHM&google_hm=PMwRDeZ4wR8yvLtIGuM8eA==

170 B
188 B

20ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKuvse6WqWnJ73ufchb9tiW_BuRC2ScWteInWuc5DySao-7Ma5xXT0KN5eqDKe-fcJDcUeP1rU9LM789-HnY-p9tnmTadHM&google_hm=PMwRDeZ4wR8yvLtIGuM8eA==

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:21 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKuvse6WqWnJ73ufchb9tiW_BuRC2ScWteInWuc5DySao-7Ma5xXT0KN5eqDKe-fcJDcUeP1rU9LM789-HnY-p9tnmTadHM&google_hm=PMwRDeZ4wR8yvLtIGuM8eA==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: eas5cgdig54uf6v7ivicrhogrrm3jqoi

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 80E8
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rm4-0P10RPCT_HoZswXb_A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

23ms
20ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rm4-0P10RPCT_HoZswXb_A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLucSQhJ-kZFQ-s6V55m1H4nKj0yO3EfW74qer7Rwlk4uh3qxd-kVGgxLtg7CHtr65q_IU_JSuM6mk7Bjuydft_Tgw0th68

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rm4-0P10RPCT_HoZswXb_A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLucSQhJ-kZFQ-s6V55m1H4nKj0yO3EfW74qer7Rwlk4uh3qxd-kVGgxLtg7CHtr65q_IU_JSuM6mk7Bjuydft_Tgw0th68
date: Thu, 29 Jul 2021 16:53:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 80E8
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMqexDoclusLB3vuXg9m7qA&google_cver=1&google_push=AYg5qPKumWDyOix2x14Nh_trYK6QYE389Cn0eO_9G2UZLl8DEIGM80ZmME9QYlHaNhpPTcEMLwx...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1JQNU9JVDQtMVMtNkc4TA==&google_push=AYg5qPKumWDyOix2x14Nh_trYK6QYE389Cn0eO_9G2UZLl8DEIGM80ZmME9QYlHaNhpPTcEMLwx0OY93ALZYP5O9NaaO3hXKYImc

170 B
188 B

33ms
23ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1JQNU9JVDQtMVMtNkc4TA==&google_push=AYg5qPKumWDyOix2x14Nh_trYK6QYE389Cn0eO_9G2UZLl8DEIGM80ZmME9QYlHaNhpPTcEMLwx0OY93ALZYP5O9NaaO3hXKYImc

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1JQNU9JVDQtMVMtNkc4TA==&google_push=AYg5qPKumWDyOix2x14Nh_trYK6QYE389Cn0eO_9G2UZLl8DEIGM80ZmME9QYlHaNhpPTcEMLwx0OY93ALZYP5O9NaaO3hXKYImc
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 80E8
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOq...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOq...

170 B
243 B

17ms
17ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOqVkrIgYVe-m5b3McNKnritOX6Ni2nQAWYxcR9YA9BmPnhAoshF&google_cver=1&google_tc=

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:25 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_gid=CAESEM-seozLuWvQM8bHvCbw708&google_push=AYg5qPIEPw1hJYMSf4yRcJa9FwW7B8WgtDBd8k7qiRSaeHCnEOqVkrIgYVe-m5b3McNKnritOX6Ni2nQAWYxcR9YA9BmPnhAoshF&google_cver=1&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 488
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 80E8 0
244 B 91ms
18ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KFNvVuWuQ7rovaGxH-Nu8t3pR4vV9QJn4IMfksuYaVZ24Pshuh5LwKRK5qrAFZRVCOSS1a

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2ECA 42 B
64 B 24ms
23ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst3uEsNIVs-uJtQ8oadQQVvr_9ZJn0KCT0gtO7Hbz2-w9y-XQobEGthiax1hdf2zbYw_BL2nxF0ibbUJUwLIRJ3gW2U73pz_Ah4zCSNN7c_ck-8jo8TG5Aaam0CsA&sai=AMfl-YSGmUVZwhvO-EvDzS4ZoirwN16lbU_SItbkAIprmMI8beIwG4Vky3m6GDYwzPQlzFFFu-QXjUEUGKZs&sig=Cg0ArKJSzOLy8ZFiwKWJEAE&id=lidar2&mcvt=1238&p=1076,298,1200,1303&mtos=1023,1238,1238,1238,1238&tos=1023,215,0,0,0&v=20210726&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=1812271801&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1627577599198&dlt=28&rpt=2&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame 5C72 3 KB
3 KB 123ms
119ms XHR
application/json 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=malwaretech2&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.ee2555081038338ea4f41cbb3ea1bc17.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f9a7121f6a8049de1dc7b5a7f8ebc55442bf5f9eaefb22275766ee5574efd8cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:21 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 2983
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js Show response
platform.twitter.com/embed/ Frame 333A 21 KB
7 KB 11ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67F2) /
Resource Hash: c84737ed98fba5d40474804773fa4a889faad2a9f5a7f049c1d850494e9b5f39

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67F2)
Age: 684947
Etag: "633742842407ac7dad3d420012727391+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 7050

GET
H/1.1 200
OK embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js Show response
platform.twitter.com/embed/ Frame 333A 3 KB
2 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: 7b612ff529725ae692fe908ca7abab4d85d2cf65d40a0490185df84bc1bf5654

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6763)
Age: 684946
Etag: "e2a8baad532925d1d8cb8923f885aba8+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 1545

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame B38F 3 KB
3 KB 10ms
10ms XHR
application/json 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=malwaretech2&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.72e35017d98ea7f210961b0d5c38444a.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f9a7121f6a8049de1dc7b5a7f8ebc55442bf5f9eaefb22275766ee5574efd8cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/recommendations/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:22 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 2983
X-XSS-Protection: 1; mode=block

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E5DD
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEK1MlnWh__V-YYadiniWJrY&google_cver=1&google_push=AYg5qPIH1jFObwqbrqZc5u6cHz4-vgR4iDxOTWjJIZ-wK8Np0oJ2lKQhGO...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIH1jFObwqbrqZc5u6cHz4-vgR4iDxOTWjJIZ-wK8Np0oJ2lKQhGOaanCdajmijY6OYApewObvAsA1rozn1lO4QUj3NQhw&google_hm=P1N4q2G...

170 B
188 B

25ms
19ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIH1jFObwqbrqZc5u6cHz4-vgR4iDxOTWjJIZ-wK8Np0oJ2lKQhGOaanCdajmijY6OYApewObvAsA1rozn1lO4QUj3NQhw&google_hm=P1N4q2G6NWuj-sk2mIQqHQ

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPIH1jFObwqbrqZc5u6cHz4-vgR4iDxOTWjJIZ-wK8Np0oJ2lKQhGOaanCdajmijY6OYApewObvAsA1rozn1lO4QUj3NQhw&google_hm=P1N4q2G6NWuj-sk2mIQqHQ
pragma: no-cache
date: Thu, 29 Jul 2021 16:53:22 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E5DD
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJrAl3eSkByoTiVOMS0V_c-auJlG81QX8rmERB2LZvLmaki9sbk_8JcZcFXwJDnxUwpfgOFXpNUUhIftpEqyCuam2VQajs&google_gid=CAESEIHjqzspcNuSkB9CBWAAh9g&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCIK6i4gGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBKckFsM2VTa0J5b1RpVk9NUzBWX2MtYXVKbEc4MVFYOHJtRVJCMkxadkxtYWtpOXNia184SmNaY0ZYd0pEbnhVd3BmZ09GWHBOVVVoSWZ0cE...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwZUVOQ243VXJWTGttbVpJdUJteVVQM1hpc1BreGNPdjdpM2tOMnNQV0lCYw==&google_push

170 B
188 B

41ms
23ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwZUVOQ243VXJWTGttbVpJdUJteVVQM1hpc1BreGNPdjdpM2tOMnNQV0lCYw==&google_push

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 29 Jul 2021 16:53:22 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwZUVOQ243VXJWTGttbVpJdUJteVVQM1hpc1BreGNPdjdpM2tOMnNQV0lCYw==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E5DD
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESELL1aDWVa6Vhan1Q_tDaA3w&google_cver=1&google_push=AYg5qPI5PaSUH2CQLJheuu3at54AvqCjEFesH3L4eieupFFB6Nox2bkq2HKmAfuN70LG7VjkU5EtVWDrANOATkUqExLdL6CNuA
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPI5PaSUH2CQLJheuu3at54AvqCjEFesH3L4eieupFFB6Nox2bkq2HKmAfuN70LG7VjkU5EtVWDrANOATkUqExLdL6CNuA&google_hm=PMwRDeZ4wR8yvLtIGuM8eA==

170 B
188 B

33ms
20ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPI5PaSUH2CQLJheuu3at54AvqCjEFesH3L4eieupFFB6Nox2bkq2HKmAfuN70LG7VjkU5EtVWDrANOATkUqExLdL6CNuA&google_hm=PMwRDeZ4wR8yvLtIGuM8eA==

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:21 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPI5PaSUH2CQLJheuu3at54AvqCjEFesH3L4eieupFFB6Nox2bkq2HKmAfuN70LG7VjkU5EtVWDrANOATkUqExLdL6CNuA&google_hm=PMwRDeZ4wR8yvLtIGuM8eA==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: q6q50hgrt4jek7r710uhqgn56i6femuh

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E5DD
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rm4-0P10RPCT_HoZswXb_A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

26ms
24ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rm4-0P10RPCT_HoZswXb_A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLdToWCIBzh7btmlFnnKYR4ZDCeDBAEMR39ISgGGoG7GZ4UF8gOuL5e7oJjr5-1nBrv6PFGJ41NRNTL5ZIMta2gO6J6jg

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rm4-0P10RPCT_HoZswXb_A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLdToWCIBzh7btmlFnnKYR4ZDCeDBAEMR39ISgGGoG7GZ4UF8gOuL5e7oJjr5-1nBrv6PFGJ41NRNTL5ZIMta2gO6J6jg
date: Thu, 29 Jul 2021 16:53:20 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E5DD
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBl_ZqNi_P-wD0fS7XE4Xak&google_cver=1&google_push=AYg5qPKZT8K5i9GnAGKNaZDid4YTmvnn0WYd_LOSBZlypeZ0BbMLxG2C_qAG04Xod60ItwDCFgh...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1JQNU9KOEYtWC1HTVpV&google_push=AYg5qPKZT8K5i9GnAGKNaZDid4YTmvnn0WYd_LOSBZlypeZ0BbMLxG2C_qAG04Xod60ItwDCFghlMiMc05VoiyyioEWs530dkso

170 B
188 B

23ms
21ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1JQNU9KOEYtWC1HTVpV&google_push=AYg5qPKZT8K5i9GnAGKNaZDid4YTmvnn0WYd_LOSBZlypeZ0BbMLxG2C_qAG04Xod60ItwDCFghlMiMc05VoiyyioEWs530dkso

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1JQNU9KOEYtWC1HTVpV&google_push=AYg5qPKZT8K5i9GnAGKNaZDid4YTmvnn0WYd_LOSBZlypeZ0BbMLxG2C_qAG04Xod60ItwDCFghlMiMc05VoiyyioEWs530dkso
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame E5DD
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau...

170 B
232 B

20ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM&google_tc=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_gid=CAESEICwvQ2Ne8mK9vlrcTu7uMo&google_push=AYg5qPJ3h-uEktr3BDcO8IH5-DadzpTOa3zau9i3RRlDAtg4maaAeT7UdBQbV3Tgl9BpkS6L4GkjpwVxPpYfjYSjMQtlZUxDskM&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 487
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E5DD
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEGG-HI6Z-YWj_dc64e3stkU&google_cver=1&google_push=AYg5qPLsLND-HSCS2j7CzxcK...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLsLND-HSCS2j7CzxcKQ4K6TtyQEpDjm9GFA7CxOe7VBRsjcR3TQFRpdO41P_6xow6Du3-giDuNYMwaTQWsQqb7hdgVxfnu&google_hm=

170 B
188 B

19ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLsLND-HSCS2j7CzxcKQ4K6TtyQEpDjm9GFA7CxOe7VBRsjcR3TQFRpdO41P_6xow6Du3-giDuNYMwaTQWsQqb7hdgVxfnu&google_hm=

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:22 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLsLND-HSCS2j7CzxcKQ4K6TtyQEpDjm9GFA7CxOe7VBRsjcR3TQFRpdO41P_6xow6Du3-giDuNYMwaTQWsQqb7hdgVxfnu&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Wed, 28 Jul 2021 16:53:22 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame E5DD 0
12 B 37ms
36ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JMeRLs07fd6i_I9mYJ_Qy8QpL9VeuRuw0HWxi6pQGh6fvKzyCOjz-owsU9eK4QHmExyv-xMw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:22 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 61E8
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

73ms
72ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=943188358&pi=t.aa~a.776170153~i.59~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=1&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280%2C848x280&nras=5&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4116&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=038e2dKZ4C&p=https%3A//www.malwaretech.com&dtd=188

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm3kCy9iVXIL3dPC2HJMOv3dc0Zl1InTfknUWC1UmJbtLNF-CinpJAhgyX45iY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 29 Jul 2021 16:53:22 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 29-Jul-2021 17:53:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Jul 2021 16:53:22 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 29 Jul 2021 16:53:22 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js Show response
platform.twitter.com/embed/ Frame 6C8E 21 KB
7 KB 10ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67F2) /
Resource Hash: c84737ed98fba5d40474804773fa4a889faad2a9f5a7f049c1d850494e9b5f39

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67F2)
Age: 684947
Etag: "633742842407ac7dad3d420012727391+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 7050

GET
H/1.1 200
OK embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js Show response
platform.twitter.com/embed/ Frame 6C8E 3 KB
2 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: 7b612ff529725ae692fe908ca7abab4d85d2cf65d40a0490185df84bc1bf5654

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6763)
Age: 684946
Etag: "e2a8baad532925d1d8cb8923f885aba8+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 1545

GET
H3-29 200 JTURjIg1_i6t8kCHKm45_ZpC3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/ Frame 3C77 19 KB
19 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_ZpC3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:700|Montserrat:600|Montserrat:500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

965574e97c29813feaa62a0a149731306ee4725e027603b937905375d3121c89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Jul 2021 07:15:47 GMT
x-content-type-options: nosniff
age: 380255
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19272
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:11:03 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Jul 2022 07:15:47 GMT

GET
H3-29 200 JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/ Frame 3C77 19 KB
19 KB 12ms
11ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:700|Montserrat:600|Montserrat:500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 05:41:48 GMT
x-content-type-options: nosniff
age: 213094
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19264
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:13:07 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 05:41:48 GMT

GET
H3-29 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/ Frame 3C77 19 KB
19 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:700|Montserrat:600|Montserrat:500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 14:01:00 GMT
x-content-type-options: nosniff
age: 183142
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19480
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Jul 2022 14:01:00 GMT

GET
H/1.1 200
OK embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js Show response
platform.twitter.com/embed/ Frame 0CDA 21 KB
7 KB 13ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67F2) /
Resource Hash: c84737ed98fba5d40474804773fa4a889faad2a9f5a7f049c1d850494e9b5f39

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67F2)
Age: 684947
Etag: "633742842407ac7dad3d420012727391+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 7050

GET
H/1.1 200
OK embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js Show response
platform.twitter.com/embed/ Frame 0CDA 3 KB
2 KB 9ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: 7b612ff529725ae692fe908ca7abab4d85d2cf65d40a0490185df84bc1bf5654

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6763)
Age: 684946
Etag: "e2a8baad532925d1d8cb8923f885aba8+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 1545

GET
H/1.1 200
OK embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js Show response
platform.twitter.com/embed/ Frame 9BE5 21 KB
7 KB 12ms
12ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67F2) /
Resource Hash: c84737ed98fba5d40474804773fa4a889faad2a9f5a7f049c1d850494e9b5f39

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67F2)
Age: 684947
Etag: "633742842407ac7dad3d420012727391+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 7050

GET
H/1.1 200
OK embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js Show response
platform.twitter.com/embed/ Frame 9BE5 3 KB
2 KB 7ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: 7b612ff529725ae692fe908ca7abab4d85d2cf65d40a0490185df84bc1bf5654

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6763)
Age: 684946
Etag: "e2a8baad532925d1d8cb8923f885aba8+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 1545

GET
H3-29 200 z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js Show response
pagead2.googlesyndication.com/bg/ Frame 0CC9 35 KB
13 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfb87103f40756d26814cb4495c3fcd634c42b6994e19b8b27ce080a39e739b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 18:46:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 166000
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13261
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Jul 2022 18:46:42 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 058C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

39ms
39ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm3kCy9iVXIL3dPC2HJMOv3dc0Zl1InTfknUWC1UmJbtLNF-CinpJAhgyX45iY; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 29 Jul 2021 16:53:22 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 29-Jul-2021 17:53:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Jul 2021 16:53:22 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 29 Jul 2021 16:53:22 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js Show response
pagead2.googlesyndication.com/bg/ Frame AAA2 35 KB
13 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20210727/r20110914/zrt_lookup.html?fsb=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfb87103f40756d26814cb4495c3fcd634c42b6994e19b8b27ce080a39e739b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 18:46:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 166000
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13261
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Jul 2022 18:46:42 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 04C3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

46ms
45ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm3kCy9iVXIL3dPC2HJMOv3dc0Zl1InTfknUWC1UmJbtLNF-CinpJAhgyX45iY; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 29 Jul 2021 16:53:23 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 29-Jul-2021 17:53:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Jul 2021 16:53:23 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 29 Jul 2021 16:53:23 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 07AB
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGdJuiZBGgZYldhFcAyugaY&google_cver=1&google_push=AYg5qPJYKx4qhx2a5ZAfHK90brYptZk3IIi_NJbRcwE5_JJ2eA7IrC-AI5...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJYKx4qhx2a5ZAfHK90brYptZk3IIi_NJbRcwE5_JJ2eA7IrC-AI5ECKZ-orYRowAwEBF_QHIHtUhHJEXr_kUv6Z_kB4r1ETQ&google_hm=P1N4...

170 B
188 B

32ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJYKx4qhx2a5ZAfHK90brYptZk3IIi_NJbRcwE5_JJ2eA7IrC-AI5ECKZ-orYRowAwEBF_QHIHtUhHJEXr_kUv6Z_kB4r1ETQ&google_hm=P1N4q2G6NWuj-sk2mIQqHQ

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJYKx4qhx2a5ZAfHK90brYptZk3IIi_NJbRcwE5_JJ2eA7IrC-AI5ECKZ-orYRowAwEBF_QHIHtUhHJEXr_kUv6Z_kB4r1ETQ&google_hm=P1N4q2G6NWuj-sk2mIQqHQ
pragma: no-cache
date: Thu, 29 Jul 2021 16:53:22 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 07AB
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJM1oASz2JrGtt2ZS2V_4s4lQdHp6h5fW-CiSL...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVFMZEFnQUFBRURAUWdNaA&google_push=AYg5qPJM1oASz2JrGtt2ZS2V_4s4lQdHp6h5fW-CiSLLSN_yEmHaGm3eoBCgq9NWx5-8k7j2b3swEzj70Gayrt1Kt4LZm9af8p...

170 B
188 B

38ms
22ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVFMZEFnQUFBRURAUWdNaA&google_push=AYg5qPJM1oASz2JrGtt2ZS2V_4s4lQdHp6h5fW-CiSLLSN_yEmHaGm3eoBCgq9NWx5-8k7j2b3swEzj70Gayrt1Kt4LZm9af8pmsAA

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVFMZEFnQUFBRURAUWdNaA&google_push=AYg5qPJM1oASz2JrGtt2ZS2V_4s4lQdHp6h5fW-CiSLLSN_yEmHaGm3eoBCgq9NWx5-8k7j2b3swEzj70Gayrt1Kt4LZm9af8pmsAA
Date: Thu, 29 Jul 2021 16:53:22 GMT
Server: Apache
Connection: keep-alive
Content-Length: 393
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 07AB
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESELI49_x1Y_Lu7E9-JhuABkE&google_cver=1&google_push=AYg5qPKOoHpVvA_FhfdxqLjYpn2rN7JsGBe5r0MaE6Es351GbLtpIDy7wZCZubuTm4nfEn-lT_ojW34oRFt2TfrekYLhvs_bnitI
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKOoHpVvA_FhfdxqLjYpn2rN7JsGBe5r0MaE6Es351GbLtpIDy7wZCZubuTm4nfEn-lT_ojW34oRFt2TfrekYLhvs_bnitI&google_hm=Q0FFU0VMSTQ5X3gxWV9Md...

170 B
188 B

42ms
23ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKOoHpVvA_FhfdxqLjYpn2rN7JsGBe5r0MaE6Es351GbLtpIDy7wZCZubuTm4nfEn-lT_ojW34oRFt2TfrekYLhvs_bnitI&google_hm=Q0FFU0VMSTQ5X3gxWV9MdTdFOS1KaHVBQmtF

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 29 Jul 2021 16:53:22 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPKOoHpVvA_FhfdxqLjYpn2rN7JsGBe5r0MaE6Es351GbLtpIDy7wZCZubuTm4nfEn-lT_ojW34oRFt2TfrekYLhvs_bnitI&google_hm=Q0FFU0VMSTQ5X3gxWV9MdTdFOS1KaHVBQmtF
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 07AB
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEOMQTPSo4nBnAP0e6quhFHE&google_cver=1&google_push=AYg5qPKqW1iGj3zVgvY8Wy2QuiM_Ck3qpt0KlLJaRW1KcxGdNiqBTj7XlcQNyeHw7MgIlXKv6IVS8vngM-ElvqkPLTtkRcDT5JLFVg
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKqW1iGj3zVgvY8Wy2QuiM_Ck3qpt0KlLJaRW1KcxGdNiqBTj7XlcQNyeHw7MgIlXKv6IVS8vngM-ElvqkPLTtkRcDT5JLFVg&google_hm=PMwRDeZ4wR8yvLtIGuM8eA==

170 B
188 B

43ms
43ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKqW1iGj3zVgvY8Wy2QuiM_Ck3qpt0KlLJaRW1KcxGdNiqBTj7XlcQNyeHw7MgIlXKv6IVS8vngM-ElvqkPLTtkRcDT5JLFVg&google_hm=PMwRDeZ4wR8yvLtIGuM8eA==

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:22 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKqW1iGj3zVgvY8Wy2QuiM_Ck3qpt0KlLJaRW1KcxGdNiqBTj7XlcQNyeHw7MgIlXKv6IVS8vngM-ElvqkPLTtkRcDT5JLFVg&google_hm=PMwRDeZ4wR8yvLtIGuM8eA==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 0eu165afl6a2sottmtsq4acs76hsm3kj

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 07AB
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rm4-0P10RPCT_HoZswXb_A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

75ms
18ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rm4-0P10RPCT_HoZswXb_A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLftKDLEPWcL1SeNYHQL4nrl2XQ7qezVweiWXBMzxFc9558QIA8bcx11BDH6ptvS0gla7N_yAgFq3igs1CXWONQ2mqFKypJ

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=rm4-0P10RPCT_HoZswXb_A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLftKDLEPWcL1SeNYHQL4nrl2XQ7qezVweiWXBMzxFc9558QIA8bcx11BDH6ptvS0gla7N_yAgFq3igs1CXWONQ2mqFKypJ
date: Thu, 29 Jul 2021 16:53:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 07AB
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENUqWxjKAyUmPKCPcU3kYpM&google_cver=1&google_push=AYg5qPLNtcYxuCy3ArHR25fKxZY0BvUeKJm95LIaPTPPTJ3pxveNCOy5_X3lf9tVePp1R9ejx41...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1JQNU9KU0EtOS1IRFZN&google_push=AYg5qPLNtcYxuCy3ArHR25fKxZY0BvUeKJm95LIaPTPPTJ3pxveNCOy5_X3lf9tVePp1R9ejx413cyweXMIfqoUTwJwERUAlyhaAkw

170 B
188 B

32ms
32ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1JQNU9KU0EtOS1IRFZN&google_push=AYg5qPLNtcYxuCy3ArHR25fKxZY0BvUeKJm95LIaPTPPTJ3pxveNCOy5_X3lf9tVePp1R9ejx413cyweXMIfqoUTwJwERUAlyhaAkw

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1JQNU9KU0EtOS1IRFZN&google_push=AYg5qPLNtcYxuCy3ArHR25fKxZY0BvUeKJm95LIaPTPPTJ3pxveNCOy5_X3lf9tVePp1R9ejx413cyweXMIfqoUTwJwERUAlyhaAkw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 07AB
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WS...

170 B
232 B

22ms
19ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WSg4UQmQppxArwWSPotbYH_61tpw&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ&google_tc=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YQLdAVQpDkZPM9GBAHL1swAABFAAAAIB&google_cver=1&google_push=AYg5qPJ3JYMxnMgrf0Iu8rhJM2d0e6HJge3mEWgqcUyr2oa8MqPwdPZQ6TwM-TuMJA-A3GXvM-WSg4UQmQppxArwWSPotbYH_61tpw&google_gid=CAESECApnJWkGo8pg_FmwS3zUqQ&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 490
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 07AB 0
12 B 22ms
16ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LdcgsMqYVV1Kh-JvWGdmvlDoebRkxh1bFcx1hEs_xgib0aPXjOS4LkFIpTTv-MmY4y2SdH

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:22 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js Show response
platform.twitter.com/embed/ Frame 9961 21 KB
7 KB 9ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67F2) /
Resource Hash: c84737ed98fba5d40474804773fa4a889faad2a9f5a7f049c1d850494e9b5f39

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67F2)
Age: 684947
Etag: "633742842407ac7dad3d420012727391+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 7050

GET
H/1.1 200
OK embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js Show response
platform.twitter.com/embed/ Frame 9961 3 KB
2 KB 16ms
11ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: 7b612ff529725ae692fe908ca7abab4d85d2cf65d40a0490185df84bc1bf5654

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6763)
Age: 684946
Etag: "e2a8baad532925d1d8cb8923f885aba8+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 1545

GET
H3-29 200 z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js Show response
pagead2.googlesyndication.com/bg/ Frame AADA 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2440601624&pi=t.aa~a.776170153~i.27~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=2&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280&nras=3&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2275&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=nLqoTljdtd&p=https%3A//www.malwaretech.com&dtd=123

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfb87103f40756d26814cb4495c3fcd634c42b6994e19b8b27ce080a39e739b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 18:46:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 166000
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13261
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Jul 2022 18:46:42 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0BCF
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

52ms
39ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm3kCy9iVXIL3dPC2HJMOv3dc0Zl1InTfknUWC1UmJbtLNF-CinpJAhgyX45iY; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 29 Jul 2021 16:53:23 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 29-Jul-2021 17:53:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Jul 2021 16:53:23 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 29 Jul 2021 16:53:23 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js Show response
pagead2.googlesyndication.com/bg/ Frame 430B 35 KB
13 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3337609182489974&output=html&h=280&adk=1913715654&adf=2878913026&pi=t.aa~a.776170153~i.33~rp.4&w=848&fwrn=4&fwrnh=100&lmt=1627577598&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6231692264&psa=0&ad_type=text_image&format=848x280&url=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&flash=0&fwr=0&pra=3&rh=200&rw=847&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1627577598493&bpp=6&bdt=2101&idt=-M&shv=r20210727&mjsv=m202107280101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0f06b3a96c49efac-221b45667cc900ce%3AT%3D1627577597%3ART%3D1627577597%3AS%3DALNI_Mbgtd72cx-pvxCmpkkgIGWmIS9nCw&prev_fmts=0x0%2C848x280%2C848x280&nras=4&correlator=920484415588&frm=20&pv=1&ga_vid=2108697425.1627577597&ga_sid=1627577597&ga_hid=967855583&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=2813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066431%2C20211866&oid=3&pvsid=2812006615512021&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=305J1TEuYD&p=https%3A//www.malwaretech.com&dtd=155

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfb87103f40756d26814cb4495c3fcd634c42b6994e19b8b27ce080a39e739b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 18:46:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 166001
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13261
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Jul 2022 18:46:42 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1624570071/images/ Frame 5C72 2 KB
2 KB 103ms
6ms Image
image/png 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1624570071/images/noavatar92.png

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:23 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1920099
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
content-type: image/png
content-length: 1644
x-amz-cf-id: PbMVeM2iWmudwIaI31RBJmSVugFre_LpJLL2G4ilL6tNFDLra-hEMw==
expires: Fri, 06 Aug 2021 11:31:45 GMT

GET
DATA 200
OK truncated
/ Frame 5C72 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 5C72 13 KB
13 KB 47ms
47ms Image
image/svg+xml 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.e16bb81d3982e913e07bd7f31be71a6c.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.e16bb81d3982e913e07bd7f31be71a6c.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 14:37:41 GMT
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 7956941
x-cache: Hit from cloudfront
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 27 Apr 2021 21:01:56 GMT
server: nginx
etag: "60887bc4-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Thu, 28 Apr 2022 14:37:41 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: b4MJ_CjQMEeupuxKlDUpt8GKa4X9qqDgZcZ2wrqosWfpjghjWmkLTg==
x-cache-hits: 0

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame 5C72 3 KB
3 KB 16ms
13ms Image
image/gif 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.e16bb81d3982e913e07bd7f31be71a6c.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.e16bb81d3982e913e07bd7f31be71a6c.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 03 Feb 2021 04:58:07 GMT
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 15249316
x-cache: Hit from cloudfront
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 27 Jan 2021 17:23:07 GMT
server: nginx
etag: "6011a17b-b9b"
content-type: image/gif
access-control-allow-origin: *
expires: Thu, 03 Feb 2022 04:58:07 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: yZpcw5Ru5G5m5HdCQ6y7kk7Ar1w9ljj5d1M9Q9WeUear0lffObpkCw==
x-cache-hits: 0

GET
H2 200 sprite.654110a9206fd22f08cca0798e34a65e.png
c.disquscdn.com/next/embed/assets/img/ Frame 5C72 2 KB
2 KB 17ms
14ms Image
image/png 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.654110a9206fd22f08cca0798e34a65e.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.e16bb81d3982e913e07bd7f31be71a6c.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

cdba739c28b41f39ce438f2bf204fe739dc81a26cf559a9394ceed56a0666bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.e16bb81d3982e913e07bd7f31be71a6c.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 10:47:19 GMT
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 4169164
x-cache: Hit from cloudfront
content-length: 1862
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Thu, 10 Jun 2021 21:33:44 GMT
server: nginx
etag: "60c28538-746"
content-type: image/png
access-control-allow-origin: *
expires: Sat, 11 Jun 2022 10:47:19 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: KVcBybhWGuTudA5uFNi5ctc2cAbXkasC_Gs1MtSdQ1ZFIL8rk-3UMQ==
x-cache-hits: 0

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame 5C72 8 KB
8 KB 17ms
15ms Font
application/octet-stream 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.e16bb81d3982e913e07bd7f31be71a6c.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: https://disqus.com
Referer: https://c.disquscdn.com/next/embed/styles/lounge.e16bb81d3982e913e07bd7f31be71a6c.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 09:01:33 GMT
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 7458709
x-cache: Hit from cloudfront
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 28 Apr 2021 21:48:08 GMT
server: nginx
etag: "6089d818-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
expires: Wed, 04 May 2022 09:01:33 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: pvVR17PuYjxXx7eu4JFHiM-HeyeLAdSY5v9pvkNxcv4Dibp99Pbwfg==
x-cache-hits: 0

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 70D6
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
179 B

47ms
43ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 29 Jul 2021 16:53:24 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Thu, 29-Jul-2021 17:53:24 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 29 Jul 2021 16:53:24 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 29 Jul 2021 16:53:23 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js Show response
platform.twitter.com/embed/ Frame 333A 118 KB
32 KB 8ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67E2) /
Resource Hash: 404c99a291c53119a6bc17d791918a0c258daa0b2ff5740d8387da180085cc35

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:23 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67E2)
Age: 684947
Etag: "5f5c2203dc3e7463e8048cccdc25073d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 31959

GET
H/1.1 200
OK embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js Show response
platform.twitter.com/embed/ Frame 333A 16 KB
6 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6738) /
Resource Hash: de6bfdf9ff0a2da5cf6e7f959ff0298d69a2eba4d4fafc5a457dd9513e2147b6

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:23 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6738)
Age: 684947
Etag: "4e87c3299d0f183ececc85b416a98a5d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5753

GET
H/1.1 200
OK embed.ondemand.Tweet.558da5fe906389ef3875.js Show response
platform.twitter.com/embed/ Frame 333A 61 KB
15 KB 8ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Tweet.558da5fe906389ef3875.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BC) /
Resource Hash: 67160ef47f7f9ef7e7239c8ed916e10ea1b4c5828efe95effb59379c134c22c7

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=879777725493506050&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:23 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67BC)
Age: 684947
Etag: "28ff7c255307815dcb4107968c276425+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14679

GET
H/1.1 200
OK listRecommendations.json Show response
disqus.com/api/3.0/discovery/ Frame B38F 7 KB
8 KB 13ms
12ms XHR
application/json 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/discovery/listRecommendations.json?forum=malwaretech2&thread=ident%3A1535+https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&limit=8&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.72e35017d98ea7f210961b0d5c38444a.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

62ff73f76c13787fb9848a701a7af6766ef044fccfbdd317a5eec5fea11d8b7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/recommendations/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:24 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 140
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control: stale-while-revalidate=450, public, max-age=1800
Connection: keep-alive
Content-Type: application/json
Vary: Origin
Content-Length: 7534
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js Show response
platform.twitter.com/embed/ Frame 0CDA 118 KB
32 KB 8ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67E2) /
Resource Hash: 404c99a291c53119a6bc17d791918a0c258daa0b2ff5740d8387da180085cc35

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67E2)
Age: 684948
Etag: "5f5c2203dc3e7463e8048cccdc25073d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 31959

GET
H/1.1 200
OK embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js Show response
platform.twitter.com/embed/ Frame 0CDA 16 KB
6 KB 8ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6738) /
Resource Hash: de6bfdf9ff0a2da5cf6e7f959ff0298d69a2eba4d4fafc5a457dd9513e2147b6

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6738)
Age: 684948
Etag: "4e87c3299d0f183ececc85b416a98a5d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5753

GET
H/1.1 200
OK embed.ondemand.Tweet.558da5fe906389ef3875.js Show response
platform.twitter.com/embed/ Frame 0CDA 61 KB
15 KB 8ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Tweet.558da5fe906389ef3875.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BC) /
Resource Hash: 67160ef47f7f9ef7e7239c8ed916e10ea1b4c5828efe95effb59379c134c22c7

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67BC)
Age: 684948
Etag: "28ff7c255307815dcb4107968c276425+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14679

GET
H2 200 alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js Show response
c.disquscdn.com/next/embed/ 78 KB
27 KB 14ms
12ms Script
application/javascript 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js

Requested by

Host: malwaretech2.disqus.com
URL: https://malwaretech2.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 05 May 2021 15:25:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7349274
x-cache: Hit from cloudfront
content-length: 26578
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Wed, 28 Apr 2021 21:48:08 GMT
server: nginx
etag: "6089d818-67d2"
content-type: application/javascript; charset=utf-8
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
expires: Thu, 05 May 2022 15:25:30 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
timing-allow-origin: *
x-amz-cf-id: mYwpmKspzKrUjdHlq2AVw7I1sxn2g_nuLH7bVyz0aFvDDoIjZm_0RA==
x-cache-hits: 0

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js Show response
platform.twitter.com/embed/ Frame 9BE5 118 KB
32 KB 8ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67E2) /
Resource Hash: 404c99a291c53119a6bc17d791918a0c258daa0b2ff5740d8387da180085cc35

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67E2)
Age: 684948
Etag: "5f5c2203dc3e7463e8048cccdc25073d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 31959

GET
H/1.1 200
OK embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js Show response
platform.twitter.com/embed/ Frame 9BE5 16 KB
6 KB 8ms
8ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6738) /
Resource Hash: de6bfdf9ff0a2da5cf6e7f959ff0298d69a2eba4d4fafc5a457dd9513e2147b6

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6738)
Age: 684948
Etag: "4e87c3299d0f183ececc85b416a98a5d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5753

GET
H/1.1 200
OK embed.ondemand.Tweet.558da5fe906389ef3875.js Show response
platform.twitter.com/embed/ Frame 9BE5 61 KB
15 KB 9ms
8ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Tweet.558da5fe906389ef3875.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BC) /
Resource Hash: 67160ef47f7f9ef7e7239c8ed916e10ea1b4c5828efe95effb59379c134c22c7

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-3&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880042027827818496&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67BC)
Age: 684948
Etag: "28ff7c255307815dcb4107968c276425+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14679

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js Show response
platform.twitter.com/embed/ Frame 9961 118 KB
32 KB 11ms
10ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67E2) /
Resource Hash: 404c99a291c53119a6bc17d791918a0c258daa0b2ff5740d8387da180085cc35

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67E2)
Age: 684948
Etag: "5f5c2203dc3e7463e8048cccdc25073d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 31959

GET
H/1.1 200
OK embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js Show response
platform.twitter.com/embed/ Frame 9961 16 KB
6 KB 11ms
9ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6738) /
Resource Hash: de6bfdf9ff0a2da5cf6e7f959ff0298d69a2eba4d4fafc5a457dd9513e2147b6

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6738)
Age: 684948
Etag: "4e87c3299d0f183ececc85b416a98a5d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5753

GET
H/1.1 200
OK embed.ondemand.Tweet.558da5fe906389ef3875.js Show response
platform.twitter.com/embed/ Frame 9961 61 KB
15 KB 13ms
11ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Tweet.558da5fe906389ef3875.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BC) /
Resource Hash: 67160ef47f7f9ef7e7239c8ed916e10ea1b4c5828efe95effb59379c134c22c7

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-2&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880148844998164482&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67BC)
Age: 684948
Etag: "28ff7c255307815dcb4107968c276425+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14679

GET
H2 200 get
c.disquscdn.com/ Frame B38F 87 KB
88 KB 45ms
43ms Image
image/png 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fwww.malwaretech.com%2Fwp-content%2Fuploads%2F2014%2F12%2Fcaptcha.png&key=jjxxfwbsiw7zFsYUN6a3FA&h=200

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

91d2b5903a9e4cfebf98c934bc6e2479aac8cad61661beba82766fa95457ed06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 02:52:58 GMT
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 914426
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-cache-hits: 0
content-length: 89458
x-xss-protection: 1; mode=block
x-served-by: static-web-1
server: nginx
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/png
cache-control: max-age=2592000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-amz-cf-id: GfxAeuPL0eTa8w46iVR2LtxvrZeJgakCmu0oglQezrvSCbxzFB_Lrg==
expires: Wed, 18 Aug 2021 02:52:58 GMT

GET
H2 200 get
c.disquscdn.com/ Frame B38F 43 KB
44 KB 24ms
21ms Image
image/png 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fwww.malwaretech.com%2Fwp-content%2Fuploads%2F2019%2F04%2Finternet_explorer_crash.png&key=C8OQhRQwSpxCA7UiI_My8A&h=200

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

8e1c80199dd3ec8268c06e30aa2a955d86b480c46fe7ff3af5ebd1d915715764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 19:09:46 GMT
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 1633418
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-cache-hits: 0
content-length: 44414
x-xss-protection: 1; mode=block
x-served-by: static-web-1
server: nginx
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/png
cache-control: max-age=2592000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-amz-cf-id: zOno3fA2NDrEzJro1by9lcQQV3bzeGTVaN729r0aoXDAXMiRHwKhUA==
expires: Mon, 09 Aug 2021 19:09:46 GMT

GET
H2 200 get
c.disquscdn.com/ Frame B38F 58 KB
58 KB 24ms
23ms Image
image/png 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fwww.malwaretech.com%2Fwp-content%2Fuploads%2F2019%2F03%2Fdisassembler.png&key=7mwnlT0XFdqqqu65MvWZcw&h=200

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

be891f62d9521e895d0be74d79be884faf6565b7850e432d7c8b7ab975e3e3c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 10 Jul 2021 19:09:46 GMT
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 1633418
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-cache-hits: 0
content-length: 59267
x-xss-protection: 1; mode=block
x-served-by: static-web-1
server: nginx
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/png
cache-control: max-age=2592000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-amz-cf-id: M3V6uEg_GLU272UAfK5K-IW83L5lwe4wx4ODN0slxFPpo7ONTR3KPA==
expires: Mon, 09 Aug 2021 19:09:46 GMT

GET
H2 200 get
c.disquscdn.com/ Frame B38F 118 KB
118 KB 18ms
17ms Image
image/png 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fwww.malwaretech.com%2Fwp-content%2Fuploads%2F2015%2F08%2Fcards.png&key=RpNLOOanNTyJC38rIiG1Uw&h=200

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7f24e93971c1ae26af16393896e13972fd020446b9bf0cbd945bb64b1b7b1e8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 05:16:20 GMT
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 905824
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-cache-hits: 0
content-length: 120519
x-xss-protection: 1; mode=block
x-served-by: static-web-2
server: nginx
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/png
cache-control: max-age=2592000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-amz-cf-id: 5i06zLVRScgX1rCIO2RjTmuzwpO48mgpVIRyIWlw3l2N2Jaz1-dzAg==
expires: Wed, 18 Aug 2021 05:16:20 GMT

GET
H2 200 get
c.disquscdn.com/ Frame B38F 16 KB
16 KB 45ms
44ms Image
image/jpeg 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fwww.malwaretech.com%2Fwp-content%2Fuploads%2F2017%2F05%2FWannaCrypt.jpg&key=Q0tCHYzRv66vimz4yUmR0w&h=200

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

67a9ceea9926491c110367bbe37ca5841e480208b064926ec1fc86b7e3b88e1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 05:15:45 GMT
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 906701
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-cache-hits: 0
content-length: 16159
x-xss-protection: 1; mode=block
x-served-by: static-web-1
server: nginx
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/jpeg
cache-control: max-age=2592000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-amz-cf-id: iSxjp31tclK07M0POzHRs2feIXhZFgp2ZNREg6BS4qh0iGLbPc_AzQ==
expires: Wed, 18 Aug 2021 05:15:45 GMT

GET
H2 200 get
c.disquscdn.com/ Frame B38F 71 KB
71 KB 18ms
17ms Image
image/png 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fwww.malwaretech.com%2Fwp-content%2Fuploads%2F2016%2F10%2FMiraiMap.png&key=WGOBrzJPD1foUZQh9Qs1cw&h=200

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2c4ed99e21067a8a29c91148af041a3b2a6c131b836ea55dac72258fdf56df5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 04:55:30 GMT
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 907074
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-cache-hits: 0
content-length: 72251
x-xss-protection: 1; mode=block
x-served-by: static-web-2
server: nginx
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/png
cache-control: max-age=2592000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-amz-cf-id: 1klrKxmavbq-BjbbiBCzFT0GQSWdicPvFjXfs1CPaV76jweT-TMlHw==
expires: Wed, 18 Aug 2021 04:55:30 GMT

GET
H2 200 get
c.disquscdn.com/ Frame B38F 47 KB
48 KB 60ms
21ms Image
image/png 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fwww.malwaretech.com%2Fwp-content%2Fuploads%2F2014%2F05%2Fevolution.png&key=wAat5tdi_K2EtAoWewWipQ&h=200

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

38a600f961606d197be4f9b689cb066fcc28dd979b51761bfb1be5f6d42d3b7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 03:53:52 GMT
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 914517
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-cache-hits: 0
content-length: 48321
x-xss-protection: 1; mode=block
x-served-by: static-web-1
server: nginx
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/png
cache-control: max-age=2592000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-amz-cf-id: oEZMh0bRVuoMOtqy328eRfRwEsFPrXpwZ6IOjOwNnHuhQyL8f72akg==
expires: Wed, 18 Aug 2021 03:53:52 GMT

GET
H2 200 get
c.disquscdn.com/ Frame B38F 86 KB
87 KB 36ms
15ms Image
image/png 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/get?url=https%3A%2F%2Fwww.malwaretech.com%2Fwp-content%2Fuploads%2F2016%2F08%2FGeoDistributionMap.png&key=dJi6kiR-2bCJVxAQ2g1yBg&h=200

Requested by

Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

5d857762454f761ad50d5c4584d2013b78bc62e1c23315aa995ee4f0f17f47ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 05:04:23 GMT
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 911569
x-cache: Hit from cloudfront
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-cache-hits: 0
content-length: 88485
x-xss-protection: 1; mode=block
x-served-by: static-web-2
server: nginx
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/png
cache-control: max-age=2592000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-amz-cf-id: rnPBV6pyaOQSYGcwsYa8ONs5dyKFR5v8cmFdHRqDtNaljpru5904IQ==
expires: Wed, 18 Aug 2021 05:04:23 GMT

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js Show response
platform.twitter.com/embed/ Frame 6C8E 118 KB
32 KB 9ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67E2) /
Resource Hash: 404c99a291c53119a6bc17d791918a0c258daa0b2ff5740d8387da180085cc35

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67E2)
Age: 684948
Etag: "5f5c2203dc3e7463e8048cccdc25073d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 31959

GET
H/1.1 200
OK embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js Show response
platform.twitter.com/embed/ Frame 6C8E 16 KB
6 KB 15ms
13ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6738) /
Resource Hash: de6bfdf9ff0a2da5cf6e7f959ff0298d69a2eba4d4fafc5a457dd9513e2147b6

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/6738)
Age: 684948
Etag: "4e87c3299d0f183ececc85b416a98a5d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5753

GET
H/1.1 200
OK embed.ondemand.Tweet.558da5fe906389ef3875.js Show response
platform.twitter.com/embed/ Frame 6C8E 61 KB
15 KB 15ms
13ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Tweet.558da5fe906389ef3875.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BC) /
Resource Hash: 67160ef47f7f9ef7e7239c8ed916e10ea1b4c5828efe95effb59379c134c22c7

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-1&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880011103161524224&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67BC)
Age: 684948
Etag: "28ff7c255307815dcb4107968c276425+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14679

GET
H2 200 noavatar92.png
a.disquscdn.com/1624570071/images/ Frame 5C72 2 KB
2 KB 16ms
8ms Image
image/png 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1624570071/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.106faac21c6c76e0298d1a260d46eaf3.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:24 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1920100
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
content-type: image/png
content-length: 1644
x-amz-cf-id: PbMVeM2iWmudwIaI31RBJmSVugFre_LpJLL2G4ilL6tNFDLra-hEMw==
expires: Fri, 06 Aug 2021 11:31:45 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ Frame 5C72 3 KB
2 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.ee2555081038338ea4f41cbb3ea1bc17.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f90e3d6fcfbe64196e1e00f492ef5315be2fbc4806569dd90d5bb36fc19828c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: BqPLQHFNoOZbrJcc6vFL6w==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: fw4f9TvXNrabTKpL2MGFzrBqvEs/14iAtAxfFbcq1doqtQqSkzNId9ireDM9g+A0fUmXoP3XnnwhClVr6rp2gQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 05c6a28ddd2a147998afc7ebbbb545c4
x-frame-options: DENY
date: Thu, 29 Jul 2021 16:53:25 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "0e7fcd747492885afb773d68af68689f"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 29 Jul 2021 17:00:34 GMT

GET
H2 200 api.js Show response
apis.google.com/js/ Frame 5C72 13 KB
6 KB 28ms
28ms Script
application/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.ee2555081038338ea4f41cbb3ea1bc17.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

988bcde72299686944d0d999925fb176b03d274eb3f1b2dc9f714654a93bfabf

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-XzafSRAElURo5zyKx/Sa2w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "b6acb3309cfece49fdc532caca33f653"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-XzafSRAElURo5zyKx/Sa2w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Thu, 29 Jul 2021 16:53:25 GMT

GET
H2 200 z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js Show response
pagead2.googlesyndication.com/bg/ Frame 3C77 35 KB
13 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfb87103f40756d26814cb4495c3fcd634c42b6994e19b8b27ce080a39e739b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 18:46:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 166003
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13261
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Jul 2022 18:46:42 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1624570071/images/ Frame 5C72 2 KB
2 KB 10ms
9ms Image
image/png 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1624570071/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.106faac21c6c76e0298d1a260d46eaf3.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:25 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1920101
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
content-type: image/png
content-length: 1644
x-amz-cf-id: PbMVeM2iWmudwIaI31RBJmSVugFre_LpJLL2G4ilL6tNFDLra-hEMw==
expires: Fri, 06 Aug 2021 11:31:45 GMT

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
102 B 255ms
32ms Image
image/gif 2606:4700::6810:a30d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=1&rn=9.257774151943583
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a30d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:25 GMT
cf-cache-status: HIT
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
age: 6
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=15, must-revalidate
content-length: 43
accept-ranges: bytes
cf-ray: 6767dd026b7d1786-FRA
x-amz-request-id: 9XASVBPZZ8WMPQ1Y
x-amz-id-2: pMKguQPpwTprnkBouPC+bayQrVoLCHZ6TrT0OgWZdfwvxczOfNycx8DBPVGD9kavO0wDreinU127ASoHSbVa+Q==

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
439 B 250ms
29ms Image
image/gif 2606:4700::6810:a30d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=2&rn=9.257774151943583
Requested by: Host: www.malwaretech.com
URL: https://www.malwaretech.com/2017/06/petya-ransomware-attack-whats-known.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a30d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:25 GMT
cf-cache-status: HIT
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
age: 6
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=15, must-revalidate
content-length: 43
accept-ranges: bytes
cf-ray: 6767dd026b831786-FRA
x-amz-request-id: 9XASVBPZZ8WMPQ1Y
x-amz-id-2: pMKguQPpwTprnkBouPC+bayQrVoLCHZ6TrT0OgWZdfwvxczOfNycx8DBPVGD9kavO0wDreinU127ASoHSbVa+Q==

GET
H2 200 noavatar92.png
a.disquscdn.com/1624570071/images/ Frame 5C72 2 KB
2 KB 7ms
7ms Image
image/png 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1624570071/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.106faac21c6c76e0298d1a260d46eaf3.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:25 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1920101
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
content-type: image/png
content-length: 1644
x-amz-cf-id: PbMVeM2iWmudwIaI31RBJmSVugFre_LpJLL2G4ilL6tNFDLra-hEMw==
expires: Fri, 06 Aug 2021 11:31:45 GMT

GET
H3-29 200 z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js Show response
pagead2.googlesyndication.com/bg/ Frame EA10 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfb87103f40756d26814cb4495c3fcd634c42b6994e19b8b27ce080a39e739b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 18:46:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 166003
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13261
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Jul 2022 18:46:42 GMT

GET
H2 200 tweet Show response
cdn.syndication.twimg.com/ Frame 0CDA 3 KB
1 KB 281ms
172ms XHR
application/json 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweet?features=tfw_experiments_cookie_expiration%3A1209600%3Btfw_horizon_tweet_embed_9555%3Ahte%3Btfw_space_card%3Aoff&id=880387463746920448&lang=en

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f / Express

Resource Hash

c0174ef3391978a1466135a23dad7d8402ea30b1c447a725820d788765970d16

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding: gzip
etag: W/"c0f-IdM7DSmQ4B4DnZbpyGYEV4jNK3I"
x-powered-by: Express
access-control-allow-methods: GET
strict-transport-security: max-age=631138519
x-xss-protection: 0
server: tsa_f
x-frame-options: SAMEORIGIN
date: Thu, 29 Jul 2021 16:53:25 GMT
vary: Origin, Accept-Encoding
x-tw-cdn: VZ, VZ
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=60
access-control-allow-credentials: true
x-connection-hash: 66356c4d1d1c5ce3d290c8342d2d2f899749a97b7c48ba0e27bf4af1422c2ed7
x-content-type-options: nosniff
access-contol-allow-origin: platform.twitter.com

GET
H2 200 tweet Show response
cdn.syndication.twimg.com/ Frame 9BE5 1 KB
1 KB 259ms
171ms XHR
application/json 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweet?features=tfw_experiments_cookie_expiration%3A1209600%3Btfw_horizon_tweet_embed_9555%3Ahte%3Btfw_space_card%3Aoff&id=880042027827818496&lang=en

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f / Express

Resource Hash

569840271d599d399323b7bf47d1644e91fdc5b82e29b5d8835906522aaba267

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding: gzip
etag: W/"419-drB6yMPQgY0UG7BcAtdrXvbzZSo"
x-powered-by: Express
access-control-allow-methods: GET
strict-transport-security: max-age=631138519
x-xss-protection: 0
server: tsa_f
x-frame-options: SAMEORIGIN
date: Thu, 29 Jul 2021 16:53:25 GMT
vary: Origin, Accept-Encoding
x-tw-cdn: VZ, VZ
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=60
access-control-allow-credentials: true
x-connection-hash: 4ecabd84013f01c0562ba691a113f368f0d0c06a24a24cd1a30e7372442695ae
x-content-type-options: nosniff
access-contol-allow-origin: platform.twitter.com

GET
H2 200 tweet Show response
cdn.syndication.twimg.com/ Frame 333A 2 KB
807 B 289ms
212ms XHR
application/json 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweet?features=tfw_experiments_cookie_expiration%3A1209600%3Btfw_horizon_tweet_embed_9555%3Ahte%3Btfw_space_card%3Aoff&id=879777725493506050&lang=en

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f / Express

Resource Hash

9df80f598b6a3fff666671845f097573b482f597eed2cabaf160252c1b215561

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding: gzip
etag: W/"6d5-4iz2PBNVu3kROoP8UoMy94I0Ay4"
x-powered-by: Express
access-control-allow-methods: GET
strict-transport-security: max-age=631138519
x-xss-protection: 0
server: tsa_f
x-frame-options: SAMEORIGIN
date: Thu, 29 Jul 2021 16:53:25 GMT
vary: Origin, Accept-Encoding
x-tw-cdn: VZ, VZ
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=60
access-control-allow-credentials: true
x-connection-hash: ebfc66268afaeb435d7e2dfd6fc4bcee0ed528a38d9533774a395bc77fbe5721
x-content-type-options: nosniff
access-contol-allow-origin: platform.twitter.com

GET
H2 200 noavatar92.png
a.disquscdn.com/1624570071/images/ Frame 5C72 2 KB
2 KB 12ms
9ms Image
image/png 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1624570071/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.106faac21c6c76e0298d1a260d46eaf3.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:25 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1920101
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
content-type: image/png
content-length: 1644
x-amz-cf-id: PbMVeM2iWmudwIaI31RBJmSVugFre_LpJLL2G4ilL6tNFDLra-hEMw==
expires: Fri, 06 Aug 2021 11:31:45 GMT

GET
H2 200 tweet Show response
cdn.syndication.twimg.com/ Frame 9961 2 KB
878 B 196ms
195ms XHR
application/json 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweet?features=tfw_experiments_cookie_expiration%3A1209600%3Btfw_horizon_tweet_embed_9555%3Ahte%3Btfw_space_card%3Aoff&id=880148844998164482&lang=en

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f / Express

Resource Hash

65a55c6e68fef4f6e85c5a23cbe48fb0add1e4b74749426fc7ac589febf022e3

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding: gzip
etag: W/"612-QzQ46NlaUpBT6AgjsLLcVQZ6IRg"
x-powered-by: Express
access-control-allow-methods: GET
strict-transport-security: max-age=631138519
x-xss-protection: 0
server: tsa_f
x-frame-options: SAMEORIGIN
date: Thu, 29 Jul 2021 16:53:25 GMT
vary: Origin, Accept-Encoding
x-tw-cdn: VZ, VZ
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=60
access-control-allow-credentials: true
x-connection-hash: 5ee8fe934f337bc8e6d438166b0481cde782b2d9cc442a8869ea265aabbd7222
x-content-type-options: nosniff
access-contol-allow-origin: platform.twitter.com

GET
H2 200 tweet Show response
cdn.syndication.twimg.com/ Frame 6C8E 720 B
590 B 354ms
352ms XHR
application/json 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweet?features=tfw_experiments_cookie_expiration%3A1209600%3Btfw_horizon_tweet_embed_9555%3Ahte%3Btfw_space_card%3Aoff&id=880011103161524224&lang=en

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f / Express

Resource Hash

c84764b22a1a8c51d041d115173298e5dce71e529acdaf181a094e15be914eac

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding: gzip
etag: W/"2d0-xPF6sHqiDG1JQt9f3lOHt6ooFn0"
x-powered-by: Express
access-control-allow-methods: GET
strict-transport-security: max-age=631138519
content-length: 469
x-xss-protection: 0
server: tsa_f
x-frame-options: SAMEORIGIN
date: Thu, 29 Jul 2021 16:53:25 GMT
vary: Origin, Accept-Encoding
x-tw-cdn: VZ, VZ
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=60
access-control-allow-credentials: true
x-connection-hash: 3b23a54e19fc08c232a5495fa35aef9e33e18cfac122b565aa8ddbc81bd1aa1a
x-content-type-options: nosniff
access-contol-allow-origin: platform.twitter.com

GET
H2 200 noavatar92.png
a.disquscdn.com/1624570071/images/ Frame 5C72 2 KB
2 KB 13ms
13ms Image
image/png 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1624570071/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.106faac21c6c76e0298d1a260d46eaf3.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:25 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1920101
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
content-type: image/png
content-length: 1644
x-amz-cf-id: PbMVeM2iWmudwIaI31RBJmSVugFre_LpJLL2G4ilL6tNFDLra-hEMw==
expires: Fri, 06 Aug 2021 11:31:45 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1624570071/images/ Frame 5C72 2 KB
2 KB 9ms
9ms Image
image/png 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1624570071/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.106faac21c6c76e0298d1a260d46eaf3.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:25 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1920101
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
content-type: image/png
content-length: 1644
x-amz-cf-id: PbMVeM2iWmudwIaI31RBJmSVugFre_LpJLL2G4ilL6tNFDLra-hEMw==
expires: Fri, 06 Aug 2021 11:31:45 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 54ms
31ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210727&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

246b9053ae628859affc9164c3e95ba3e31548f2d632e2a2256dc31e579dacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 29 Jul 2021 16:53:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8609
x-xss-protection: 0

GET
H2 200 jot
syndication.twitter.com/i/ Frame 9BE5 43 B
375 B 130ms
130ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1627577605831%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-3%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22803dae2%3A1626818191152%22%2C%22item_ids%22%3A%5B%22880042027827818496%22%5D%2C%22item_details%22%3A%7B%22880042027827818496%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 29 Jul 2021 16:53:25 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a111fc70cb667f7bce9ae0b4666d20c102e5295ebc6fa12560dcd0a0f588a718
x-transaction: c5e9b805ea74d958
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK embed.vendors~ondemand.Card~ondemand.TimelineList~ondemand.TimelineProfile.63bb1cb588893e4a9783.js Show response
platform.twitter.com/embed/ Frame 0CDA 175 KB
39 KB 9ms
8ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Card~ondemand.TimelineList~ondemand.TimelineProfile.63bb1cb588893e4a9783.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67A7) /
Resource Hash: 36732efb15d64616906a5d0d97379ac49ba1030f01fae8223e4e08fbf795acf3

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:25 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/67A7)
Age: 684949
Etag: "6f264514218c261a1b2b95bbd70644f8+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 39425

GET
H/1.1 200
OK embed.ondemand.Card.b4fa6602f0243ce135ca.js Show response
platform.twitter.com/embed/ Frame 0CDA 2 KB
1 KB 8ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Card.b4fa6602f0243ce135ca.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.e851ed62c68a230e9f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/675D) /
Resource Hash: d36feed775d2654bea4c9e65974fe9c83359f2b40867367ac04439f4f6e33462

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:25 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Jul 2021 18:26:15 GMT
Server: ECS (frb/675D)
Age: 684949
Etag: "c8badb85d0039f6985f9e63dda1615d6+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 952

GET
H2 200 jot
syndication.twitter.com/i/ Frame 0CDA 43 B
165 B 120ms
119ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1627577605948%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-4%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22803dae2%3A1626818191152%22%2C%22item_ids%22%3A%5B%22880387463746920448%22%5D%2C%22item_details%22%3A%7B%22880387463746920448%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 29 Jul 2021 16:53:26 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a111fc70cb667f7bce9ae0b4666d20c102e5295ebc6fa12560dcd0a0f588a718
x-transaction: b8888585a4bd383a
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 jot
syndication.twitter.com/i/ Frame 9961 43 B
117 B 119ms
119ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1627577606248%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-2%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22803dae2%3A1626818191152%22%2C%22item_ids%22%3A%5B%22880148844998164482%22%5D%2C%22item_details%22%3A%7B%22880148844998164482%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 29 Jul 2021 16:53:26 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a111fc70cb667f7bce9ae0b4666d20c102e5295ebc6fa12560dcd0a0f588a718
x-transaction: c4dab2e09ebec253
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 jot
syndication.twitter.com/i/ Frame 333A 43 B
118 B 119ms
116ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1627577606373%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22803dae2%3A1626818191152%22%2C%22item_ids%22%3A%5B%22879777725493506050%22%5D%2C%22item_details%22%3A%7B%22879777725493506050%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 29 Jul 2021 16:53:26 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a111fc70cb667f7bce9ae0b4666d20c102e5295ebc6fa12560dcd0a0f588a718
x-transaction: e3db9524f6cc72ac
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1624570071/images/ Frame 5C72 2 KB
2 KB 9ms
8ms Image
image/png 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1624570071/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.106faac21c6c76e0298d1a260d46eaf3.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:26 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1920102
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
content-type: image/png
content-length: 1644
x-amz-cf-id: PbMVeM2iWmudwIaI31RBJmSVugFre_LpJLL2G4ilL6tNFDLra-hEMw==
expires: Fri, 06 Aug 2021 11:31:45 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ Frame 5C72 232 KB
68 KB 22ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=ba3f5ab40f2610839af8d10aa102d650

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

19e4172de927c8cddc6af16ae1c89a3e29fbca27c919839e19c642cdfbcb9e1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://disqus.com
Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: eyEaLf+FZowrmdbT768j2w==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 69058
x-fb-rlafr: 0
x-fb-debug: GuRAGSFpVH/C2QtFzkFko9/8wNg0UU3S3li+uqBTqEHt7kqsxWCgEF6iF81LxM5YDryN0jLtAx+A7KMSjztOIQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 863ae42c0e0aa25cd14b647cb6ca47b0
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 29 Jul 2021 16:53:26 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "e4dd310bfaa3e355c51a2cff76d709ad"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 29 Jul 2022 15:39:46 GMT

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.4sn9RO63fqo.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag/ Frame 5C72 103 KB
35 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.4sn9RO63fqo.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag/cb=gapi.loaded_0?le=ili,ipu

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a8dbc111ec4272a34fae97aa7a2dcd6f99cfb9b3067dcac29abc892912b6ab9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Jul 2021 15:25:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91690
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35063
x-xss-protection: 0
last-modified: Wed, 07 Jul 2021 13:43:54 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Jul 2022 15:25:16 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Thu, 29 Jul 2021 16:53:26 GMT

POST
H/1.1 200
OK ping Show response
links.services.disqus.com/api/ 299 B
736 B 70ms
39ms XHR
text/javascript 151.101.12.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/ping
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: f3ff1dc05c11d9272cfa2f4800fe657d503e93f3d7885cc98b3982539f3af9af

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 29 Jul 2021 16:53:26 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.malwaretech.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 299
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 jot
syndication.twitter.com/i/ Frame 6C8E 43 B
165 B 118ms
117ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1627577606982%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-1%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22803dae2%3A1626818191152%22%2C%22item_ids%22%3A%5B%22880011103161524224%22%5D%2C%22item_details%22%3A%7B%22880011103161524224%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 29 Jul 2021 16:53:27 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a111fc70cb667f7bce9ae0b4666d20c102e5295ebc6fa12560dcd0a0f588a718
x-transaction: 4ec69177a6603a27
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 1Kes3Et6_normal.jpg
pbs.twimg.com/profile_images/844996312277962753/ Frame 9BE5 2 KB
2 KB 18ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/844996312277962753/1Kes3Et6_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/673A) /

Resource Hash

757aa069c72efe58c58436e9d6bcf85f9c0b27ed207f605361ebaeb061e383cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
x-content-type-options: nosniff
age: 308399
x-cache: HIT
content-length: 2187
surrogate-key: profile_images profile_images/bucket/4 profile_images/844996312277962753
last-modified: Thu, 23 Mar 2017 19:34:34 GMT
server: ECS (frb/673A)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 4e94a2b77e9016a51b1d2ca1cc28205ddf0a8a9b4eddc8bdde7a8c3c197a4519
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 LhMdt6Uc_normal.jpg
pbs.twimg.com/profile_images/1371862352430305283/ Frame 333A 2 KB
2 KB 9ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1371862352430305283/LhMdt6Uc_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67D5) /

Resource Hash

09a5386910914f8da9b4ef960c6f0c7eb3847c24e15dc97a44d41b06cc4b9b9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
x-content-type-options: nosniff
age: 180270
x-cache: HIT
content-length: 1807
surrogate-key: profile_images profile_images/bucket/6 profile_images/1371862352430305283
last-modified: Tue, 16 Mar 2021 16:32:07 GMT
server: ECS (frb/67D5)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 3234123d89a7d7129472330da24f07c3670a4719193f51827d572fcf089b6069
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 LhMdt6Uc_normal.jpg
pbs.twimg.com/profile_images/1371862352430305283/ Frame 9961 2 KB
2 KB 7ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1371862352430305283/LhMdt6Uc_normal.jpg

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67D5) /

Resource Hash

09a5386910914f8da9b4ef960c6f0c7eb3847c24e15dc97a44d41b06cc4b9b9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
x-content-type-options: nosniff
age: 180270
x-cache: HIT
content-length: 1807
surrogate-key: profile_images profile_images/bucket/6 profile_images/1371862352430305283
last-modified: Tue, 16 Mar 2021 16:32:07 GMT
server: ECS (frb/67D5)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 3234123d89a7d7129472330da24f07c3670a4719193f51827d572fcf089b6069
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK sync.gif
links.services.disqus.com/api/ 43 B
375 B 40ms
38ms Image
image/gif 151.101.12.64
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://links.services.disqus.com/api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 29 Jul 2021 16:53:27 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: image/gif;charset=UTF-8
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 DDaJdF9XkAA0418
pbs.twimg.com/media/ Frame 9BE5 7 KB
7 KB 8ms
8ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/DDaJdF9XkAA0418?format=jpg&name=240x240

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6772) /

Resource Hash

25df9459301ff616250dde7eeb526628e2a058bbf931c4ba1b60b843db2feedb

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
x-content-type-options: nosniff
age: 145
x-cache: HIT
content-length: 6696
surrogate-key: media media/bucket/0 media/880041910106296320
last-modified: Wed, 28 Jun 2017 12:33:16 GMT
server: ECS (frb/6772)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: b8ec0ea919cb946c514d5a5199fea4e380a0609a477554b903061b6f929df94b
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame 5C72 13 KB
13 KB 15ms
13ms Image
image/svg+xml 2600:9000:2190:8200:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.e16bb81d3982e913e07bd7f31be71a6c.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:8200:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.e16bb81d3982e913e07bd7f31be71a6c.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Apr 2021 14:37:41 GMT
via: 1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 7956945
x-cache: Hit from cloudfront
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 27 Apr 2021 21:01:56 GMT
server: nginx
etag: "60887bc4-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Thu, 28 Apr 2022 14:37:41 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: vswfltNpitKHkZhrEygc5ryIjv6bddFdcnZqDkrc0oSTZkA3kbecZg==
x-cache-hits: 0

GET
H2 200 DDWZKDJXsAAcaoZ
pbs.twimg.com/media/ Frame 333A 15 KB
15 KB 10ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/DDWZKDJXsAAcaoZ?format=jpg&name=240x240

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67F2) /

Resource Hash

c79e65b0c4ce63c49af4321282c332822d28796b5fe3674295a85ab82b1915a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
x-content-type-options: nosniff
age: 146
x-cache: HIT
content-length: 14992
surrogate-key: media media/bucket/1 media/879777700143149056
last-modified: Tue, 27 Jun 2017 19:03:23 GMT
server: ECS (frb/67F2)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 5b75e687ebcd683d7fe8fb4258f36dd7e21ccd7a3f128c9d67813ea41fd4ec63
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 DDbqq60XYAA3hoM
pbs.twimg.com/media/ Frame 9961 16 KB
16 KB 7ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/DDbqq60XYAA3hoM?format=jpg&name=small

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67BC) /

Resource Hash

326e296a20236f48b2693b88b5f7e8dd9d3acaad07b11fcbc6b35f21ad4d50b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
x-content-type-options: nosniff
age: 562488
x-cache: HIT
content-length: 16548
surrogate-key: media media/bucket/9 media/880148800261808128
last-modified: Wed, 28 Jun 2017 19:38:01 GMT
server: ECS (frb/67BC)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 365d87f4907f7a4711c8e303e0509f80d27fb0f3a0531839a612ccec130799e6
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 LhMdt6Uc_normal.jpg
pbs.twimg.com/profile_images/1371862352430305283/ Frame 0CDA 2 KB
2 KB 12ms
10ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1371862352430305283/LhMdt6Uc_normal.jpg

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67D5) /

Resource Hash

09a5386910914f8da9b4ef960c6f0c7eb3847c24e15dc97a44d41b06cc4b9b9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
x-content-type-options: nosniff
age: 180270
x-cache: HIT
content-length: 1807
surrogate-key: profile_images profile_images/bucket/6 profile_images/1371862352430305283
last-modified: Tue, 16 Mar 2021 16:32:07 GMT
server: ECS (frb/67D5)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 3234123d89a7d7129472330da24f07c3670a4719193f51827d572fcf089b6069
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 DDaJdF9XkAA0418
pbs.twimg.com/media/ Frame 9BE5 44 KB
44 KB 7ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/DDaJdF9XkAA0418?format=jpg&name=small

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6772) /

Resource Hash

32a86d25e61ea22c728f77b8d527f86d8e746debe27c199f1ae360053ae293f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
x-content-type-options: nosniff
age: 146
x-cache: HIT
content-length: 45359
surrogate-key: media media/bucket/0 media/880041910106296320
last-modified: Wed, 28 Jun 2017 12:33:16 GMT
server: ECS (frb/6772)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: f87ec7d7f5d810df5709d1ed269360483b284bf42bf055ebc02d14f0e8416a31
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

POST
H/1.1 200
OK domains Show response
links.services.disqus.com/api/ 142 B
579 B 41ms
40ms XHR
text/javascript 151.101.12.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/domains
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 09f7e643857b7497b5ecbf2e537a2a0c170cfe51001385de7dc3dd7d3d879b22

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 29 Jul 2021 16:53:27 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.malwaretech.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 142
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK domains Show response
links.services.disqus.com/api/ 42 B
478 B 44ms
43ms XHR
text/javascript 151.101.12.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/domains
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: e5019212b28c1d7ab8d006d355af237eade7735694c223a0c582444d97c05800

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 29 Jul 2021 16:53:27 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.malwaretech.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 XRkgL6y-_normal.jpg
pbs.twimg.com/profile_images/773129442155761664/ Frame 6C8E 2 KB
2 KB 16ms
11ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/773129442155761664/XRkgL6y-_normal.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67F2) /

Resource Hash

d8b310979fbf798899138150e0b6af94c77e5552e0c9dc09a36d571d8ceb0f7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
x-content-type-options: nosniff
age: 473899
x-cache: HIT
content-length: 2111
surrogate-key: profile_images profile_images/bucket/2 profile_images/773129442155761664
last-modified: Tue, 06 Sep 2016 12:01:17 GMT
server: ECS (frb/67F2)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0e068bf83346e090d5669ccb05881d46cbd38e9b36a055290f2e8e41d45899c8
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 DDWZKDJXsAAcaoZ
pbs.twimg.com/media/ Frame 333A 123 KB
123 KB 12ms
11ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/media/DDWZKDJXsAAcaoZ?format=jpg&name=small

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67F2) /

Resource Hash

2912fbd3fed376afc4591ab436d51b7ababbd09a9f8b7ba4117d7e732f04624a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
x-content-type-options: nosniff
age: 146
x-cache: HIT
content-length: 126060
surrogate-key: media media/bucket/1 media/879777700143149056
last-modified: Tue, 27 Jun 2017 19:03:23 GMT
server: ECS (frb/67F2)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: d99b686bec1cd1d4c2ab25cdd87fc84e6a5c4bd5e93ccc2ed72000e0b0f9dc11
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 129E 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.malwaretech.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Thu, 29 Jul 2021 16:31:21 GMT
expires: Fri, 29 Jul 2022 16:31:21 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1326
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9939 783 B
789 B 19ms
19ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

641c600e06f65d288c013e8b5eb56d9837e95e615b119b22d2e64146705b8b4c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MfbO4QkD8FFYFPQGbIkOnQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.malwaretech.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.malwaretech.com/

Response headers

expires: Thu, 29 Jul 2021 16:53:27 GMT
date: Thu, 29 Jul 2021 16:53:27 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-MfbO4QkD8FFYFPQGbIkOnQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 iframe Show response
accounts.google.com/o/oauth2/ Frame E449 513 B
926 B 62ms
41ms Document
text/html 2a00:1450:4001:808::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframe

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.4sn9RO63fqo.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO5GqPeHrbNQGs79bP09BnjVkdwag/cb=gapi.loaded_0?le=ili,ipu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7acfd0525b36c7311e8ec0d40d390e5d6bce9c9ee13428a259cc9762665e5838

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-N8RqZ6wTE00/ELHO+Ur7GA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/iframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default

Response headers

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 29 Jul 2021 16:53:27 GMT
content-language: en-US
content-security-policy: script-src 'report-sample' 'nonce-N8RqZ6wTE00/ELHO+Ur7GA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 jot
syndication.twitter.com/i/ Frame 333A 43 B
118 B 120ms
117ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1627577607724%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22impression%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22803dae2%3A1626818191152%22%2C%22item_ids%22%3A%5B%22879777725493506050%22%5D%2C%22item_details%22%3A%7B%22879777725493506050%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 29 Jul 2021 16:53:27 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a111fc70cb667f7bce9ae0b4666d20c102e5295ebc6fa12560dcd0a0f588a718
x-transaction: f5c28900a4dc23d6
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 HZ1JcL5A
pbs.twimg.com/card_img/1418430186916306945/ Frame 0CDA 8 KB
8 KB 7ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1418430186916306945/HZ1JcL5A?format=jpg&name=240x240

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67E0) /

Resource Hash

416780ba651e4a1a3651cc96973c93ccffa1d29c6cddfaf4e666c454a8422c97

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
x-content-type-options: nosniff
age: 12763
x-cache: HIT
content-length: 8445
surrogate-key: card_img card_img/bucket/9 card_img/1418430186916306945
last-modified: Fri, 23 Jul 2021 04:36:04 GMT
server: ECS (frb/67E0)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 735cf4bfe374b5448336a22d5dc52fa820b61efd127c903875f5040690c8aebc
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 status
www.facebook.com/x/oauth/ Frame 5C72 0
0 128ms
112ms Fetch
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?ancestor_origins=https%3A%2F%2Fwww.malwaretech.com&client_id=52254943976&input_token&origin=1&redirect_uri=https%3A%2F%2Fdisqus.com%2Fembed%2Fcomments%2F%3Fbase%3Ddefault%26f%3Dmalwaretech2%26t_i%3D1535%2520https%253A%252F%252Fwww.malwaretech.com%252F%253Fp%253D1535%26t_u%3Dhttps%253A%252F%252Fwww.malwaretech.com%252F2017%252F06%252Fpetya-ransomware-attack-whats-known.html%26t_e%3DPetya%2520Ransomware%2520Attack%2520%25E2%2580%2593%2520What%25E2%2580%2599s%2520Known%26t_d%3DPetya%2520Ransomware%2520Attack%2520-%2520What%2527s%2520Known%2520-%2520MalwareTech%26t_t%3DPetya%2520Ransomware%2520Attack%2520%25E2%2580%2593%2520What%25E2%2580%2599s%2520Known%26s_o%3Ddefault%23version%3D7302391be467f75d298eac65b5cfa2cc&sdk=joey&wants_cookie_data=false

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.ee2555081038338ea4f41cbb3ea1bc17.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: 7EAxfn63jTc6n2Dald6XPyXACJpOeyde9XRj3kIeemObQqkfePa5YQYHsG62dpo2F6noi6C1YCDOyNl+s0VOVQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
fb-s: unknown
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 29 Jul 2021 16:53:27 GMT
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://disqus.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 jot
syndication.twitter.com/i/ Frame 333A 43 B
118 B 121ms
118ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1627577607787%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22FCP%22%2C%22component%22%3A%22performance%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22803dae2%3A1626818191152%22%2C%22item_ids%22%3A%5B%22879777725493506050%22%5D%2C%22item_details%22%3A%7B%22879777725493506050%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22duration_ms%22%3A7520.900001525879%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 29 Jul 2021 16:53:27 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a111fc70cb667f7bce9ae0b4666d20c102e5295ebc6fa12560dcd0a0f588a718
x-transaction: be82a069355e2c94
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 jot
syndication.twitter.com/i/ Frame 9961 43 B
118 B 120ms
118ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1627577607788%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22FCP%22%2C%22component%22%3A%22performance%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-2%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22803dae2%3A1626818191152%22%2C%22item_ids%22%3A%5B%22880148844998164482%22%5D%2C%22item_details%22%3A%7B%22880148844998164482%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22duration_ms%22%3A7519.200004577637%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 29 Jul 2021 16:53:27 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a111fc70cb667f7bce9ae0b4666d20c102e5295ebc6fa12560dcd0a0f588a718
x-transaction: 7868a4a6e4e553c0
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 jot
syndication.twitter.com/i/ Frame 9BE5 43 B
118 B 121ms
119ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1627577607788%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22FCP%22%2C%22component%22%3A%22performance%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-3%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22803dae2%3A1626818191152%22%2C%22item_ids%22%3A%5B%22880042027827818496%22%5D%2C%22item_details%22%3A%7B%22880042027827818496%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22duration_ms%22%3A7517.099998474121%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 29 Jul 2021 16:53:27 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a111fc70cb667f7bce9ae0b4666d20c102e5295ebc6fa12560dcd0a0f588a718
x-transaction: 1f3b45466c47d070
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 jot
syndication.twitter.com/i/ Frame 0CDA 43 B
118 B 119ms
117ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1627577607789%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22FCP%22%2C%22component%22%3A%22performance%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-4%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22803dae2%3A1626818191152%22%2C%22item_ids%22%3A%5B%22880387463746920448%22%5D%2C%22item_details%22%3A%7B%22880387463746920448%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22duration_ms%22%3A7516%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 29 Jul 2021 16:53:27 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a111fc70cb667f7bce9ae0b4666d20c102e5295ebc6fa12560dcd0a0f588a718
x-transaction: b8e6f3818a2da8b3
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 HZ1JcL5A
pbs.twimg.com/card_img/1418430186916306945/ Frame 0CDA 8 KB
8 KB 8ms
7ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/card_img/1418430186916306945/HZ1JcL5A?format=jpg&name=240x240

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?creatorScreenName=MalwareTechBlog&dnt=true&embedId=twitter-widget-4&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=880387463746920448&lang=en&origin=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&sessionId=68b49fcef48fbcc4a7f304102b505c593fb2d821&siteScreenName=MalwareTechBlog&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67E0) /

Resource Hash

416780ba651e4a1a3651cc96973c93ccffa1d29c6cddfaf4e666c454a8422c97

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
x-content-type-options: nosniff
age: 12763
x-cache: HIT
content-length: 8445
surrogate-key: card_img card_img/bucket/9 card_img/1418430186916306945
last-modified: Fri, 23 Jul 2021 04:36:04 GMT
server: ECS (frb/67E0)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 735cf4bfe374b5448336a22d5dc52fa820b61efd127c903875f5040690c8aebc
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 jot
syndication.twitter.com/i/ Frame 6C8E 43 B
117 B 118ms
117ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1627577607842%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22FCP%22%2C%22component%22%3A%22performance%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-1%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22MalwareTechBlog%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22803dae2%3A1626818191152%22%2C%22item_ids%22%3A%5B%22880011103161524224%22%5D%2C%22item_details%22%3A%7B%22880011103161524224%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22duration_ms%22%3A7664.5%7D&dnt=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 29 Jul 2021 16:53:27 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: a111fc70cb667f7bce9ae0b4666d20c102e5295ebc6fa12560dcd0a0f588a718
x-transaction: d8ae1c9c081ded72
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 1376071356-idpiframe.js Show response
ssl.gstatic.com/accounts/o/ Frame E449 116 KB
40 KB 41ms
14ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/1376071356-idpiframe.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9cd47b8df2fcfbefbac624b4a6856f65e13d83721be2805e864f5993a05428e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Jul 2021 18:06:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82002
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40353
x-xss-protection: 0
last-modified: Sat, 24 Jul 2021 04:25:27 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Jul 2022 18:06:45 GMT

GET
H2 200 z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js Show response
pagead2.googlesyndication.com/bg/ Frame 129E 35 KB
13 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/z7hxA_QHVtJoFMtElcP81jTEK2mU4ZuLJ84ICjnnObI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfb87103f40756d26814cb4495c3fcd634c42b6994e19b8b27ce080a39e739b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 18:46:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 166005
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13261
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Jul 2022 18:46:42 GMT

GET
H3-29 200 iframerpc Show response
accounts.google.com/o/oauth2/ Frame E449 14 B
58 B 83ms
44ms XHR
application/json 2a00:1450:4001:808::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fdisqus.com&client_id=508198334196-bgmagrg0a2rub674g0shidj8fnd50dji.apps.googleusercontent.com

Requested by

Host: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/1376071356-idpiframe.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With: XmlHttpRequest

Response headers

date: Thu, 29 Jul 2021 16:53:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
content-type: application/json; charset=utf-8
cache-control: public, max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Thu, 29 Jul 2021 17:53:28 GMT

GET
H/1.1 200
OK / Show response
glitter.services.disqus.com/urls/ Frame 5C72 35 B
495 B 128ms
102ms Script
application/javascript 151.101.12.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://glitter.services.disqus.com/urls/?callback=dsqGlitterResponseHandler&forum_shortname=malwaretech2&thread_id=5946851682&referer=

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.ee2555081038338ea4f41cbb3ea1bc17.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

1bc601eaef9acd59411984db5edb9bc77036561b27ac5657c13daa9d772af081

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: openresty
X-Frame-Options: DENY
Connection: keep-alive
Content-Type: application/javascript
Cache-Control: no-cache
transfer-encoding: chunked
X-Service: glitter
Content-Disposition: attachment; filename=f.txt
Strict-Transport-Security: max-age=300; includeSubdomains
Vary: Accept-Encoding, Cookie

GET
H2 200 noavatar92.png
a.disquscdn.com/1624570071/images/ Frame 5C72 2 KB
2 KB 7ms
6ms Image
image/png 151.101.14.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1624570071/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.106faac21c6c76e0298d1a260d46eaf3.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.14.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 16:53:28 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 1920104
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA2-C2
content-type: image/png
content-length: 1644
x-amz-cf-id: PbMVeM2iWmudwIaI31RBJmSVugFre_LpJLL2G4ilL6tNFDLra-hEMw==
expires: Fri, 06 Aug 2021 11:31:45 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame 5C72 43 B
295 B 122ms
99ms Image
image/gif 151.101.12.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.21&load_time=6749&event=init_embed&thread=5946851682&forum=malwaretech2&forum_id=4388049&imp=70cpf7k1b278m9&prev_imp&thread_slug=petya_ransomware_attack_8211_what8217s_known&user_type=anon&referrer=https%3A%2F%2Fwww.malwaretech.com%2F&theme=next&dnt=0&tracking_enabled=1&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwaretech2&t_i=1535%20https%3A%2F%2Fwww.malwaretech.com%2F%3Fp%3D1535&t_u=https%3A%2F%2Fwww.malwaretech.com%2F2017%2F06%2Fpetya-ransomware-attack-whats-known.html&t_e=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&t_d=Petya%20Ransomware%20Attack%20-%20What%27s%20Known%20-%20MalwareTech&t_t=Petya%20Ransomware%20Attack%20%E2%80%93%20What%E2%80%99s%20Known&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Jul 2021 16:53:28 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
25 B 42ms
41ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210727&jk=2812006615512021&bg=!ZGelZyPNAAals0SOpbM7ACkAdvg8WsFaY7TWe7Hb2y1I0BL2LO2280Rq6Bkz2C3fUvKb0Idi-_IKMAIAAAJzUgAAAA5oAQeZAokTO04G3CXQ-pP1ToAUlLtQ61GbktveUKccghkIIuIGmVxndMP8r00g4pSQcnzNdO5yN7teTDoY6OsF1SrzSsyiSHe7UOGFULQ5SmS0pOhGYPRtM8qRuWJ6-1_suguCHndIB6ksoyHxZ4Cm9b3BNIxYeJMli7sI3qKe4G4aqNRpWqyfxKglXPgh_4JOb6KfmUJvwt0SCMUuQ_F6u1QVq9u8JL9wZgPJtYKmot6FdW7w8seVjEjxMrZDCDlFdoigPbOvx67BwN15HiY9XJ2CcgFK3bNFbv9KjRnuIAbd6ThmKBRDhRQF-WJg0IsxZpcFk_yrKuAqvTvHA_pqjp1pf1Fih-Ffet4ZC-RWrphuDFj-4f2cnmbAaJHQ8L1RVrJw3QydipUv0U5pjjd4T8qIrH8raU8eI0MR5qxgcQdpgqiD6W-Quiz9OUkKpQmjMa-SwJ0WwLmJKO888UJVQBGrrO0Uv3i7As2i5B5zCTRNUc2pPPT6TDxsB83bwZqV_56EF5PAMZcbJ-302-lwmsqeadR-TujEc7CwHf8hI0G6kMKSoFL6JrUWiRdzF9OYOB1mx5VsZVY3tROm90ZR1T6VYmtJfq7C9jb_YMSeOkWj4ZSo8byX_6jwjhXfJwCaftFl5ygBpE2gUrvhv9yVV507TU8PXeNV7mWTmQ0sofOlFpxNrd4IjuMxVZ3KjM03_pRoonCDsJUwJjwUTXHiw0FOtY1kaPLGDuRrT2QF9nzqwpvSZHGyYZhX3aGZVvX8h_G9mP9xX776_LatnbzTTWgxt2PjyVUDUBOjtHfcUwH4rKnWcVXBYw5bD35qee-byQia45x2CJjXPswSkiTzonYQGNRozR5ZKD_8OAzG

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.malwaretech.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Jul 2021 16:53:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

139 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.doubleclick.net/	1970-01-19 20:06:18	Name: test_cookie Value: CheckForPermission

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.malwaretech.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.disquscdn.com
accounts.google.com
adservice.google.com
adservice.google.de
apis.google.com
c.disquscdn.com
cdn.syndication.twimg.com
cdn.viglink.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
d.agkn.com
disqus.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
glitter.services.disqus.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
id.rlcdn.com
image6.pubmatic.com
lab.subinsb.com
links.services.disqus.com
malwaretech.com
malwaretech2.disqus.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pbs.twimg.com
pixel.everesttech.net
pixel.rubiconproject.com
platform.twitter.com
referrer.disqus.com
rtb.openx.net
ssl.gstatic.com
ssum-sec.casalemedia.com
stats.g.doubleclick.net
syndication.twitter.com
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.malwaretech.com
104.244.42.136
142.250.184.226
142.250.185.162
151.101.12.134
151.101.12.64
151.101.14.49
151.101.192.134
185.64.190.78
2.18.234.21
217.182.200.19
23.45.99.241
2600:9000:2190:8200:6:8656:f5c0:93a1
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700:10::6814:5037
2606:4700:3036::ac43:8259
2606:4700::6810:a30d
2620:116:800d:21:51e4:db4b:4436:b305
2a00:1450:4001:800::2003
2a00:1450:4001:800::200e
2a00:1450:4001:801::2002
2a00:1450:4001:802::2002
2a00:1450:4001:802::2003
2a00:1450:4001:808::200d
2a00:1450:4001:80f::200e
2a00:1450:4001:828::2002
2a00:1450:4001:828::2004
2a00:1450:4001:828::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a00:1450:400c:c0d::9c
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
34.246.227.69
34.98.67.61
35.157.140.213
35.186.253.211
35.244.174.68
69.173.144.139
016ab0bd0de4839680e4a717a57db9b182a8c2c5fdeec4c24db7a8df761fca4d
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0389191e5573be2ec04a849b6e8d052dc5c5e0cad93de1d81a6823af9f9e64dd
04c365d6279560ce2ab2deb46552d79e5807c4aee9fca98543def716fa890123
05a6817c5341d7fb32880cf79cc5b3ed89340d3bdf5d240c1c1a14349a16e759
06d5a77f098b6b2451dfa88134800ca4c98d3262f92ed3c6e1dac1fb89ff5a8f
075b50bae8769be08137c9db435659f20ec808c4d2ae805b97d420f35456752e
082d133f7e02e15049decb21330faf910885ab023204c60f0613bbbfea3edc1a
09a5386910914f8da9b4ef960c6f0c7eb3847c24e15dc97a44d41b06cc4b9b9a
09f7e643857b7497b5ecbf2e537a2a0c170cfe51001385de7dc3dd7d3d879b22
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
0f8f8557ca5f78cdd71a94adfd019dfcf3892f3cfe4934010385c9edd5656cb3
118ef07563848a2b497c416852714497e942cb8dd15eff3fd5495d2462eaf2d3
1213db95f0237c979926368c0be6ec5f279f8fe3ea268ba5d1347eb6d5d3e1e7
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1938de748ea61cae8deff150772b8df810269d025395a1a276157978f2ad72ea
193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b
19e4172de927c8cddc6af16ae1c89a3e29fbca27c919839e19c642cdfbcb9e1a
1a9b2621dcaa88ed6a5d03a96cf38e466a9c2928e5fae60b5b977a33f8b63460
1bc601eaef9acd59411984db5edb9bc77036561b27ac5657c13daa9d772af081
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1cfb51f3a30a24d0db22abf4f09eb7ca19b7773c2b97baea77233fb367046bf1
1d9a99f2605112c60740456c379042f17041e4f678f083c659874f1748fcb124
1fef7a46a32609d5704fa770e930a73ecefd399e367bf8a2d0b6e18292126bef
20b37ded4e153d334d44fb14ae8a9179e7b28cf7aa75951631dd4d38fdbecc6f
2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149
21a9753c3327bf6348a1e76b45a2a620694f77283564c6728068467cf1b3868b
246b9053ae628859affc9164c3e95ba3e31548f2d632e2a2256dc31e579dacce
2563f05f9585ce46cf6dc648049b0ef3e0a5f9c038c45c732b2bdbc7de8bf71f
25df9459301ff616250dde7eeb526628e2a058bbf931c4ba1b60b843db2feedb
263627ec362c25037d69022de008fad33cf85ec7267604a5ae5c8e6fe4ad9e38
26f87df80e0735b6d6b169750f0ee403336c537cbc7a51888cb9d449434cb4b8
27a6c34b6c17501e2544c982fc23cbdb5b471a2a049bb98e9e7fb6d79d0db82a
2815473cb317930b4e63191154c2bbbf5d3b3165b461207ac7548af646b8a19e
284401fd9cc6074e6211119acdfbb4abb56b1d4c0be4323ccce1d6f6da7642ea
28f08e71d4ada2db8c7b06458fb50f024ce7bb840753209e03202395060412c7
2912fbd3fed376afc4591ab436d51b7ababbd09a9f8b7ba4117d7e732f04624a
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2ba549310c037c829d40af1068deccd1b106c7a2f4838d1a40e8ab5c6ce64686
2be16fa9eb52c6af3c3edf1bc20955e396a4d0de7a8883d9c115820740d592cc
2c4ed99e21067a8a29c91148af041a3b2a6c131b836ea55dac72258fdf56df5d
2c5c7fb02085c140f5cc26b107cb68a54ebc425b04decfbbf3555719642ea514
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
2df50c8c00e4f9f84fc1506798291ba26c73f181154596d3f2d6209978d6bc51
3016d849a84c1a09a3ad8eda96b8fc296f89a3c5208241bbd10f42f5669da499
326e296a20236f48b2693b88b5f7e8dd9d3acaad07b11fcbc6b35f21ad4d50b6
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
32a86d25e61ea22c728f77b8d527f86d8e746debe27c199f1ae360053ae293f9
32fb7898060ccbd3a367ac28e5208ccc4b3c545561001abec7d1ae13869982f7
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
36732efb15d64616906a5d0d97379ac49ba1030f01fae8223e4e08fbf795acf3
3685d730d5d09bf4ccf8f33281ed51d4935f4a8ab3d43a61f6aac8aeacbb32b0
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
38a600f961606d197be4f9b689cb066fcc28dd979b51761bfb1be5f6d42d3b7e
3a3409c07f69b58691261f7706f3c7f7aab5875fcb27f6314d306631722c90aa
3a90b77c97ce937272123cb002004c1fb08c3c16498982ed1205334fa47cc53a
3fe48477b81a97da78279177960fcafa766f7e518514167908f373e2966791b8
404c99a291c53119a6bc17d791918a0c258daa0b2ff5740d8387da180085cc35
412752ed1c97f0aef8acf02f8ced68186ecdf81b8182f11c981b1e3436748c52
416780ba651e4a1a3651cc96973c93ccffa1d29c6cddfaf4e666c454a8422c97
4274adbd0c17d2e823d30dd39dc1de6028fdb879fad9cc4c1b0e36f3fffb61bc
443211c7845e0012dea1dfe8cda1ce659e7fef3c7b5af2b470704ed8186945c0
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
4874d00f8999743ad740176788e25f25fb60ce668ce7e410975092ee271ea904
48b2377c74c9ea0b87b9c14a63f3a93960ca119a0d31d34628442184dc64e325
4b4810564b571191a09dd7dcaf40d08b02f51cdbbd6f97227a08f417cb7e09e4
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
523756a966da1c8dde3cc1e0d5f4018161819dd0e94cc0f45c2845e366112dce
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
569840271d599d399323b7bf47d1644e91fdc5b82e29b5d8835906522aaba267
57a9f18341bdc109eb19087061ed0c36563cd726fdd2cfe82becabe62c3e8bb9
58348d199591125aa31d2c5e195013e0a19d6ee15bb4f2edb9718cd25d233690
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c631de8cea5883c158a59abde14cea384df3d66bd1f1dea8522485f7f299566
5d1310353e02e0a006b79b7d607131cb6d9411543a8957b772f565816fdf3ce4
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
5d857762454f761ad50d5c4584d2013b78bc62e1c23315aa995ee4f0f17f47ab
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
62ff73f76c13787fb9848a701a7af6766ef044fccfbdd317a5eec5fea11d8b7c
641c600e06f65d288c013e8b5eb56d9837e95e615b119b22d2e64146705b8b4c
65a55c6e68fef4f6e85c5a23cbe48fb0add1e4b74749426fc7ac589febf022e3
67160ef47f7f9ef7e7239c8ed916e10ea1b4c5828efe95effb59379c134c22c7
6772c7abf5a3cc7794b7eedc385be0f2a64ff5bf358ab0ca85c846e7d8998f40
67a9ceea9926491c110367bbe37ca5841e480208b064926ec1fc86b7e3b88e1c
6926814f550e717f0ca7d0b4d26a4600d87a983980c3ee92e483d09a87d0d809
6aeda827f439d97c90a633d8fa27a1f01d882d133573c2f694c7ae9dabb5f9f7
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
710636751a9f8b74353c03e68f515926978f48c6cbda1242842608071a750b8c
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
727d06f38b813004baa0b6a9c96c24e2bce04b7be4c05f9486499f4250f9a772
757aa069c72efe58c58436e9d6bcf85f9c0b27ed207f605361ebaeb061e383cb
7964d033f829ae2809f61810c4efa9adf6aff915ded111a9c346bca2b1302b62
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a8dbc111ec4272a34fae97aa7a2dcd6f99cfb9b3067dcac29abc892912b6ab9
7acfd0525b36c7311e8ec0d40d390e5d6bce9c9ee13428a259cc9762665e5838
7b612ff529725ae692fe908ca7abab4d85d2cf65d40a0490185df84bc1bf5654
7e040722e5d2b44277dd353a6a20ff3e2a651722ce207f1bb914f8b36948d5b2
7ee596b76772ac1263c57b05c3d05329db5e875cbcec8e917047b5d221fbb1c3
7f24e93971c1ae26af16393896e13972fd020446b9bf0cbd945bb64b1b7b1e8a
81fb74b605de7c59fe465ea0b15dbf963e5d7fa719834ae6e96240848d7dd9f8
82e842083b548eaae5a1bf28d704da26d2156b4b21985c68e5b88b7d916d6187
83343529aac74abdbf4ebdefd6eb15cf706f46eedb3f3347f57dbb647c296f5c
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
8e1c80199dd3ec8268c06e30aa2a955d86b480c46fe7ff3af5ebd1d915715764
91d2b5903a9e4cfebf98c934bc6e2479aac8cad61661beba82766fa95457ed06
92075c52408692d80ea1b377bc02ddd07ddcef79301a747de9fe6f3bff77fc3a
922f390e4a57640ef5eef814166ea4b04eef303a2d2cf71f8c98d5f5be494e76
965574e97c29813feaa62a0a149731306ee4725e027603b937905375d3121c89
965e4348118ecf7960a924654b0a7572056dc55fb4f03f8c143f8d6b7d38f0d1
988bcde72299686944d0d999925fb176b03d274eb3f1b2dc9f714654a93bfabf
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b3f9e0eec5b585b86c19bc175b155922daf524f542bba4703c5d1675e0f01b7
9b6a55c5d865e518cbf4451782c130c5e487f72d7194c68832f61c4914e8f818
9b7df01e229e0b4dac62fd4772f81c105e717d74fcf487c344a5d5fcdf85df38
9cd47b8df2fcfbefbac624b4a6856f65e13d83721be2805e864f5993a05428e0
9d8a9aaecb7cd39329dcfad9a882ce0d174802ded027e150440484e097c73cb8
9df80f598b6a3fff666671845f097573b482f597eed2cabaf160252c1b215561
9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a7abe79b6d8d622f570fd7b9eb6ef35ff746280fd196e663eedc0963da4301a4
aa9ee4c2caf4f0c4054f1da752a01fec1ff1a656983327b69a75c3c0b63ef270
aae44ee57ea61f562da9cf211a2a0896009903aada268ce626ec33016995f2fd
ab4529baacdbbc2917b158b1ec42ef35bf04d2ef0b5a1236a74561d4364e62c4
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
adedb4d78780884e3d7848c921f4c9bf2511c4bae25bb4cbc466c7d4d96a4884
ae088365040d1cd3d2656c8504d90719f44added660f44517b57b81c86560f1d
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afe589efee16e4e0fac361657e77f458e40646e192447a97305a16b0d0cca468
b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6
b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43
b3f135fc58a1ee797411711849ad166a5b794f55afe2286741614305023d9fc9
b62a40906eeaa1e1d6c1d220801a6ff2ee420d94193d768d65f43a7aa5c840f1
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc9d18e904dcdc26e0837b49531f596500835f0737757c8d57a3609e1d09a2b5
bcce16468496437c5089ea25ac4a21df4b96043deb2220bda588d72283991fff
bd3479f3c97c6aa3b27aaaae6eb5407fbdc64a942d876db9fbbb08ce06ad63d5
be891f62d9521e895d0be74d79be884faf6565b7850e432d7c8b7ab975e3e3c8
bec20adaf53a0573ead4dd69e2360e7a78341073cceb950949a64d60ef0a67e1
bf73d940fc8f9d2831ca4c0bb2c0a22759c1a76f9400b68377de64e5a09abd8c
c0174ef3391978a1466135a23dad7d8402ea30b1c447a725820d788765970d16
c28cf9531a92b13f64e6bde8578d730da9920d06883a826a944ba161e3cda818
c79e65b0c4ce63c49af4321282c332822d28796b5fe3674295a85ab82b1915a8
c84737ed98fba5d40474804773fa4a889faad2a9f5a7f049c1d850494e9b5f39
c84764b22a1a8c51d041d115173298e5dce71e529acdaf181a094e15be914eac
ccff49c86ee1937dd371734a05307e1abc057b3c255587ed918e47b1cf728d93
cdba739c28b41f39ce438f2bf204fe739dc81a26cf559a9394ceed56a0666bee
ce2c83aa57d73b90ff0266ebe6d8631a0a090a0406e1108a36056a28b7128a61
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfb87103f40756d26814cb4495c3fcd634c42b6994e19b8b27ce080a39e739b2
d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a
d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3
d36feed775d2654bea4c9e65974fe9c83359f2b40867367ac04439f4f6e33462
d535f58372c73d05b5cde9816ab0003136a79dc5fc5f0c38204bd3fcd64ecc0e
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d8b310979fbf798899138150e0b6af94c77e5552e0c9dc09a36d571d8ceb0f7d
d8f0baf1841205aef52bf8ea0979c956101be27b9b02f32084c3c507347d3afb
d9ff36d920672b4076a5d58283d7a4332d094bbfcb2a8c146bc9311150e5c43c
de6bfdf9ff0a2da5cf6e7f959ff0298d69a2eba4d4fafc5a457dd9513e2147b6
e04d0bf05e50eef8fcdb6f32f13f5d12ed18f4163f09e9e6894d4f85070fc6c6
e0d912d2012407ce026e3c0cf9720f9430fb6af27658a7cc5575cd7583fb476a
e12f00039ca757048adc18cd51608890ae586e3ce45a502f8637a2e0c944bf2a
e27b22c6660c123d106669f3c72e66629ea0b7f05fcedb10ba081ed9483dbb3c
e325ec42752d28139419ddc0b35ef8286b052890a6547191ad103d436d106c39
e34a6af51bb4d4f14eb8a61a56affc7708eae7aea45cca6a70e36dd118793b70
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d961493e244e06bf91a9857442891e2e2ad8d49cf8e0a7781c53f0707443d7
e5019212b28c1d7ab8d006d355af237eade7735694c223a0c582444d97c05800
e53444541f1206a0c62d424657f960f31f44c743962d90877ff0c3d6a2a17276
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e79327663253a8d4ddbe92115ecf402509cd07ba335cf616282f5525dd51c850
e7f5a831ead8920451598097754bb1d4fbf16fff1fd90794b950724867345794
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
f3bef2f0fdeb167c854f55da47c469109525ba4fb4e87a4dd93bf1b01d7d018e
f3ff1dc05c11d9272cfa2f4800fe657d503e93f3d7885cc98b3982539f3af9af
f62a8ff7c0b7077bb1c9c33b29d6276bbde33e88b1833aecedc248526509a083
f7a843066ece31f30d69ddf42e687855fe094150c782e7f06a96857d3efc506e
f90e3d6fcfbe64196e1e00f492ef5315be2fbc4806569dd90d5bb36fc19828c6
f9a7121f6a8049de1dc7b5a7f8ebc55442bf5f9eaefb22275766ee5574efd8cd
fe615fbd950642329b3fad3c7188e0da5447a0a8228073f0f693d363d4687a3d

www.malwaretech.com Open in urlscan Pro 2606:4700:10::6814:5037 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

341 Requests

100 %HTTPS

59 %IPv6

29 Domains

45 Subdomains

33 IPs

6 Countries

5067 kBTransfer

11448 kBSize

1 Cookies

29 Outgoing links

Redirected requests

341 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.malwaretech.com Open in urlscan Pro
2606:4700:10::6814:5037 Public Scan

Screenshot
Live screenshot

Full Image

341
Requests

100 %
HTTPS

59 %
IPv6

29
Domains

45
Subdomains

33
IPs

6
Countries

5067 kB
Transfer

11448 kB
Size

1
Cookies

341 HTTP transactions
8 data transactions