www.redpacketsecurity.com Open in urlscan Pro
2606:4700:20::ac43:4810 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
Submission Tags: falconsandbox
Submission: On June 29 via api (June 29th 2022, 1:24:05 pm UTC) from US — Scanned from DE

Summary HTTP 237 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 24 IPs in 7 countries across 24 domains to perform 237 HTTP transactions. The main IP is 2606:4700:20::ac43:4810, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.redpacketsecurity.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 17th 2022. Valid for: a year.

This is the only time www.redpacketsecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
66	2606:4700:20:... 2606:4700:20::ac43:4810	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700:440... 2606:4700:440e::6812:2fe6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
4	149.154.164.13 149.154.164.13	62041 (TELEGRAM) (TELEGRAM)
15	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1 1	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
2 26	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
7 12	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c08::9d	15169 (GOOGLE) (GOOGLE)
10	104.222.176.10 104.222.176.10	6762 (SEABONE-N...) (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A.)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	37.157.4.40 37.157.4.40	198622 (ADFORM) (ADFORM)
2 5	2620:116:800d... 2620:116:800d:21:b314:a0ef:ab7c:d546	16509 (AMAZON-02) (AMAZON-02)
1 1	3.122.145.17 3.122.145.17	16509 (AMAZON-02) (AMAZON-02)
23	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
5 5	104.89.42.102 104.89.42.102	16625 (AKAMAI-AS) (AKAMAI-AS)
5	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
5	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5 5	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
6 6	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	34.251.55.128 34.251.55.128	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
237	24

66 2606:4700:20::ac43:4810 (United States)

ASN13335 (CLOUDFLARENET, US)

www.redpacketsecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:440e::6812:2fe6 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 149.154.164.13 (London, United Kingdom)

ASN62041 (TELEGRAM, VG)

comments.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.98 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 7 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.222.176.10 (United Kingdom)

ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT)

tg.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
oauth.tg.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.4.40 (Denmark)

ASN198622 (ADFORM, DK)

track.seadform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:116:800d:21:b314:a0ef:ab7c:d546 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.122.145.17 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-145-17.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.89.42.102 (Frankfurt am Main, Germany) 5 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-42-102.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.173.144.138 (Frankfurt am Main, Germany) 5 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.19.126 (None, ) 6 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.251.55.128 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-55-128.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
66	redpacketsecurity.com www.redpacketsecurity.com	1 MB
49	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 54 stats.g.doubleclick.net — Cisco Umbrella Rank: 119 cm.g.doubleclick.net — Cisco Umbrella Rank: 205	161 KB
41	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 120 tpc.googlesyndication.com — Cisco Umbrella Rank: 160	350 KB
22	gstatic.com fonts.gstatic.com www.gstatic.com	316 KB
15	google.com 7 redirects www.google.com — Cisco Umbrella Rank: 8 analytics.google.com — Cisco Umbrella Rank: 541 adservice.google.com — Cisco Umbrella Rank: 92	2 KB
10	tg.dev tg.dev — Cisco Umbrella Rank: 78739 oauth.tg.dev — Cisco Umbrella Rank: 78882	169 KB
9	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 71	80 KB
6	casalemedia.com 6 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 576	6 KB
5	rubiconproject.com 5 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 336	2 KB
5	pubmatic.com image6.pubmatic.com — Cisco Umbrella Rank: 629	330 B
5	openx.net rtb.openx.net — Cisco Umbrella Rank: 1589	676 B
5	addthis.com 5 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1872	4 KB
5	quantserve.com 2 redirects cms.quantserve.com — Cisco Umbrella Rank: 1107	2 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 179	212 KB
4	google.de www.google.de — Cisco Umbrella Rank: 5448 adservice.google.de — Cisco Umbrella Rank: 7751	914 B
4	comments.app comments.app — Cisco Umbrella Rank: 685769	48 KB
3	everesttech.net 3 redirects pixel.everesttech.net — Cisco Umbrella Rank: 3023	1 KB
2	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 126 partner.googleadservices.com — Cisco Umbrella Rank: 867	1 KB
2	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1325	11 KB
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 635	98 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 907	356 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 557	757 B
1	seadform.net track.seadform.net — Cisco Umbrella Rank: 107728
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
237	24

	Domain	Requested by
66	www.redpacketsecurity.com	www.redpacketsecurity.com static.cloudflareinsights.com
26	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
25	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
23	cm.g.doubleclick.net	googleads.g.doubleclick.net
15	pagead2.googlesyndication.com	www.redpacketsecurity.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
13	www.gstatic.com	googleads.g.doubleclick.net
12	www.google.com	7 redirects tpc.googlesyndication.com googleads.g.doubleclick.net
9	tg.dev	comments.app
9	fonts.gstatic.com	fonts.googleapis.com
9	fonts.googleapis.com	www.redpacketsecurity.com comments.app tg.dev googleads.g.doubleclick.net
6	ssum-sec.casalemedia.com	6 redirects
5	pixel.rubiconproject.com	5 redirects
5	image6.pubmatic.com	googleads.g.doubleclick.net
5	rtb.openx.net	googleads.g.doubleclick.net
5	e.dlx.addthis.com	5 redirects
5	cms.quantserve.com	2 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	googleads.g.doubleclick.net
4	comments.app	www.redpacketsecurity.com comments.app
3	pixel.everesttech.net	3 redirects
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	www.google.de
2	static.cloudflareinsights.com	www.redpacketsecurity.com
1	id.rlcdn.com	googleads.g.doubleclick.net
1	odr.mookie1.com	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	track.seadform.net	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	oauth.tg.dev	comments.app
1	stats.g.doubleclick.net	www.redpacketsecurity.com
1	analytics.google.com	www.redpacketsecurity.com
1	www.googleadservices.com	1 redirects
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
237	33

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.torproject.org
www.patreon.com
t.me
discord.gg
www.reddit.com
www.facebook.com
www.linkedin.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-17` - `2023-06-17`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.comments.app Go Daddy Secure Certificate Authority - G2	`2022-03-30` - `2023-05-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.tg.dev Go Daddy Secure Certificate Authority - G2	`2022-04-08` - `2023-05-10`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.seadform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-11-04`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh

This page contains 25 frames:

Primary Page: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
Frame ID: 37DA7CC45EDC643D46C8CF6C49CC5F4A
Requests: 89 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220623/r20190131/zrt_lookup.html
Frame ID: 4BEE4C444221D3E9774ECB85E408DFD7
Requests: 1 HTTP requests in this frame

Frame: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Black%20Basta%20Ransomware%20Victim%3A%20New%20Peoples%20Bank%20-%20RedPacket%20Security&limit=5&color=E22F38
Frame ID: C5F51F8EBFF1E8DFA24ADAF12F91A865
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&adk=1812271804&adf=3025194257&lmt=1656500643&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039165&bpp=3&bdt=902&idt=385&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8545601013669&frm=20&pv=2&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=405
Frame ID: B6BF914E21617856865413DC9D432F8A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=401700074&adf=3899895289&pi=t.aa~a.1129142743~i.8~rp.1&w=1038&fwrn=4&fwrnh=100&lmt=1656500643&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=1038x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rh=200&rw=1037&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=3&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0&nras=2&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=90&ady=1541&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=V9qQDhEz1r&p=https%3A//www.redpacketsecurity.com&dtd=19
Frame ID: 0938F03A4EE0DB7EF09D4C3B1B48023C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46
Frame ID: 6E767EA2D55704F4EF50BC8C5A116342
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=gTSH63IVYS&p=https%3A//www.redpacketsecurity.com&dtd=57
Frame ID: 3129C696A27581A3B6CA3DD703CB54F8
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61
Frame ID: 5CDAB9B4D6C22BE7495986050F9D3E1D
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64
Frame ID: 3FF1B8990A92A1377F57B14FB95A7A6C
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=90&adk=2234643338&adf=1237150122&pi=t.aa~a.3524117837~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=1200x90&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=1&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280%2C353x280&nras=7&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4548&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=lDKDtZwD4x&p=https%3A//www.redpacketsecurity.com&dtd=67
Frame ID: D9C8D8823DA63D9F7F4834ECF5FA1FBB
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 374115496D825D70F56DF16CB4936605
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 43EC0CF187AC4959B4B056A997823284
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 5C4A9FD4F71BBD18702E9582C94859C1
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D29FD39FC7D5C7B71A4A034BF1FCF28D
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 86630576E62BDDE2D5A1516EE7BF7AEE
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C37E41185E8E3808159B309AC494392F
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D6686D0E5BE9999175B4590827A040CB
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 047F6B2AF03FFBD8BB070125FC8F8A28
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: AFECB13A071443EB06C7CA62BC3B5250
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A8014F7E22C85004A3E25F43C59259BB
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ViAmyRY-LKGlXGI_ktt9sOy-HRzFpgmS9L9D6qSMV6s.js
Frame ID: 394D0DFDFDBC79A581535FFFDA8E686B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: A2263B92B9AB842F471ACDDB4E2C2552
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 221C24BFEC7122CFFD034ADAE2790103
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ViAmyRY-LKGlXGI_ktt9sOy-HRzFpgmS9L9D6qSMV6s.js
Frame ID: BC45974917D3BC03360F70BAC2A12B56
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ViAmyRY-LKGlXGI_ktt9sOy-HRzFpgmS9L9D6qSMV6s.js
Frame ID: E4158CDB19ABD90173D7CC79276BC309
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Black Basta Ransomware Victim: New Peoples Bank - RedPacket Security

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

237
Requests

91 %
HTTPS

52 %
IPv6

24
Domains

33
Subdomains

24
IPs

7
Countries

2418 kB
Transfer

6248 kB
Size

28
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/RedPacketSec

Search URL Search Domain Scan URL

URL: https://www.torproject.org/download/
Title: Tor Browser

Search URL Search Domain Scan URL

URL: https://www.patreon.com/bePatron?u=37301876
Title: <img src="https://www.redpacketsecurity.com/wp-content/uploads/2021/01/Digital-Patreon-Wordmark_FieryCoralv2-1024x209.png" alt="Digital Patreon Wordmark FieryCoralv2" class="wp-image-10717" width="512" height="105" title="Black Basta Ransomware Victim: New Peoples Bank 2">

Search URL Search Domain Scan URL

URL: https://t.me/RedPacketSecurity
Title: <img src="https://www.redpacketsecurity.com/wp-content/uploads/2022/06/join.png" alt="join" class="wp-image-40311" width="485" height="155" srcset="https://www.redpacketsecurity.com/wp-content/uploads/2022/06/join.png 1146w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/join-300x96.png 300w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/join-768x245.png 768w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/join-1024x327.png 1024w" sizes="(max-width: 485px) 100vw, 485px" title="Black Basta Ransomware Victim: New Peoples Bank 3">

Search URL Search Domain Scan URL

URL: https://discord.gg/ED6T7awC
Title: <img width="402" height="125" src="https://www.redpacketsecurity.com/wp-content/uploads/2022/06/discord.png" alt="discord" class="wp-image-40367" srcset="https://www.redpacketsecurity.com/wp-content/uploads/2022/06/discord.png 402w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/discord-300x93.png 300w" sizes="(max-width: 402px) 100vw, 402px" title="Black Basta Ransomware Victim: New Peoples Bank 4">

Search URL Search Domain Scan URL

URL: https://www.reddit.com/r/RedPacketSecurity/
Title: <img src="https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-2000x690.png" alt="reddit" class="wp-image-40369" width="388" height="133" srcset="https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-2000x690.png 2000w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-300x103.png 300w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-768x265.png 768w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-1536x530.png 1536w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-2048x706.png 2048w, https://www.redpacketsecurity.com/wp-content/uploads/2022/06/reddit-1024x353.png 1024w" sizes="(max-width: 388px) 100vw, 388px" title="Black Basta Ransomware Victim: New Peoples Bank 5">

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/&text=Black%20Basta%20Ransomware%20Victim%3A%20New%20Peoples%20Bank

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/&title=Black%20Basta%20Ransomware%20Victim%3A%20New%20Peoples%20Bank

Search URL Search Domain Scan URL

URL: https://www.patreon.com/RedPacketSecurity?fan_landing=true
Title: <img width="300" height="300" src="https://www.redpacketsecurity.com/wp-content/uploads/2021/05/PATREON-SQUARE-300x300.jpg" class="image wp-image-15749 attachment-medium size-medium" alt="" style="max-width: 100%; height: auto;" srcset="https://www.redpacketsecurity.com/wp-content/uploads/2021/05/PATREON-SQUARE-300x300.jpg 300w, https://www.redpacketsecurity.com/wp-content/uploads/2021/05/PATREON-SQUARE-150x150.jpg 150w, https://www.redpacketsecurity.com/wp-content/uploads/2021/05/PATREON-SQUARE.jpg 500w" sizes="(max-width: 300px) 100vw, 300px" />

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 63

https://www.googleadservices.com/pagead/conversion/4209956877/?guid=ON&random=1656509525378&fst=1656509038886&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&tiba=Black+Basta+Ransomware+Victim%3A+New+Peoples+Bank+-+RedPacket+Security&u_tz=0&u_his=10&ig=1 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/4209956877/?guid=ON&random=649849245&fst=1656509038886&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&tiba=Black+Basta+Ransomware+Victim%3A+New+Peoples+Bank+-+RedPacket+Security&u_tz=0&u_his=10&ig=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=b1K8YoLrDJW-lgSR2JWoAg&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/4209956877/?guid=ON&random=649849245&fst=1656509038886&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&tiba=Black+Basta+Ransomware+Victim%3A+New+Peoples+Bank+-+RedPacket+Security&u_tz=0&u_his=10&ig=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=b1K8YoLrDJW-lgSR2JWoAg&cid=CAQSKQCNIrLMJtLOrYkq2ht4jVwo8p0PgHoFAG6_I-1pAAnutWnUdvCSTY-X&random=2324084328 HTTP 302
https://www.google.de/pagead/1p-conversion/4209956877/?guid=ON&random=649849245&fst=1656509038886&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&tiba=Black+Basta+Ransomware+Victim%3A+New+Peoples+Bank+-+RedPacket+Security&u_tz=0&u_his=10&ig=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=b1K8YoLrDJW-lgSR2JWoAg&cid=CAQSKQCNIrLMJtLOrYkq2ht4jVwo8p0PgHoFAG6_I-1pAAnutWnUdvCSTY-X&random=2324084328&ipr=y&prhg=0

Request Chain 64

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/4209956877/?guid=ON&random=1656509525378&fst=1656509038886&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&tiba=Black+Basta+Ransomware+Victim%3A+New+Peoples+Bank+-+RedPacket+Security&u_tz=0&u_his=10&ig=1 HTTP 302
https://www.google.com/pagead/1p-user-list/4209956877/?guid=ON&random=1656509525378&fst=1656507600000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&tiba=Black+Basta+Ransomware+Victim%3A+New+Peoples+Bank+-+RedPacket+Security&u_tz=0&u_his=10&is_vtc=1&random=2190249940 HTTP 302
https://www.google.de/pagead/1p-user-list/4209956877/?guid=ON&random=1656509525378&fst=1656507600000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&tiba=Black+Basta+Ransomware+Victim%3A+New+Peoples+Bank+-+RedPacket+Security&u_tz=0&u_his=10&is_vtc=1&random=2190249940&ipr=y

Request Chain 146

https://d.agkn.com/pixel/2175/?google_gid=CAESEJo_LOFA_6oW7ZGCUvk5lr0&google_cver=1&google_push=ARnp8GBP4NzpIufufHhR1ucO5YhjGxxhktXxyTO-jQpvvaVnZyeGUoNVHfoNDLOY0rEl2e8_hsZU30HRoe1x-OyMKgdzldxb HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ARnp8GBP4NzpIufufHhR1ucO5YhjGxxhktXxyTO-jQpvvaVnZyeGUoNVHfoNDLOY0rEl2e8_hsZU30HRoe1x-OyMKgdzldxb&google_hm=Q0FFU0VKb19MT0ZBXzZvVzdaR0NVdms1bHIw

Request Chain 147

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GCmDfg2STzNTPqbE7dCdu2arkxVhEjMhTphsQBHvuJva5TzarQYqzM7jrWZDz56ZZKiAQX0pj1xLGLI9cgqPPbVK2DJ3A&google_gid=CAESEOC7aVQYe_xW0QJcD8F2QJs&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GCmDfg2STzNTPqbE7dCdu2arkxVhEjMhTphsQBHvuJva5TzarQYqzM7jrWZDz56ZZKiAQX0pj1xLGLI9cgqPPbVK2DJ3A&google_gid=CAESEOC7aVQYe_xW0QJcD8F2QJs&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MjkxMzI0MDEwMDA2OTQ2MjYzODE5Mg%3D%3D&google_push=ARnp8GCmDfg2STzNTPqbE7dCdu2arkxVhEjMhTphsQBHvuJva5TzarQYqzM7jrWZDz56ZZKiAQX0pj1xLGLI9cgqPPbVK2DJ3A

Request Chain 150

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMTrQVCe8oUW4Of8YryJf6E&google_cver=1&google_push=ARnp8GA_cvbV35btVhUHuXMcC9tAFsyFQmA8ccKrCWtnJLpx6ZrQvW4I10Jiz8akGmFEI5-rJhiPdd9WgZ7vfKo5Op6G4SF7CA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPNjUtMVQtS0pCUg==&google_push=ARnp8GA_cvbV35btVhUHuXMcC9tAFsyFQmA8ccKrCWtnJLpx6ZrQvW4I10Jiz8akGmFEI5-rJhiPdd9WgZ7vfKo5Op6G4SF7CA

Request Chain 151

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_cver=1&google_push=ARnp8GBYUPWF6RqF-hrsUZJD2lXSpoqjTwuNzAJKoX0mT_Bw7QynsJKvKSDO9nv8a4Q0aUWC5h-twnwboPu0GgFworLtVXl6FQ HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_push=ARnp8GBYUPWF6RqF-hrsUZJD2lXSpoqjTwuNzAJKoX0mT_Bw7QynsJKvKSDO9nv8a4Q0aUWC5h-twnwboPu0GgFworLtVXl6FQ&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GBYUPWF6RqF-hrsUZJD2lXSpoqjTwuNzAJKoX0mT_Bw7QynsJKvKSDO9nv8a4Q0aUWC5h-twnwboPu0GgFworLtVXl6FQ

Request Chain 153

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 159

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DARnp8GCBxF1LE9ShBPbtImLghDWNIrnOFUaJ5st29C9yeAWdreVVTihNuu0yTTZof7O1p69j4w21jcNG3jy3zTO_BuDzhqJll_Bm&google_gid=CAESEA2h4_qIYXqXlz5s4N9m-4k&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXJ4U2NBQUFCWUczaXpmWA&google_push=ARnp8GCBxF1LE9ShBPbtImLghDWNIrnOFUaJ5st29C9yeAWdreVVTihNuu0yTTZof7O1p69j4w21jcNG3jy3zTO_BuDzhqJll_Bm

Request Chain 163

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMTrQVCe8oUW4Of8YryJf6E&google_cver=1&google_push=ARnp8GBxGW8PZZqqgCjyrXOb02oSNUxZl3IxQkDVv10Ev1Figby1cavS8QzecgKocjC-8M9MoqQw1b9xkkJhbZyxUFmXyz5lgvY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPN0EtSC1HWFhH&google_push=ARnp8GBxGW8PZZqqgCjyrXOb02oSNUxZl3IxQkDVv10Ev1Figby1cavS8QzecgKocjC-8M9MoqQw1b9xkkJhbZyxUFmXyz5lgvY

Request Chain 164

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_cver=1&google_push=ARnp8GAb2A-WpGCW2P8yCxiZgdmCFnfDx_CzP95WHebrMfZJxIpkaxCb0WHhC6vmDmuHP-Rc4qDzRSENSg05LRNNLfKpWOmI6Fg HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_push=ARnp8GAb2A-WpGCW2P8yCxiZgdmCFnfDx_CzP95WHebrMfZJxIpkaxCb0WHhC6vmDmuHP-Rc4qDzRSENSg05LRNNLfKpWOmI6Fg&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GAb2A-WpGCW2P8yCxiZgdmCFnfDx_CzP95WHebrMfZJxIpkaxCb0WHhC6vmDmuHP-Rc4qDzRSENSg05LRNNLfKpWOmI6Fg

Request Chain 166

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 183

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJBdCjHWMPPJM6f4gBGC0Go&google_cver=1&google_push=ARnp8GBXE7u4SeChcjkuqj-fcwb7Vr0srqXfhptgwEgqq4yh7IEjXYisewSDNmosEUWSDk_9i713fdgK8LikziURe940d5kjmW8 HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ARnp8GBXE7u4SeChcjkuqj-fcwb7Vr0srqXfhptgwEgqq4yh7IEjXYisewSDNmosEUWSDk_9i713fdgK8LikziURe940d5kjmW8&google_hm=h4YN7soN0COg411ipe3mvQ

Request Chain 184

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DARnp8GADZM7MzgBN6CWOTcoCcMOFLrZLHqX3CAILV2HQzDFQYolbTzqjmo6gmWqIr1VMe1TYvs97LCLSeFk-lSXMRoq1fcvz0lxQ&google_gid=CAESEA2h4_qIYXqXlz5s4N9m-4k&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXJ4U2NRQUFCRmJ3em1vSg&google_push=ARnp8GADZM7MzgBN6CWOTcoCcMOFLrZLHqX3CAILV2HQzDFQYolbTzqjmo6gmWqIr1VMe1TYvs97LCLSeFk-lSXMRoq1fcvz0lxQ

Request Chain 185

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GCtkzHedzMmocKr6RNPG9Lktrew_gBSJigYizaf_-x_elEvaXOiGFzdX1V11d4zkHbNRg-dhmM_UnLSLmyT0QyJu8YP8Ao&google_gid=CAESEOC7aVQYe_xW0QJcD8F2QJs&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GCtkzHedzMmocKr6RNPG9Lktrew_gBSJigYizaf_-x_elEvaXOiGFzdX1V11d4zkHbNRg-dhmM_UnLSLmyT0QyJu8YP8Ao&google_gid=CAESEOC7aVQYe_xW0QJcD8F2QJs&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MjkxMzI0MDEwMDAxMjk2MzA3Njc1Mw%3D%3D&google_push=ARnp8GCtkzHedzMmocKr6RNPG9Lktrew_gBSJigYizaf_-x_elEvaXOiGFzdX1V11d4zkHbNRg-dhmM_UnLSLmyT0QyJu8YP8Ao

Request Chain 188

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMTrQVCe8oUW4Of8YryJf6E&google_cver=1&google_push=ARnp8GDMx0MTPySSx2a9AfBolsMHHFE0urEfSuORj56x5pJG09ZXWfVaKPnkJtOfyo6MObdW0-1KAeW2XXcehQVc4Co6tJ8wNjfs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPQzMtMVQtTEhYTA==&google_push=ARnp8GDMx0MTPySSx2a9AfBolsMHHFE0urEfSuORj56x5pJG09ZXWfVaKPnkJtOfyo6MObdW0-1KAeW2XXcehQVc4Co6tJ8wNjfs

Request Chain 191

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 208

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DARnp8GBF3cEnCp5IzXMgC5KDe_DAce_c26-mj1EzvE8Pg11M5XlGc5rgW-Q0Vj8HbctcHGFRB82Zwb8cWq1ndJcbrUEUvHN5TIB3&google_gid=CAESEA2h4_qIYXqXlz5s4N9m-4k&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXJ4U2NRQUFCUkVtWTF0Rg&google_push=ARnp8GBF3cEnCp5IzXMgC5KDe_DAce_c26-mj1EzvE8Pg11M5XlGc5rgW-Q0Vj8HbctcHGFRB82Zwb8cWq1ndJcbrUEUvHN5TIB3

Request Chain 209

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GAopUh-0oDaBJgdVO_8_BMh3kdRiaQRxM6k3iuOVZbOn9h9YVdxrUVL2MyfGkmGDhaSl6ICF8AVyolVKYyBDC7rRulNdwvg&google_gid=CAESEOC7aVQYe_xW0QJcD8F2QJs&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MjkxMzI0MDEwMDAxNjE0NDI1MTM5OQ%3D%3D&google_push=ARnp8GAopUh-0oDaBJgdVO_8_BMh3kdRiaQRxM6k3iuOVZbOn9h9YVdxrUVL2MyfGkmGDhaSl6ICF8AVyolVKYyBDC7rRulNdwvg

Request Chain 212

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMTrQVCe8oUW4Of8YryJf6E&google_cver=1&google_push=ARnp8GAqP2n4GY-Eey8zcCuKezjmF33ROxGU2A8iu4gEi3Y7f-DajQF1bY1aStMXDjOB_xGE59foxKd8ZPROezkH0kMNIV6znJyn HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPSFQtUS00Vjc3&google_push=ARnp8GAqP2n4GY-Eey8zcCuKezjmF33ROxGU2A8iu4gEi3Y7f-DajQF1bY1aStMXDjOB_xGE59foxKd8ZPROezkH0kMNIV6znJyn

Request Chain 213

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_cver=1&google_push=ARnp8GBT1FFLz6BonakW8bCh4B6WgVs_ji5uDjJI0zpZtDsLDdhdDIMlDT3OICXRda4EfD9BGPJSQlYSXh3ClnN3ehPjweP4uIWB HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GBT1FFLz6BonakW8bCh4B6WgVs_ji5uDjJI0zpZtDsLDdhdDIMlDT3OICXRda4EfD9BGPJSQlYSXh3ClnN3ehPjweP4uIWB

Request Chain 216

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 232

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJBdCjHWMPPJM6f4gBGC0Go&google_cver=1&google_push=ARnp8GBzK59kKV_KBSPWQ361LrT4usRcslaM-YugbZq2BVpzaSjd5M3dTfqhLTwSd87ivetCki1UZDtaamu0QltzoIrK7H4eN7p5 HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ARnp8GBzK59kKV_KBSPWQ361LrT4usRcslaM-YugbZq2BVpzaSjd5M3dTfqhLTwSd87ivetCki1UZDtaamu0QltzoIrK7H4eN7p5&google_hm=h4YN7soN0COg411ipe3mvQ

Request Chain 236

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMTrQVCe8oUW4Of8YryJf6E&google_cver=1&google_push=ARnp8GDUCC1J0aK-ptxXWiikQdpaI_iLywoHWqfEjArntKf8uYp0OABfJ8Czl6KsowNYwgYJZo7DZmR33LP-CQb6UmGpJizwzjhw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPT1ctTC03MUJV&google_push=ARnp8GDUCC1J0aK-ptxXWiikQdpaI_iLywoHWqfEjArntKf8uYp0OABfJ8Czl6KsowNYwgYJZo7DZmR33LP-CQb6UmGpJizwzjhw

Request Chain 237

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_cver=1&google_push=ARnp8GBmO5RBW3blc7HDvec-SxD18kSqA44GFpF_iOJ9gWWBrh2N-Dx9tWxIdA5DMaKk_GqxEZdbZv1PMwX_OdpwFmBCUljLBqL6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GBmO5RBW3blc7HDvec-SxD18kSqA44GFpF_iOJ9gWWBrh2N-Dx9tWxIdA5DMaKk_GqxEZdbZv1PMwX_OdpwFmBCUljLBqL6

Request Chain 240

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

237 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/ 147 KB
30 KB 778ms
697ms Document
text/html 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.30 PleskLin

Resource Hash

4bac530874a51f6c07f2e956b8b534c5947e13f3f6e9a15c7684cc7352051c28

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=43200
cf-apo-via: origin,miss
cf-cache-status: MISS
cf-ray: 722efaccda519107-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 13:23:58 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Wed, 29 Jun 2022 11:04:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n6ddXXQMXEnxCD1SbxqsSf6i7onc4siMc0B0CkRs%2FvRbI%2BEE7bLTJ2%2BvdKvmPjOSOzgltxSPersL3Uv4G4x%2F8xwnHfmyINYXXU6UJKeQ3TytQ9QiI9CiW8cQgz4z9N3jFpml4qW%2BPGQUO9ruKC3f4gxHZwpqNGw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15768000; includeSubDomains
vary: Accept-Encoding, accept,amp-cache-transform
wpo-cache-status: cached
x-html-edge-cache-status: Bypass for Reload, Cached
x-powered-by: PHP/7.4.30 PleskLin

GET
H2 200 style.min.css
www.redpacketsecurity.com/wp-includes/css/dist/block-library/ 87 KB
12 KB 64ms
57ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/css/dist/block-library/style.min.css?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

d678ab3b4e7dddf5615012cc1a930e50dfbc967181b8fbeb1b98d61549f5ed08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 64
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 28 May 2022 21:05:44 GMT
server: cloudflare
etag: W/"62928ea8-15b26"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LOjd%2FbmIlhBjRavfwXmeY80ass8teBiD%2BgjT897Ry3JmVrQQLGfzqWCSAJt3AqQmhZw7eoIJepKRIICQG94kNYjfb1mzItTDdAru6X4WRDrObapQIjLtVnFLNryca2O0yTPFu9ntdf3fSHab5%2FwY1iXFoef3idA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 722efad1585f9107-FRA

GET
H2 200 app.css
www.redpacketsecurity.com/wp-content/plugins/patreon-connect/assets/css/ 2 KB
1015 B 59ms
54ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/patreon-connect/assets/css/app.css?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

af12f7592b4d8f6b8483bd9bab081ecf35abe485d5315fb0ecf30559ac2bd9cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 64
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 24 Mar 2022 09:03:28 GMT
server: cloudflare
etag: W/"623c33e0-bd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZMARhGRcTaEYMxRI45ijRrD8wcVs8V71Km9rxbUtbt6JJx1XK60liAhJIi25R0oxnq6r5NfAEkG9JU%2Fzf%2BdrmIa9FLl2teYCwctRRcNHGgP6xWBvpmAklXEMlSn5p0Bn7E7yqmixkzvUUUUVrw9C%2BmyZpgvSxP0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-polished: origSize=3028
cf-ray: 722efad158619107-FRA
cf-bgj: minify

GET
H2 200 style.min.css
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/_common/ 2 KB
903 B 70ms
66ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/_common/style.min.css?ver=5.2.9

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

578ece1ba13e8a1dd211785e2df101ac5f9d1f2e387f9c6557bf51637ad0b84b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 64
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 13 Jun 2022 19:27:37 GMT
server: cloudflare
etag: W/"62a78fa9-6bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yRpSjxCUtJU9NTLpToTFPgBd9wb4fQbbBQEeD5x5deA8yQhvMf8G%2FJ%2FERQ%2Fi52xj3BRUsNp64uGrWDlh5RuOjdTi1QYVyQBrDO4G30rKff180HU4ovohX24kboofI87DFb%2FaoUEYQ1POqkFlxfVzOJGTXRUEqig%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 722efad158639107-FRA

GET
H2 200 style.min.css
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/list/ 9 KB
2 KB 72ms
69ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/list/style.min.css?ver=1.2.9

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

13ea1503dc13c1d5259d6d10430aadc0fe269a78016fa6b7e0a41d653c6a7001

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 64
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 13 Jun 2022 19:27:37 GMT
server: cloudflare
etag: W/"62a78fa9-233b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oNo3f0QJEsbmptcdSWqtqmNksJG2IvvEsIohM4Y5hkfqtgRIiNZ7l9%2BTh5%2Bp8SpSJuoEp23%2FG79ZYrG7WIY3jX84HwhqXtDINdtFJ5JhddBmegRqcWhiXuCL3IISOxj%2FH9p4mr1O69mYDlL3JJWwET4vWgf%2B5ls%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 722efad158649107-FRA

GET
H2 200 style.min.css
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/text/ 16 B
353 B 69ms
67ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/text/style.min.css?ver=1.0.1

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

9ddc0f6530a2a949a60ecc192689aba25551e0f9f6270b44803134b27708d883

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 64
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16
last-modified: Mon, 13 Jun 2022 19:27:37 GMT
server: cloudflare
etag: "10-5e15947dadc3a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rLe9QI8pNoc9VOL3xDsMLaDh9%2BFWH%2FeDrWkeQUrEI4wTdhjlI8fdw7mnYIQIyV6sHZl9VixDmNCi7h46cJy6ZTcCXz4RdeGmhCtHB%2BqzUgVqMuCCtmn4P46z0B8Sz8SnLBYzm8etXbaIFXXoLpDwiiYWFjrwPDU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-accel-version: 0.01
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 722efad158679107-FRA

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 167ms
47ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%3A400%2C500%2C700%2C800%7CWork%2BSans%3A300%2C400%2C500%2C600%2C700%2C800%2C900%26display%3Dswap&subset=latin%2Clatin-ext

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6e030af5390ddec7d8ce24c6fc6c650cfbc92d38037d2ac11ad9591db251e65e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 12:54:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Jun 2022 13:23:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Jun 2022 13:23:58 GMT

GET
H2 200 css
fonts.googleapis.com/ 592 KB
44 KB 140ms
53ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=ABeeZee%7CAbel%7CAbril+Fatface%7CAclonica%7CAcme%7CActor%7CAdamina%7CAdvent+Pro%7CAguafina+Script%7CAkronim%7CAladin%7CAldrich%7CAlef%7CAlegreya%7CAlegreya+SC%7CAlegreya+Sans%7CAlegreya+Sans+SC%7CAlex+Brush%7CAlfa+Slab+One%7CAlice%7CAlike%7CAlike+Angular%7CAllan%7CAllerta%7CAllerta+Stencil%7CAllura%7CAlmendra%7CAlmendra+Display%7CAlmendra+SC%7CAmarante%7CAmaranth%7CAmatic+SC%7CAmatica+SC%7CAmethysta%7CAmiko%7CAmiri%7CAmita%7CAnaheim%7CAndada%7CAndika%7CAngkor%7CAnnie+Use+Your+Telescope%7CAnonymous+Pro%7CAntic%7CAntic+Didone%7CAntic+Slab%7CAnton%7CArapey%7CArbutus%7CArbutus+Slab%7CArchitects+Daughter%7CArchivo+Black%7CArchivo+Narrow%7CAref+Ruqaa%7CArima+Madurai%7CArimo%7CArizonia%7CArmata%7CArtifika%7CArvo%7CArya%7CAsap%7CAsar%7CAsset%7CAssistant%7CAstloch%7CAsul%7CAthiti%7CAtma%7CAtomic+Age%7CAubrey%7CAudiowide%7CAutour+One%7CAverage%7CAverage+Sans%7CAveria+Gruesa+Libre%7CAveria+Libre%7CAveria+Sans+Libre%7CAveria+Serif+Libre%7CBad+Script%7CBaloo%7CBaloo+Bhai%7CBaloo+Da%7CBaloo+Thambi%7CBalthazar%7CBangers%7CBasic%7CBattambang%7CBaumans%7CBayon%7CBelgrano%7CBelleza%7CBenchNine%7CBentham%7CBerkshire+Swash%7CBevan%7CBigelow+Rules%7CBigshot+One%7CBilbo%7CBilbo+Swash+Caps%7CBioRhyme%7CBioRhyme+Expanded%7CBiryani%7CBitter%7CBlack+Ops+One%7CBokor%7CBonbon%7CBoogaloo%7CBowlby+One%7CBowlby+One+SC%7CBrawler%7CBree+Serif%7CBubblegum+Sans%7CBubbler+One%7CBuda%7CBuenard%7CBungee%7CBungee+Hairline%7CBungee+Inline%7CBungee+Outline%7CBungee+Shade%7CButcherman%7CButterfly+Kids%7CCabin%7CCabin+Condensed%7CCabin+Sketch%7CCaesar+Dressing%7CCagliostro%7CCairo%7CCalligraffitti%7CCambay%7CCambo%7CCandal%7CCantarell%7CCantata+One%7CCantora+One%7CCapriola%7CCardo%7CCarme%7CCarrois+Gothic%7CCarrois+Gothic+SC%7CCarter+One%7CCatamaran%7CCaudex%7CCaveat%7CCaveat+Brush%7CCedarville+Cursive%7CCeviche+One%7CChanga%7CChanga+One%7CChango%7CChathura%7CChau+Philomene+One%7CChela+One%7CChelsea+Market%7CChenla%7CCherry+Cream+Soda%7CCherry+Swash%7CChewy%7CChicle%7CChivo%7CChonburi%7CCinzel%7CCinzel+Decorative%7CClicker+Script%7CCoda%7CCoda+Caption%7CCodystar%7CCoiny%7CCombo%7CComfortaa%7CComing+Soon%7CConcert+One%7CCondiment%7CContent%7CContrail+One%7CConvergence%7CCookie%7CCopse%7CCorben%7CCormorant%7CCormorant+Garamond%7CCormorant+Infant%7CCormorant+SC%7CCormorant+Unicase%7CCormorant+Upright%7CCourgette%7CCousine%7CCoustard%7CCovered+By+Your+Grace%7CCrafty+Girls%7CCreepster%7CCrete+Round%7CCrimson+Text%7CCroissant+One%7CCrushed%7CCuprum%7CCutive%7CCutive+Mono%7CDamion%7CDancing+Script%7CDangrek%7CDavid+Libre%7CDawning+of+a+New+Day%7CDays+One%7CDekko%7CDelius%7CDelius+Swash+Caps%7CDelius+Unicase%7CDella+Respira%7CDenk+One%7CDevonshire%7CDhurjati%7CDidact+Gothic%7CDiplomata%7CDiplomata+SC%7CDomine%7CDonegal+One%7CDoppio+One%7CDorsa%7CDosis%7CDr+Sugiyama%7CDroid+Sans%7CDroid+Sans+Mono%7CDroid+Serif%7CDuru+Sans%7CDynalight%7CEB+Garamond%7CEagle+Lake%7CEater%7CEconomica%7CEczar%7CEk+Mukta%7CEl+Messiri%7CElectrolize%7CElsie%7CElsie+Swash+Caps%7CEmblema+One%7CEmilys+Candy%7CEngagement%7CEnglebert%7CEnriqueta%7CErica+One%7CEsteban%7CEuphoria+Script%7CEwert%7CExo%7CExo+2%7CExpletus+Sans%7CFanwood+Text%7CFarsan%7CFascinate%7CFascinate+Inline%7CFaster+One%7CFasthand%7CFauna+One%7CFederant%7CFedero%7CFelipa%7CFenix%7CFinger+Paint%7CFira+Mono%7CFira+Sans%7CFjalla+One%7CFjord+One%7CFlamenco%7CFlavors%7CFondamento%7CFontdiner+Swanky%7CForum%7CFrancois+One%7CFrank+Ruhl+Libre%7CFreckle+Face%7CFredericka+the+Great%7CFredoka+One%7CFreehand%7CFresca%7CFrijole%7CFruktur%7CFugaz+One%7CGFS+Didot%7CGFS+Neohellenic%7CGabriela%7CGafata%7CGalada%7CGaldeano%7CGalindo%7CGentium+Basic%7CGentium+Book+Basic%7CGeo%7CGeostar%7CGeostar+Fill%7CGermania+One%7CGidugu%7CGilda+Display%7CGive+You+Glory%7CGlass+Antiqua%7CGlegoo%7CGloria+Hallelujah%7CGoblin+One%7CGochi+Hand%7CGorditas%7CGoudy+Bookletter+1911%7CGraduate%7CGrand+Hotel%7CGravitas+One%7CGreat+Vibes%7CGriffy%7CGruppo%7CGudea%7CGurajada%7CHabibi%7CHalant%7CHammersmith+One%7CHanalei%7CHanalei+Fill%7CHandlee%7CHanuman%7CHappy+Monkey%7CHarmattan%7CHeadland+One%7CHeebo%7CHenny+Penny%7CHerr+Von+Muellerhoff%7CHind%7CHind+Guntur%7CHind+Madurai%7CHind+Siliguri%7CHind+Vadodara%7CHoltwood+One+SC%7CHomemade+Apple%7CHomenaje%7CIM+Fell+DW+Pica%7CIM+Fell+DW+Pica+SC%7CIM+Fell+Double+Pica%7CIM+Fell+Double+Pica+SC%7CIM+Fell+English%7CIM+Fell+English+SC%7CIM+Fell+French+Canon%7CIM+Fell+French+Canon+SC%7CIM+Fell+Great+Primer%7CIM+Fell+Great+Primer+SC%7CIceberg%7CIceland%7CImprima%7CInconsolata%7CInder%7CIndie+Flower%7CInika%7CInknut+Antiqua%7CIrish+Grover%7CIstok+Web%7CItaliana%7CItalianno%7CItim%7CJacques+Francois%7CJacques+Francois+Shadow%7CJaldi%7CJim+Nightshade%7CJockey+One%7CJolly+Lodger%7CJomhuria%7CJosefin+Sans%7CJosefin+Slab%7CJoti+One%7CJudson%7CJulee%7CJulius+Sans+One%7CJunge%7CJura%7CJust+Another+Hand%7CJust+Me+Again+Down+Here%7CKadwa%7CKalam%7CKameron%7CKanit%7CKantumruy%7CKarla%7CKarma%7CKatibeh%7CKaushan+Script%7CKavivanar%7CKavoon%7CKdam+Thmor%7CKeania+One%7CKelly+Slab%7CKenia%7CKhand%7CKhmer%7CKhula%7CKite+One%7CKnewave%7CKotta+One%7CKoulen%7CKranky%7CKreon%7CKristi%7CKrona+One%7CKumar+One%7CKumar+One+Outline%7CKurale%7CLa+Belle+Aurore%7CLaila%7CLakki+Reddy%7CLalezar%7CLancelot%7CLateef%7CLato%7CLeague+Script%7CLeckerli+One%7CLedger%7CLekton%7CLemon%7CLemonada%7CLibre+Baskerville%7CLibre+Franklin%7CLife+Savers%7CLilita+One%7CLily+Script+One%7CLimelight%7CLinden+Hill%7CLobster%7CLobster+Two%7CLondrina+Outline%7CLondrina+Shadow%7CLondrina+Sketch%7CLondrina+Solid%7CLora%7CLove+Ya+Like+A+Sister%7CLoved+by+the+King%7CLovers+Quarrel%7CLuckiest+Guy%7CLusitana%7CLustria%7CMacondo%7CMacondo+Swash+Caps%7CMada%7CMagra%7CMaiden+Orange%7CMaitree%7CMako%7CMallanna%7CMandali%7CMarcellus%7CMarcellus+SC%7CMarck+Script%7CMargarine%7CMarko+One%7CMarmelad%7CMartel%7CMartel+Sans%7CMarvel%7CMate%7CMate+SC%7CMaven+Pro%7CMcLaren%7CMeddon%7CMedievalSharp%7CMedula+One%7CMeera+Inimai%7CMegrim%7CMeie+Script%7CMerienda%7CMerienda+One%7CMerriweather%7CMerriweather+Sans%7CMetal%7CMetal+Mania%7CMetamorphous%7CMetrophobic%7CMichroma%7CMilonga%7CMiltonian%7CMiltonian+Tattoo%7CMiniver%7CMiriam+Libre%7CMirza%7CMiss+Fajardose%7CMitr%7CModak%7CModern+Antiqua%7CMogra%7CMolengo%7CMolle%7CMonda%7CMonofett%7CMonoton%7CMonsieur+La+Doulaise%7CMontaga%7CMontez%7CMontserrat%7CMontserrat+Alternates%7CMontserrat+Subrayada%7CMoul%7CMoulpali%7CMountains+of+Christmas%7CMouse+Memoirs%7CMr+Bedfort%7CMr+Dafoe%7CMr+De+Haviland%7CMrs+Saint+Delafield%7CMrs+Sheppards%7CMukta+Vaani%7CMuli%7CMystery+Quest%7CNTR%7CNeucha%7CNeuton%7CNew+Rocker%7CNews+Cycle%7CNiconne%7CNixie+One%7CNobile%7CNokora%7CNorican%7CNosifer%7CNothing+You+Could+Do%7CNoticia+Text%7CNoto+Sans%7CNoto+Serif%7CNova+Cut%7CNova+Flat%7CNova+Mono%7CNova+Oval%7CNova+Round%7CNova+Script%7CNova+Slim%7CNova+Square%7CNumans%7CNunito%7COdor+Mean+Chey%7COffside%7COld+Standard+TT%7COldenburg%7COleo+Script%7COleo+Script+Swash+Caps%7COpen+Sans%7COpen+Sans+Condensed%7COranienbaum%7COrbitron%7COregano%7COrienta%7COriginal+Surfer%7COswald%7COver+the+Rainbow%7COverlock%7COverlock+SC%7COvo%7COxygen%7COxygen+Mono%7CPT+Mono%7CPT+Sans%7CPT+Sans+Caption%7CPT+Sans+Narrow%7CPT+Serif%7CPT+Serif+Caption%7CPacifico%7CPalanquin%7CPalanquin+Dark%7CPaprika%7CParisienne%7CPassero+One%7CPassion+One%7CPathway+Gothic+One%7CPatrick+Hand%7CPatrick+Hand+SC%7CPattaya%7CPatua+One%7CPavanam%7CPaytone+One%7CPeddana%7CPeralta%7CPermanent+Marker%7CPetit+Formal+Script%7CPetrona%7CPhilosopher%7CPiedra%7CPinyon+Script%7CPirata+One%7CPlaster%7CPlay%7CPlayball%7CPlayfair+Display%7CPlayfair+Display+SC%7CPodkova%7CPoiret+One%7CPoller+One%7CPoly%7CPompiere%7CPontano+Sans%7CPoppins%7CPort+Lligat+Sans%7CPort+Lligat+Slab%7CPragati+Narrow%7CPrata%7CPreahvihear%7CPress+Start+2P%7CPridi%7CPrincess+Sofia%7CProciono%7CPrompt%7CProsto+One%7CProza+Libre%7CPuritan%7CPurple+Purse%7CQuando%7CQuantico%7CQuattrocento%7CQuattrocento+Sans%7CQuestrial%7CQuicksand%7CQuintessential%7CQwigley%7CRacing+Sans+One%7CRadley%7CRajdhani%7CRakkas%7CRaleway%7CRaleway+Dots%7CRamabhadra%7CRamaraja%7CRambla%7CRammetto+One%7CRanchers%7CRancho%7CRanga%7CRasa%7CRationale%7CRavi+Prakash%7CRedressed%7CReem+Kufi%7CReenie+Beanie%7CRevalia%7CRhodium+Libre%7CRibeye%7CRibeye+Marrow%7CRighteous%7CRisque%7CRoboto%7CRoboto+Condensed%7CRoboto+Mono%7CRoboto+Slab%7CRochester%7CRock+Salt%7CRokkitt%7CRomanesco%7CRopa+Sans%7CRosario%7CRosarivo%7CRouge+Script%7CRozha+One%7CRubik%7CRubik+Mono+One%7CRubik+One%7CRuda%7CRufina%7CRuge+Boogie%7CRuluko%7CRum+Raisin%7CRuslan+Display%7CRusso+One%7CRuthie%7CRye%7CSacramento%7CSahitya%7CSail%7CSalsa%7CSanchez%7CSancreek%7CSansita+One%7CSarala%7CSarina%7CSarpanch%7CSatisfy%7CScada%7CScheherazade%7CSchoolbell%7CScope+One%7CSeaweed+Script%7CSecular+One%7CSevillana%7CSeymour+One%7CShadows+Into+Light%7CShadows+Into+Light+Two%7CShanti%7CShare%7CShare+Tech%7CShare+Tech+Mono%7CShojumaru%7CShort+Stack%7CShrikhand%7CSiemreap%7CSigmar+One%7CSignika%7CSignika+Negative%7CSimonetta%7CSintony%7CSirin+Stencil%7CSix+Caps%7CSkranji%7CSlabo+13px%7CSlabo+27px%7CSlackey%7CSmokum%7CSmythe%7CSniglet%7CSnippet%7CSnowburst+One%7CSofadi+One%7CSofia%7CSonsie+One%7CSorts+Mill+Goudy%7CSource+Code+Pro%7CSource+Sans+Pro%7CSource+Serif+Pro%7CSpace+Mono%7CSpecial+Elite%7CSpicy+Rice%7CSpinnaker%7CSpirax%7CSquada+One%7CSree+Krushnadevaraya%7CSriracha%7CStalemate%7CStalinist+One%7CStardos+Stencil%7CStint+Ultra+Condensed%7CStint+Ultra+Expanded%7CStoke%7CStrait%7CSue+Ellen+Francisco%7CSuez+One%7CSumana%7CSunshiney%7CSupermercado+One%7CSura%7CSuranna%7CSuravaram%7CSuwannaphum%7CSwanky+and+Moo+Moo%7CSyncopate%7CTangerine%7CTaprom%7CTauri%7CTaviraj%7CTeko%7CTelex%7CTenali+Ramakrishna%7CTenor+Sans%7CText+Me+One%7CThe+Girl+Next+Door%7CTienne%7CTillana%7CTimmana%7CTinos%7CTitan+One%7CTitillium+Web%7CTrade+Winds%7CTrirong%7CTrocchi%7CTrochut%7CTrykker%7CTulpen+One%7CUbuntu%7CUbuntu+Condensed%7CUbuntu+Mono%7CUltra%7CUncial+Antiqua%7CUnderdog%7CUnica+One%7CUnifrakturCook%7CUnifrakturMaguntia%7CUnkempt%7CUnlock%7CUnna%7CVT323%7CVampiro+One%7CVarela%7CVarela+Round%7CVast+Shadow%7CVesper+Libre%7CVibur%7CVidaloka%7CViga%7CVoces%7CVolkhov%7CVollkorn%7CVoltaire%7CWaiting+for+the+Sunrise%7CWallpoet%7CWalter+Turncoat%7CWarnes%7CWellfleet%7CWendy+One%7CWire+One%7CWork+Sans%7CYanone+Kaffeesatz%7CYantramanav%7CYatra+One%7CYellowtail%7CYeseva+One%7CYesteryear%7CYrsa%7CZeyada&subset=latin%2Clatin-ext

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

717fbacbf26a1f7ee86c28a9dabf6abc285b324b24a11f0d3762903d8934565a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 13:13:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Jun 2022 13:23:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Jun 2022 13:23:58 GMT

GET
H3 200 bootstrap.css
www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/ 156 KB
26 KB 152ms
150ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/bootstrap.css?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

e9d9a4ac74e536c050e8c6c9a95941e5009411ae61e9c2bcd8371f638b2ec661

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"62a9cb44-329f6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hvNdceesY%2B4czbN5UOv9%2FtPuTtgg6PtH4eaGz1zq%2BSqHi50TX1YxdEo%2FyTR2vO6J49xpy42YMJ9s5NiUl8d3B8BNQsZVNk66LoAuQlw1XQjsG%2FIGAjieFQ4rTU%2F8WYV%2FlZQLpH%2FNlYeewiNFBL8y7B9g7CxXxLs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-polished: origSize=207350
cf-ray: 722efad1c9d39034-FRA
cf-bgj: minify

GET
H3 200 style.css
www.redpacketsecurity.com/wp-content/themes/newsup-pro/ 62 KB
13 KB 73ms
72ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/style.css?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

f84781d3e65130fbcee9c8813916246764b2e335a6a4827009f817c3ca74c3f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"62a9cb44-152e7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Y25OTmS401ZVzbO0jcyt5EJ%2B%2BVOQ%2FVjwIFwnDvk7xZtomDhBfcr1VASYn6US%2FgVCnJv225H%2FMFGN8%2FkfewOls0HPF4SEv1aMFSV7wH3u1J1C5oIzihgkdcxFl2nSCsusu91mjhzTz6WvhAx%2B4s1JXX3ldP36HY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-polished: origSize=86759
cf-ray: 722efad1c9db9034-FRA
cf-bgj: minify

GET
H3 200 light.css
www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/colors/ 92 B
734 B 115ms
114ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/colors/light.css?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

af468a53ff8b21e58d333969b462d31f6d23e94d0f255e58b8c9242057d29c34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"81-5e17b59d731a3-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cyohQLhaplltNSi%2BTzPP6jcm0tlpwdIyF%2Bv00XeDRYr5iIb2a74nR%2FVM0g%2FKiaQnvmm7eDH%2BdbDWm0WNS2DJqCGQKbg85vm8LdunwNZaSowfxjIwo0Y0TgTDzkWPMz1P8fbY%2F%2FevqTAEDJ5qYA%2BELzd1eOYCLnc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-accel-version: 0.01
cache-control: max-age=43200
cf-polished: origSize=129
cf-ray: 722efad1c9dd9034-FRA
cf-bgj: minify

GET
H3 200 all.min.css
www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/font-awesome/css/ 55 KB
13 KB 74ms
73ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/font-awesome/css/all.min.css?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

04aec4107954c62d888f138cac63e9fd4508ca8bfcdaf9a9e3ade5eed2333b79

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"62a9cb44-dcc9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VzWE32K9wVpG3m92Wqcq7IGtv49E2nFgnGFm7%2FIj7GiNAfHzkHvyP3bh2xiNm27rLxTTSqgTGeSHVd5Zw96Gw%2Fvqq9sKgtEb9huWuJtxzcMetT5JrlKzl%2BwHMCLu2ekXZ9rbAN20XuBA6fKzOJp2P%2FyVCtg4rCI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 722efad1c9ec9034-FRA

GET
H3 200 v4-shims.min.css
www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/font-awesome/css/ 26 KB
5 KB 115ms
114ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/font-awesome/css/v4-shims.min.css?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

b2be9c7c3f5b1cfa7055b5f64d499416c9b680b0b6030677c323164358f49a99

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"62a9cb44-6806"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iAYOntJuioszHnSv0PzG%2FyRziONC3TUTr5EqjfXoT5q86RZCDXMQGu8pzT1P7jAuM9D76cDwdb9wg1vCMafubijBAXlqm7FmWkqyIqgMvMY2pvxC62ufQpZ8lyNMeEixzod2wNLMkRdoeOYqpbI7S7vl%2FRcdgCU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 722efad1c9ed9034-FRA

GET
H3 200 owl.carousel.css
www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/ 1 KB
1013 B 83ms
82ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/owl.carousel.css?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

eee2832920de823a77ade71ddf71f135ef58d3d7aa14c2e48036e1faec3c2762

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"62a9cb44-60b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OSsSwdo5la0N7jwQ%2BuH2ABO3rE7Xbzjt0BrqywiSfwlOL23XGV63oM%2Bb6EHoYtuYhqQuBTCU78k0tiorAtooitgrNsKFfAkZqx%2B4cYO6aABKyuVbDnPBm4ZaS54qk%2BaPb9H%2BW40Ic4%2FGVXopfyxVmFjeCi2ZqyM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-polished: origSize=1547
cf-ray: 722efad1c9ee9034-FRA
cf-bgj: minify

GET
H3 200 jquery.smartmenus.bootstrap.css
www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/ 3 KB
2 KB 84ms
83ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/jquery.smartmenus.bootstrap.css?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

9b67a14d3266023e71ecdf6bbb6376034a486e07e1da880f536af90fb1c07711

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"62a9cb44-fdb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wUfp2hL3sDEx9l77Awt25%2B0rI9ihClv2y%2BvhRr1Erfqg%2FhOXcDboiS9h5CvVzqxyRVXzxcXBxItC6Tel3rr7AQEhFhYzgYKkL1ui6BTqp4YFqvAj642xVWAdp%2BjqETaIsTnTc2CcHLRPXOPJexiAKQt7NjqR6OM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-polished: origSize=4059
cf-ray: 722efad1c9f09034-FRA
cf-bgj: minify

GET
H3 200 front.min.css
www.redpacketsecurity.com/wp-content/plugins/cookie-notice/css/ 5 KB
2 KB 73ms
72ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

d2c30641eed11d27cc45ab60849aaef8d0cef92b8c75b09648ffb764bd6017c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 07 Jun 2022 06:42:50 GMT
server: cloudflare
etag: W/"629ef36a-14ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZAolPQtOma6y%2BLM8YCJYfEeZoFIa4Zi6jTJGWjXLTuKOxfJMHfxmqojhJs6VAH9jjqrn5jPx%2FAgPifNxBzQCFweUWvZiWFkSm%2F31zu7JF2bwog14Yk5vaV2Lcpc8QqiUFqSHTCrtv010ZKzosVdqqo8jTkK%2BCAU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 722efad1c9f19034-FRA

GET
H3 200 dashicons.min.css
www.redpacketsecurity.com/wp-includes/css/ 58 KB
35 KB 122ms
121ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/css/dashicons.min.css?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 15 Apr 2021 03:42:13 GMT
server: cloudflare
etag: W/"6077b615-e688"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5f9B3jxk7Kbuj4PaEPkX3oXwzImQ2bUoWAQmGMx2hSAfJtX2mrnu7Pp8uvIMqIFMqHTe9mzcjcJO8cdEFIwEBmLyCVlBC0bOZpHgtAFAuSAlVM5WqGM%2BNXViWXUAlwpWXCEOSJJgtYmijl5W7vrvxXV%2FBab1jY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 722efad1c9f29034-FRA

GET
H3 200 wp-pointer.min.css
www.redpacketsecurity.com/wp-includes/css/ 3 KB
1 KB 187ms
187ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/css/wp-pointer.min.css?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

ace0366eab1ff253f3ccc456913f0cd991bd1ead16846297ba62c40e2f0dcd5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 25 Jan 2022 21:10:27 GMT
server: cloudflare
etag: W/"61f06743-ca6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZ20Hf0tNDAfVlFZMuiUdVHgkkZL00dFwv0KzX9wrswlY1Yqr5FifF2WzlVnVTnIWBIzYeKbudiInssQ9%2BzgxFeDpBTVZYLCdA75P3%2BvR%2BiCw8OkObkRV4poFjyba8gvy9iWDbpxKqjFO%2FojgQPjSHCJxDdzZdo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 722efad1c9f49034-FRA

GET
H3 200 invisible.js Show response
www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/ 43 KB
16 KB 50ms
50ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1656504000
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07d8e06258039e45a3d2e1da8b1001e0c301135b485e85726abc4b306d473abb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EYNBaHxdjUDHknhhniflIYNceymXnUE6ntCFpNF0kO%2F5%2Fd36KRYNp9cyian4hb1DjN90zg3mwVu1JC6olH4p9gsiheSByCt8zVUKQCN6onBNxVidwBIG9AlwRsqPyBPPEoTjgN0Quh%2FU7hEeZyg4ylq5oJ5CC4g%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 722efad2fbb89034-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 email-decode.min.js Show response
www.redpacketsecurity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 44ms
44ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 14 Jun 2022 16:43:30 GMT
server: cloudflare
etag: W/"62a8bab2-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yp0ZTO1iz0JGjnP7ScEFfFPqd5ll%2FT3aMQN4%2FUJXuyxcllD8HW7WWDsmOnuchNITT1IRK8jBNIJ2GTfprEBFeo1w7dUnZtNhOe5O2w%2FFDxf2XL0OZg1EaYWYNFykKIUOL%2BbDIiOiN9Eag2lC8G2OWZKNXHILPAg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 722efad1c9f59034-FRA
vary: Accept-Encoding
expires: Fri, 01 Jul 2022 13:23:58 GMT

GET
H3 200 jquery.modal.min.css
www.redpacketsecurity.com/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/ 3 KB
2 KB 186ms
186ms Stylesheet
text/css 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/jquery.modal.min.css?ver=4.3.26

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

eaa593bcfe485f4b5a8ac997cf9936604f9fbef91652db94a8e22b75d612bfc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 29 Jun 2022 07:27:03 GMT
server: cloudflare
etag: W/"62bbfec7-c81"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eX9qEwUvedko7t%2BosHc0nJALmg21mf401Ia0L9c7mEcsrhe38sr7N6S%2BzJrkQgcFMG4ZzrQoUsbHl%2FxpLJDH%2FdqJHrW0JlOci3yhlKutAawMu4GUzpIuDnVVuOcREVOX%2FppUPx7bYoQVEVTLFy2jiSWQb5lv9kw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 722efad1c9f79034-FRA

GET
H3 200 rocket-loader.min.js Show response
www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 40ms
40ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 14 Jun 2022 16:43:30 GMT
server: cloudflare
etag: W/"62a8bab2-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qzspVMEA9ZY2sE%2FAFrYHzs2GdyvLR74nPuZ%2B4hwvxAFM%2BZ1rlXrVnHQBc9TuGsc9fE8AiqCjnDTJvMZBfqJGjzBZ1fd1%2BlM6J%2BQFP%2F63Wbn58yMLuXJLmV1gwRtCoePh6jMC%2BMxPgQVTeTSj6x3a6TlREF2lBjo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 722efad2fbb99034-FRA
vary: Accept-Encoding
expires: Fri, 01 Jul 2022 13:23:58 GMT

GET
H2 200 v652eace1692a40cfa3763df669d7439c1639079717194 Show response
static.cloudflareinsights.com/beacon.min.js/ 14 KB
5 KB 153ms
76ms Script
text/javascript 2606:4700:440e::6812:2fe6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:440e::6812:2fe6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer: https://www.redpacketsecurity.com/
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 722efad3880d9bee-FRA

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 head-back.jpg
www.redpacketsecurity.com/wp-content/themes/newsup-pro/images/ 214 KB
215 KB 105ms
104ms Image
image/jpeg 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/images/head-back.jpg

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

c304be164d697444f4c480c7052ca7a25708686194dec476c55fbd500599f29c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 219152
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: "62a9cb44-35818"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4%2BTvwa58NHzsIhgFi5HwqpaM6T7kwUWmBubK3eoWzX2V%2FS09e6zFCYfkLiniQSIBh2lnHz6hfhEPZcCk1Qh5gy8BSVRKu20pPgtHH6h4Cjb6ZgWJR4pp3gWAUDFK82lUlwW9qOs9gpJMO%2FH4bm8OnONxb7J0xps%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=43200
cf-polished: origSize=219160, status=webp_bigger
accept-ranges: bytes
cf-ray: 722efad4ce179034-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8Jpg.woff2
fonts.gstatic.com/s/worksans/v17/ 18 KB
18 KB 169ms
78ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/worksans/v17/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8Jpg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=ABeeZee%7CAbel%7CAbril+Fatface%7CAclonica%7CAcme%7CActor%7CAdamina%7CAdvent+Pro%7CAguafina+Script%7CAkronim%7CAladin%7CAldrich%7CAlef%7CAlegreya%7CAlegreya+SC%7CAlegreya+Sans%7CAlegreya+Sans+SC%7CAlex+Brush%7CAlfa+Slab+One%7CAlice%7CAlike%7CAlike+Angular%7CAllan%7CAllerta%7CAllerta+Stencil%7CAllura%7CAlmendra%7CAlmendra+Display%7CAlmendra+SC%7CAmarante%7CAmaranth%7CAmatic+SC%7CAmatica+SC%7CAmethysta%7CAmiko%7CAmiri%7CAmita%7CAnaheim%7CAndada%7CAndika%7CAngkor%7CAnnie+Use+Your+Telescope%7CAnonymous+Pro%7CAntic%7CAntic+Didone%7CAntic+Slab%7CAnton%7CArapey%7CArbutus%7CArbutus+Slab%7CArchitects+Daughter%7CArchivo+Black%7CArchivo+Narrow%7CAref+Ruqaa%7CArima+Madurai%7CArimo%7CArizonia%7CArmata%7CArtifika%7CArvo%7CArya%7CAsap%7CAsar%7CAsset%7CAssistant%7CAstloch%7CAsul%7CAthiti%7CAtma%7CAtomic+Age%7CAubrey%7CAudiowide%7CAutour+One%7CAverage%7CAverage+Sans%7CAveria+Gruesa+Libre%7CAveria+Libre%7CAveria+Sans+Libre%7CAveria+Serif+Libre%7CBad+Script%7CBaloo%7CBaloo+Bhai%7CBaloo+Da%7CBaloo+Thambi%7CBalthazar%7CBangers%7CBasic%7CBattambang%7CBaumans%7CBayon%7CBelgrano%7CBelleza%7CBenchNine%7CBentham%7CBerkshire+Swash%7CBevan%7CBigelow+Rules%7CBigshot+One%7CBilbo%7CBilbo+Swash+Caps%7CBioRhyme%7CBioRhyme+Expanded%7CBiryani%7CBitter%7CBlack+Ops+One%7CBokor%7CBonbon%7CBoogaloo%7CBowlby+One%7CBowlby+One+SC%7CBrawler%7CBree+Serif%7CBubblegum+Sans%7CBubbler+One%7CBuda%7CBuenard%7CBungee%7CBungee+Hairline%7CBungee+Inline%7CBungee+Outline%7CBungee+Shade%7CButcherman%7CButterfly+Kids%7CCabin%7CCabin+Condensed%7CCabin+Sketch%7CCaesar+Dressing%7CCagliostro%7CCairo%7CCalligraffitti%7CCambay%7CCambo%7CCandal%7CCantarell%7CCantata+One%7CCantora+One%7CCapriola%7CCardo%7CCarme%7CCarrois+Gothic%7CCarrois+Gothic+SC%7CCarter+One%7CCatamaran%7CCaudex%7CCaveat%7CCaveat+Brush%7CCedarville+Cursive%7CCeviche+One%7CChanga%7CChanga+One%7CChango%7CChathura%7CChau+Philomene+One%7CChela+One%7CChelsea+Market%7CChenla%7CCherry+Cream+Soda%7CCherry+Swash%7CChewy%7CChicle%7CChivo%7CChonburi%7CCinzel%7CCinzel+Decorative%7CClicker+Script%7CCoda%7CCoda+Caption%7CCodystar%7CCoiny%7CCombo%7CComfortaa%7CComing+Soon%7CConcert+One%7CCondiment%7CContent%7CContrail+One%7CConvergence%7CCookie%7CCopse%7CCorben%7CCormorant%7CCormorant+Garamond%7CCormorant+Infant%7CCormorant+SC%7CCormorant+Unicase%7CCormorant+Upright%7CCourgette%7CCousine%7CCoustard%7CCovered+By+Your+Grace%7CCrafty+Girls%7CCreepster%7CCrete+Round%7CCrimson+Text%7CCroissant+One%7CCrushed%7CCuprum%7CCutive%7CCutive+Mono%7CDamion%7CDancing+Script%7CDangrek%7CDavid+Libre%7CDawning+of+a+New+Day%7CDays+One%7CDekko%7CDelius%7CDelius+Swash+Caps%7CDelius+Unicase%7CDella+Respira%7CDenk+One%7CDevonshire%7CDhurjati%7CDidact+Gothic%7CDiplomata%7CDiplomata+SC%7CDomine%7CDonegal+One%7CDoppio+One%7CDorsa%7CDosis%7CDr+Sugiyama%7CDroid+Sans%7CDroid+Sans+Mono%7CDroid+Serif%7CDuru+Sans%7CDynalight%7CEB+Garamond%7CEagle+Lake%7CEater%7CEconomica%7CEczar%7CEk+Mukta%7CEl+Messiri%7CElectrolize%7CElsie%7CElsie+Swash+Caps%7CEmblema+One%7CEmilys+Candy%7CEngagement%7CEnglebert%7CEnriqueta%7CErica+One%7CEsteban%7CEuphoria+Script%7CEwert%7CExo%7CExo+2%7CExpletus+Sans%7CFanwood+Text%7CFarsan%7CFascinate%7CFascinate+Inline%7CFaster+One%7CFasthand%7CFauna+One%7CFederant%7CFedero%7CFelipa%7CFenix%7CFinger+Paint%7CFira+Mono%7CFira+Sans%7CFjalla+One%7CFjord+One%7CFlamenco%7CFlavors%7CFondamento%7CFontdiner+Swanky%7CForum%7CFrancois+One%7CFrank+Ruhl+Libre%7CFreckle+Face%7CFredericka+the+Great%7CFredoka+One%7CFreehand%7CFresca%7CFrijole%7CFruktur%7CFugaz+One%7CGFS+Didot%7CGFS+Neohellenic%7CGabriela%7CGafata%7CGalada%7CGaldeano%7CGalindo%7CGentium+Basic%7CGentium+Book+Basic%7CGeo%7CGeostar%7CGeostar+Fill%7CGermania+One%7CGidugu%7CGilda+Display%7CGive+You+Glory%7CGlass+Antiqua%7CGlegoo%7CGloria+Hallelujah%7CGoblin+One%7CGochi+Hand%7CGorditas%7CGoudy+Bookletter+1911%7CGraduate%7CGrand+Hotel%7CGravitas+One%7CGreat+Vibes%7CGriffy%7CGruppo%7CGudea%7CGurajada%7CHabibi%7CHalant%7CHammersmith+One%7CHanalei%7CHanalei+Fill%7CHandlee%7CHanuman%7CHappy+Monkey%7CHarmattan%7CHeadland+One%7CHeebo%7CHenny+Penny%7CHerr+Von+Muellerhoff%7CHind%7CHind+Guntur%7CHind+Madurai%7CHind+Siliguri%7CHind+Vadodara%7CHoltwood+One+SC%7CHomemade+Apple%7CHomenaje%7CIM+Fell+DW+Pica%7CIM+Fell+DW+Pica+SC%7CIM+Fell+Double+Pica%7CIM+Fell+Double+Pica+SC%7CIM+Fell+English%7CIM+Fell+English+SC%7CIM+Fell+French+Canon%7CIM+Fell+French+Canon+SC%7CIM+Fell+Great+Primer%7CIM+Fell+Great+Primer+SC%7CIceberg%7CIceland%7CImprima%7CInconsolata%7CInder%7CIndie+Flower%7CInika%7CInknut+Antiqua%7CIrish+Grover%7CIstok+Web%7CItaliana%7CItalianno%7CItim%7CJacques+Francois%7CJacques+Francois+Shadow%7CJaldi%7CJim+Nightshade%7CJockey+One%7CJolly+Lodger%7CJomhuria%7CJosefin+Sans%7CJosefin+Slab%7CJoti+One%7CJudson%7CJulee%7CJulius+Sans+One%7CJunge%7CJura%7CJust+Another+Hand%7CJust+Me+Again+Down+Here%7CKadwa%7CKalam%7CKameron%7CKanit%7CKantumruy%7CKarla%7CKarma%7CKatibeh%7CKaushan+Script%7CKavivanar%7CKavoon%7CKdam+Thmor%7CKeania+One%7CKelly+Slab%7CKenia%7CKhand%7CKhmer%7CKhula%7CKite+One%7CKnewave%7CKotta+One%7CKoulen%7CKranky%7CKreon%7CKristi%7CKrona+One%7CKumar+One%7CKumar+One+Outline%7CKurale%7CLa+Belle+Aurore%7CLaila%7CLakki+Reddy%7CLalezar%7CLancelot%7CLateef%7CLato%7CLeague+Script%7CLeckerli+One%7CLedger%7CLekton%7CLemon%7CLemonada%7CLibre+Baskerville%7CLibre+Franklin%7CLife+Savers%7CLilita+One%7CLily+Script+One%7CLimelight%7CLinden+Hill%7CLobster%7CLobster+Two%7CLondrina+Outline%7CLondrina+Shadow%7CLondrina+Sketch%7CLondrina+Solid%7CLora%7CLove+Ya+Like+A+Sister%7CLoved+by+the+King%7CLovers+Quarrel%7CLuckiest+Guy%7CLusitana%7CLustria%7CMacondo%7CMacondo+Swash+Caps%7CMada%7CMagra%7CMaiden+Orange%7CMaitree%7CMako%7CMallanna%7CMandali%7CMarcellus%7CMarcellus+SC%7CMarck+Script%7CMargarine%7CMarko+One%7CMarmelad%7CMartel%7CMartel+Sans%7CMarvel%7CMate%7CMate+SC%7CMaven+Pro%7CMcLaren%7CMeddon%7CMedievalSharp%7CMedula+One%7CMeera+Inimai%7CMegrim%7CMeie+Script%7CMerienda%7CMerienda+One%7CMerriweather%7CMerriweather+Sans%7CMetal%7CMetal+Mania%7CMetamorphous%7CMetrophobic%7CMichroma%7CMilonga%7CMiltonian%7CMiltonian+Tattoo%7CMiniver%7CMiriam+Libre%7CMirza%7CMiss+Fajardose%7CMitr%7CModak%7CModern+Antiqua%7CMogra%7CMolengo%7CMolle%7CMonda%7CMonofett%7CMonoton%7CMonsieur+La+Doulaise%7CMontaga%7CMontez%7CMontserrat%7CMontserrat+Alternates%7CMontserrat+Subrayada%7CMoul%7CMoulpali%7CMountains+of+Christmas%7CMouse+Memoirs%7CMr+Bedfort%7CMr+Dafoe%7CMr+De+Haviland%7CMrs+Saint+Delafield%7CMrs+Sheppards%7CMukta+Vaani%7CMuli%7CMystery+Quest%7CNTR%7CNeucha%7CNeuton%7CNew+Rocker%7CNews+Cycle%7CNiconne%7CNixie+One%7CNobile%7CNokora%7CNorican%7CNosifer%7CNothing+You+Could+Do%7CNoticia+Text%7CNoto+Sans%7CNoto+Serif%7CNova+Cut%7CNova+Flat%7CNova+Mono%7CNova+Oval%7CNova+Round%7CNova+Script%7CNova+Slim%7CNova+Square%7CNumans%7CNunito%7COdor+Mean+Chey%7COffside%7COld+Standard+TT%7COldenburg%7COleo+Script%7COleo+Script+Swash+Caps%7COpen+Sans%7COpen+Sans+Condensed%7COranienbaum%7COrbitron%7COregano%7COrienta%7COriginal+Surfer%7COswald%7COver+the+Rainbow%7COverlock%7COverlock+SC%7COvo%7COxygen%7COxygen+Mono%7CPT+Mono%7CPT+Sans%7CPT+Sans+Caption%7CPT+Sans+Narrow%7CPT+Serif%7CPT+Serif+Caption%7CPacifico%7CPalanquin%7CPalanquin+Dark%7CPaprika%7CParisienne%7CPassero+One%7CPassion+One%7CPathway+Gothic+One%7CPatrick+Hand%7CPatrick+Hand+SC%7CPattaya%7CPatua+One%7CPavanam%7CPaytone+One%7CPeddana%7CPeralta%7CPermanent+Marker%7CPetit+Formal+Script%7CPetrona%7CPhilosopher%7CPiedra%7CPinyon+Script%7CPirata+One%7CPlaster%7CPlay%7CPlayball%7CPlayfair+Display%7CPlayfair+Display+SC%7CPodkova%7CPoiret+One%7CPoller+One%7CPoly%7CPompiere%7CPontano+Sans%7CPoppins%7CPort+Lligat+Sans%7CPort+Lligat+Slab%7CPragati+Narrow%7CPrata%7CPreahvihear%7CPress+Start+2P%7CPridi%7CPrincess+Sofia%7CProciono%7CPrompt%7CProsto+One%7CProza+Libre%7CPuritan%7CPurple+Purse%7CQuando%7CQuantico%7CQuattrocento%7CQuattrocento+Sans%7CQuestrial%7CQuicksand%7CQuintessential%7CQwigley%7CRacing+Sans+One%7CRadley%7CRajdhani%7CRakkas%7CRaleway%7CRaleway+Dots%7CRamabhadra%7CRamaraja%7CRambla%7CRammetto+One%7CRanchers%7CRancho%7CRanga%7CRasa%7CRationale%7CRavi+Prakash%7CRedressed%7CReem+Kufi%7CReenie+Beanie%7CRevalia%7CRhodium+Libre%7CRibeye%7CRibeye+Marrow%7CRighteous%7CRisque%7CRoboto%7CRoboto+Condensed%7CRoboto+Mono%7CRoboto+Slab%7CRochester%7CRock+Salt%7CRokkitt%7CRomanesco%7CRopa+Sans%7CRosario%7CRosarivo%7CRouge+Script%7CRozha+One%7CRubik%7CRubik+Mono+One%7CRubik+One%7CRuda%7CRufina%7CRuge+Boogie%7CRuluko%7CRum+Raisin%7CRuslan+Display%7CRusso+One%7CRuthie%7CRye%7CSacramento%7CSahitya%7CSail%7CSalsa%7CSanchez%7CSancreek%7CSansita+One%7CSarala%7CSarina%7CSarpanch%7CSatisfy%7CScada%7CScheherazade%7CSchoolbell%7CScope+One%7CSeaweed+Script%7CSecular+One%7CSevillana%7CSeymour+One%7CShadows+Into+Light%7CShadows+Into+Light+Two%7CShanti%7CShare%7CShare+Tech%7CShare+Tech+Mono%7CShojumaru%7CShort+Stack%7CShrikhand%7CSiemreap%7CSigmar+One%7CSignika%7CSignika+Negative%7CSimonetta%7CSintony%7CSirin+Stencil%7CSix+Caps%7CSkranji%7CSlabo+13px%7CSlabo+27px%7CSlackey%7CSmokum%7CSmythe%7CSniglet%7CSnippet%7CSnowburst+One%7CSofadi+One%7CSofia%7CSonsie+One%7CSorts+Mill+Goudy%7CSource+Code+Pro%7CSource+Sans+Pro%7CSource+Serif+Pro%7CSpace+Mono%7CSpecial+Elite%7CSpicy+Rice%7CSpinnaker%7CSpirax%7CSquada+One%7CSree+Krushnadevaraya%7CSriracha%7CStalemate%7CStalinist+One%7CStardos+Stencil%7CStint+Ultra+Condensed%7CStint+Ultra+Expanded%7CStoke%7CStrait%7CSue+Ellen+Francisco%7CSuez+One%7CSumana%7CSunshiney%7CSupermercado+One%7CSura%7CSuranna%7CSuravaram%7CSuwannaphum%7CSwanky+and+Moo+Moo%7CSyncopate%7CTangerine%7CTaprom%7CTauri%7CTaviraj%7CTeko%7CTelex%7CTenali+Ramakrishna%7CTenor+Sans%7CText+Me+One%7CThe+Girl+Next+Door%7CTienne%7CTillana%7CTimmana%7CTinos%7CTitan+One%7CTitillium+Web%7CTrade+Winds%7CTrirong%7CTrocchi%7CTrochut%7CTrykker%7CTulpen+One%7CUbuntu%7CUbuntu+Condensed%7CUbuntu+Mono%7CUltra%7CUncial+Antiqua%7CUnderdog%7CUnica+One%7CUnifrakturCook%7CUnifrakturMaguntia%7CUnkempt%7CUnlock%7CUnna%7CVT323%7CVampiro+One%7CVarela%7CVarela+Round%7CVast+Shadow%7CVesper+Libre%7CVibur%7CVidaloka%7CViga%7CVoces%7CVolkhov%7CVollkorn%7CVoltaire%7CWaiting+for+the+Sunrise%7CWallpoet%7CWalter+Turncoat%7CWarnes%7CWellfleet%7CWendy+One%7CWire+One%7CWork+Sans%7CYanone+Kaffeesatz%7CYantramanav%7CYatra+One%7CYellowtail%7CYeseva+One%7CYesteryear%7CYrsa%7CZeyada&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3dbfd192961150faaa5762d0bf7a6fc352ae6db0e0bc505b815804a026016079

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 19:28:56 GMT
x-content-type-options: nosniff
age: 582902
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17996
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:13:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jun 2023 19:28:56 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v24/ 30 KB
31 KB 129ms
38ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v24/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C500%2C700%2C800%7CWork%2BSans%3A300%2C400%2C500%2C600%2C700%2C800%2C900%26display%3Dswap&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 17:08:21 GMT
x-content-type-options: nosniff
age: 72937
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30876
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 14:37:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 17:08:21 GMT

GET
H3 200 fa-brands-400.woff2
www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/font-awesome/webfonts/ 73 KB
74 KB 63ms
63ms Font
font/woff2 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/font-awesome/webfonts/fa-brands-400.woff2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/font-awesome/css/all.min.css?ver=5494467d91318570f42d5f3c69e98ca3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

fe85646af222500a866fd63beedb6ae00576c4afab4e0d28b15d9d6d92cb7da5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/font-awesome/css/all.min.css?ver=5494467d91318570f42d5f3c69e98ca3
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 74760
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: "62a9cb44-12408"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VXgWTXm4FF6uK1JmZ2GYw6VuNrqkhukbKQUATNh%2FVEpd5yK98m9cxp7JaAp%2BNiJSO5lA3NX5JWSvwGDhTPaNAePj%2FVpxXVCegqX3UVhyIEXOgLWpbDECbIjFCfr9oYFczRCEU00sQUDW4AjYgfGzOtulaTOrmgk%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 722efad4ce1e9034-FRA

GET
H3 200 fa-solid-900.woff2
www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/font-awesome/webfonts/ 74 KB
74 KB 182ms
181ms Font
font/woff2 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/font-awesome/webfonts/fa-solid-900.woff2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/font-awesome/css/all.min.css?ver=5494467d91318570f42d5f3c69e98ca3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

e348d772480f8c0e5fa546b3c531a38700ae16b5dad5defb5e67ade7f6d332e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/css/font-awesome/css/all.min.css?ver=5494467d91318570f42d5f3c69e98ca3
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 75392
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: "62a9cb44-12680"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Ban5N7qmHtq%2B7kHmgZf7le%2FE03iVDpCqwCQtasFtd4%2FVM%2BV%2FHB9zNfJ%2BjWhn9OmXqB4gQEm62TtXwYBW9aPj0uJCdUrEDXI1OLgxD85Gx7pzAT5UR39e4TLvBnEYW2hS0qE0M%2B7W%2BXIQVnX3gGsempE2HfodJW0%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 722efad4ce1f9034-FRA

GET
H3 200 custom-time.js Show response
www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/ 190 B
789 B 165ms
165ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/custom-time.js?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

878507828632957a2a0e471f1bfef8ef64ee4726f7fd03d05d77664823079fa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"f9-5e17b59d6f323-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gpjJv%2F8BWc9Bt1FapEoMiKoa63%2Bjt6FTqPg1%2FqdQbKAWJT54hPkIwfoJ3JwoY0K86Om9GeoYUldJ61gJ3Z0pWmgb9QmD3J62%2FtctsF0pOQW2nWzPsMaSbgYD5KEDwi%2B9aHJK4nsWZK9YaJJ2F%2BF6XEzCXWMD4a0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-accel-version: 0.01
cache-control: max-age=43200
cf-polished: origSize=249
cf-ray: 722efad4fe819034-FRA
cf-bgj: minify

GET
H3 200 custom.js Show response
www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/ 3 KB
1 KB 166ms
164ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/custom.js?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

c6e098655bf365af10393cec5be569becfba92d4b3374f5f409ceaa5a3b3bad6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"62a9cb44-13ca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7UkItfWkcLfA4aB79m7iWknh%2FVwmkj6whwfMlpn3unRqHRGtiooHOBLQOkImGKKX1Eyat87gMSXfvgtB1YQJFiPqjWJ5wohiRbId9cPnTQkw8CVoEZ223t%2BkLqUQaqjR4tm%2FIMoZrKDMwg9IkXY%2BkLtgI4reoHc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-polished: origSize=5066
cf-ray: 722efad4fe869034-FRA
cf-bgj: minify

GET
H3 200 jquery.modal.min.js Show response
www.redpacketsecurity.com/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/ 5 KB
2 KB 166ms
165ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/js-css/jquery.modal.min.js?ver=4.3.26

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

970d08b0edc4bfc0925495d8b11564f3c2fd368f745f7b3510a7fced11848894

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 29 Jun 2022 07:27:03 GMT
server: cloudflare
etag: W/"62bbfec7-136e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RHUbNikrSFl8sKJCVnMHrL5l0EmkUW8Y%2Fb553Rr7LaDvK2Egy7pNOKWjIX8Hg2%2FeE9lQGOM%2FWIV%2BbKp73VFsRDXhPUboCdaRshw6LB3DNEenqMUQdW08Mq9BicHyDCrPvGMfwD7O1%2Bs7xlApRC2wClUhMd3gd9I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fe889034-FRA

GET
H3 200 smush-lazy-load.min.js Show response
www.redpacketsecurity.com/wp-content/plugins/wp-smushit/app/assets/js/ 8 KB
4 KB 167ms
165ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.10.2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

b30169a38c7ecd17eefc119177c0c61337b17a8f1abfd337ac37284d1a04a65b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 20 Jun 2022 07:48:55 GMT
server: cloudflare
etag: W/"62b02667-1eee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4tlLEi0md4r7dbXVYakdJObelJpk9rfyRRwKqNHRZG7cb%2Bo490leAdZUfNbwSynZYTmMMbnkcEtEhyCJ4n9o6rDiUUJgwpqLsPapRulgB876MjQDH7XVNCsoDPYG8wLaY%2FHUWeFsobKhN0jNLc4aOPukrXvQsSg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fe8a9034-FRA

GET
H3 200 product-image-preview.min.js Show response
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/_common/js/ 3 KB
2 KB 167ms
163ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/_common/js/product-image-preview.min.js?ver=1.0.0

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

e8dfa93e316db0c0dd5d74f51997783f3517b8db6c7fa2461898ae5109c0b429

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 13 Jun 2022 19:27:37 GMT
server: cloudflare
etag: W/"62a78fa9-a19"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ujJnJpCSwe5r4HJhn693GibcgIKm2nghfntwWYr20Rh0iURyCSwmmh4JVZikpmuSxBKOzPTy14Vb9HQ9VP9nQLd5Haulbk3huQre%2B3Fezbguc0M3L6lcuBygrruYf%2BId%2FQVfv%2BShlzrv488QT4fsdElNfgpLRUM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fe8f9034-FRA

GET
H3 200 product-tooltip.min.js Show response
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/_common/js/ 1 KB
1 KB 168ms
164ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/template/_common/js/product-tooltip.min.js?ver=1.0.0

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

b9983e0f3bd212e1f920657c96ca9b0f3ef62e4b6ebbd153abd0f1791ecac4a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 13 Jun 2022 19:27:37 GMT
server: cloudflare
etag: W/"62a78fa9-4c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=op0wj8LCAmv%2FaWthS4hn2GXDOimyzMAfTA3Hv9GB0J8SEfBlHaBbqEXl9%2Byzg%2Fvo8%2FZvWAQlqao403L6HLfSkgFYVSvT8W5XRful4m4qSsppaP2qT2Rs7EPmKByLqfStAdeiYLsNt4M2UEjkDBsAyjH0bHE%2BEXU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fe919034-FRA

GET
H3 200 pointer-tooltip.min.js Show response
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/include/core/main/asset/js/ 597 B
939 B 168ms
164ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/include/core/main/asset/js/pointer-tooltip.min.js?ver=5.2.9

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

629a298422d20d6be3aad025c6ddce8681991408627b1bf76f3e88abce039d2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 13 Jun 2022 19:27:39 GMT
server: cloudflare
etag: W/"255-5e15947fc1074-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UzIPDtOiB0Gv2Vl%2FD9%2FQtAIwpu3kmOGQa3PxSeZF0OxJCcBPzXuDsQChTYNdGPAwewM4VPYufMsvo8pm5POkehKs95BPcdNWzb3vxQn51ufS%2Fi8lpbV%2FuJdEt3%2FTrPkxFgs67wW7bh0SFM%2FDzbGdHD6GuIMF6rA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-accel-version: 0.01
cache-control: max-age=43200
cf-ray: 722efad4fe929034-FRA

GET
H3 200 wp-pointer.min.js Show response
www.redpacketsecurity.com/wp-includes/js/ 4 KB
2 KB 173ms
169ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/js/wp-pointer.min.js?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

7688d6c0bc721a9708d4f280bfc926b6bb25e2386300a906a7fe5fa31a334bc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 28 May 2022 21:05:44 GMT
server: cloudflare
etag: W/"62928ea8-e25"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tMsbj2kGuiRrOIgI8hHr0IkhZI32Pw5qsKaMKHglTyKq0xwVGZGrnZg9BdhHREtQim2CyzDVjv4NT8L7mje2veipMmuVxv2rX1wQ7OY49ebVd%2FH2vWYsz02agLGBSYoSmT07zb0TaiZWDsvOarqbJzQZokXe1Tg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fe939034-FRA

GET
H3 200 i18n.min.js Show response
www.redpacketsecurity.com/wp-includes/js/dist/ 10 KB
4 KB 174ms
170ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

1dc4b29dd0acbed77ec2fd81036c33efd4ab5989e8182705a30615a00a0117f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 28 May 2022 21:05:44 GMT
server: cloudflare
etag: W/"62928ea8-27ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4laIft5nsZudkaVOOdmnjo%2BgcdCAHIA5WIu6Ge9ff5zSUzzeUgN2k4BlM5ldiKSXuwe6pDZM4jdbNXqNtt%2FLPvFlgFrcIN8o818hqVVz6Q3Ntdjy%2FVUL69Zq8Kaoc7WAW1sc9j1dgU2FSzafP8Uea%2FFJucWiGYo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fe949034-FRA

GET
H3 200 hooks.min.js Show response
www.redpacketsecurity.com/wp-includes/js/dist/ 5 KB
2 KB 174ms
170ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 28 May 2022 21:05:44 GMT
server: cloudflare
etag: W/"62928ea8-132e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b1S9CyBuTvuZ1ruIx8BTCu7YOI6okH%2F2mEeW028aRGg1WyuATT8K%2BPPTdn3lm8US7z8fbBeaYSis4mOc7fmophM3HWjbQesn1c%2BhBpxhjBjq3N3oXpQABfwtRQkSJMmt%2BuATgvpprJCOlNHYXWhMXabI8gg52VQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fe959034-FRA

GET
H3 200 wp-polyfill.min.js Show response
www.redpacketsecurity.com/wp-includes/js/dist/vendor/ 19 KB
8 KB 189ms
186ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

6fecb89a29ee2bd397bb1bf58ecaa530a76f0654db71fadefd3cc70b0bc302bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 28 May 2022 21:05:44 GMT
server: cloudflare
etag: W/"62928ea8-4ac6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BhViq5SCfFOb36DWKPhPsbVYQUbjvOZZC%2BsF2%2FDTLy%2BWtvP%2FSymKCnYaW1jv4Spfp%2FXurkh%2FaB7XcAgSUFp04MLr5Id2p8lJVPlEPdA7BGKclEcaX1zmGYhqIu6DhJOuLt3abuUwmnk02huyjNde4xVYHtyoTKM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fe989034-FRA

GET
H3 200 regenerator-runtime.min.js Show response
www.redpacketsecurity.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 190ms
186ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 28 May 2022 21:05:44 GMT
server: cloudflare
etag: W/"62928ea8-194b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xvUYwzhx7IPSl0RYD02%2FjuSrFJAAyOIkV%2Be8MRbsiqk8H7gVeuMfioZyY45T6%2BLT38uKRhnVfH18jAQBu3iHNusq4VowZKIv6KkHKBw23%2F1mFtdENeev08aKG2zqhpQnejFX9D55PZZxw%2Bq1JEfmvSuQOOWKpEY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fe999034-FRA

GET
H3 200 core.min.js Show response
www.redpacketsecurity.com/wp-includes/js/jquery/ui/ 20 KB
7 KB 190ms
186ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

240b702419d6c39ecc4896f0132ccfc9bc517e9aef0c782d99580e0c678b47d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 28 May 2022 21:05:44 GMT
server: cloudflare
etag: W/"62928ea8-50eb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=toIdBX1lVXPxMLnOFZhxiCCas2XNlHdsoudJsOA5L%2Br6AhWiEjg5qGp0EbCfQlm%2FExLlSVt9KGwmo99A19u16I8Pk4N5RAPQavYMAqMY%2B%2BPWnA68Gp0rpg%2F0S7JzyRHkNiT0Lx1Fog19o3NWG0DAwHXdbLhg5rI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fe9b9034-FRA

GET
H3 200 now-retrieving-updater.min.js Show response
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/include/core/component/unit/asset/js/ 3 KB
2 KB 191ms
188ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/include/core/component/unit/asset/js/now-retrieving-updater.min.js?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

62192a35a334d4401e348cf6774b25795b248972e116befa3405d9b9128a5473

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 13 Jun 2022 19:27:39 GMT
server: cloudflare
etag: W/"62a78fab-bd5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Af4N9XEbiXZj%2BTLZqVJSElxeyudEr9ho2soCVFdeQjxeY0GNPosPmEjRMwPzhoTCQM19F%2F1C3VLbuJ3HAx2Tp3c1uPnPULneGz1XmAmFWWgijKADoFIb2DS3sBBW1%2FzvklLFMOrxdTbLFfv6cO7f9osjk7qaDK4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fe9c9034-FRA

GET
H3 200 iframe-height-adjuster.min.js Show response
www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/include/core/main/asset/js/ 3 KB
2 KB 191ms
188ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/amazon-auto-links/include/core/main/asset/js/iframe-height-adjuster.min.js?ver=5.2.9

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

54cb0643a7f536436b00df60b5bf7d1c37f71d9cca5bc05246f958a2573d0fa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=8zRTlJHqtZ8SKJEz6jU8NbmaPqtdBgEAh2fIx7FzeZs-1656509038-0-AZESUESh6QUztGh64xPuYrO-4B__vOOaISaifCEIC1JbrGcsas6uvLqPX5N_pRyhmDcBH17EA1d8aKl6B25qaxE
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 13 Jun 2022 19:27:39 GMT
server: cloudflare
etag: W/"62a78fab-c5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JH7AaU%2Bn%2BJHh4eTTF%2FLc3pCFzcXNKwTT%2BSi7BSQwrxUfXNxsWO7J1R2xmVgqc%2FkraejcizXGxTzcUO%2FNlVvGyp5eulicrfyNU4HcLgRz002q7dQ2sfccvX65CKkOIJuQX2WnL8SoAnqXJubMEz8K4Bc5AEmwDzk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fe9d9034-FRA

GET
H3 200 app.js Show response
www.redpacketsecurity.com/wp-content/plugins/patreon-connect/assets/js/ 244 B
822 B 192ms
188ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/patreon-connect/assets/js/app.js?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

7d45256c95c1c245654bf298e27d9c538dc778a2ee050ba4678ac2a07f479869

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 24 Mar 2022 09:03:28 GMT
server: cloudflare
etag: W/"162-5daf31e91c8c6-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LjOu258oSW%2BOQMmWq6EhYj4poVo24vDL3pOS3Mj92jY8TX8efWiZHDxgM1%2FroAHN1%2Bs8lpuf2AavznQDisizOOcSLlSKkq2%2BtaBCko%2BranS9ujRo9iX74RlffT%2FoCe7%2B2L%2FNceUFQYEsX7aayFlXUpii%2BhcvBHI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-accel-version: 0.01
cache-control: max-age=43200
cf-polished: origSize=354
cf-ray: 722efad4fe9e9034-FRA
cf-bgj: minify

GET
H2 200 widget.js Show response
comments.app/js/ 9 KB
3 KB 147ms
44ms Script
application/javascript 149.154.164.13
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://comments.app/js/widget.js?2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.164.13 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

482f450b7fdbac6f9304643f3e731df20bf66c51fb0599fa9a734e5d102a9e2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: gzip
last-modified: Fri, 19 Jun 2020 23:54:45 GMT
server: nginx/1.20.1
etag: W/"5eed5045-2390"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 164 KB
56 KB 149ms
58ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1536334219562771

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b80be40c3c47f8526cd90de3e7548b90660e0a869c00ae84affe5e287f0bd1dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Origin: https://www.redpacketsecurity.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56590
x-xss-protection: 0
server: cafe
etag: 5539559663908291422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 29 Jun 2022 13:23:58 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 14 KB
5 KB 165ms
84ms Script
text/javascript 2606:4700:440e::6812:2fe6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:440e::6812:2fe6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 722efad57d3b9bbe-FRA

GET
H3 200 a01b5086.js Show response
www.redpacketsecurity.com/wp-content/uploads/caos/ 192 KB
69 KB 192ms
189ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/caos/a01b5086.js

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

7d853f12f80f4e85343c2bc6ee4ab226f479c09a0dfd46e00808ff0e32043293

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 29 Jun 2022 07:27:03 GMT
server: cloudflare
etag: W/"62bbfec7-303e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JMtvJuidNIzv2I%2BO%2B3I%2BU1tOrQy9paJDJUkPrzGSuIc2Zb%2FUcoGfh8kG5AHkQ024jpwMJ%2Br4%2FDiEDeo%2F0sSjg8nhOlCQRF3DnYSlzZlvi2sJt4rOoeMV%2BYt1oQUnTfoN5ZVVgXFWUHfR7PWfdfAzfnDb11M30lQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-polished: origSize=197603
cf-ray: 722efad4fea09034-FRA
cf-bgj: minify

GET
H3 200 a01b5086.js Show response
www.redpacketsecurity.com/wp-content/uploads/caos/ 192 KB
69 KB 194ms
191ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/caos/a01b5086.js?id=G-GN0W0LT7ZX

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

7d853f12f80f4e85343c2bc6ee4ab226f479c09a0dfd46e00808ff0e32043293

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 29 Jun 2022 07:27:03 GMT
server: cloudflare
etag: W/"62bbfec7-303e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ADTIBWWLjdDzYiW0QET6dnB7QjGR0aYXFti%2FQzp3lBkdA2gUf2kvUkmhSSgiUYlDa5utatUNQQcWksOqm4wuK1Y8SWLgq5rLZZiTXju4SUtq%2BcBJsbGWFfeXHG61IKLxIshbW6lppCd8IDg%2F%2BuRUNbX7FoYSnI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-polished: origSize=197603
cf-ray: 722efad4fea19034-FRA
cf-bgj: minify

GET
H3 200 front.min.js Show response
www.redpacketsecurity.com/wp-content/plugins/cookie-notice/js/ 8 KB
2 KB 208ms
205ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.3.0

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

c38bc4d28cb6dd5263a68b3efa74cd5b746f9083484871c54f4cd437c828b40e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 07 Jun 2022 06:42:50 GMT
server: cloudflare
etag: W/"629ef36a-20ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WlfDQ%2BgExbIJl6BVa%2FrWh6AdI0ZOz8YnScxDyU0JZbfExUsdkGG3g50nCcVXOQzbhZ1xiwvqjTv7LlHoVaIZnw72DUfqQ%2BJ2gGmJ6pQIYQsjRoUFyuWXQSmydMvDsKLPFBFdksRqIxyxFh6AyUvqDc2O5KTpqVc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fea29034-FRA

GET
H3 200 bootstrap-smartmenus.js Show response
www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/ 3 KB
2 KB 208ms
206ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/bootstrap-smartmenus.js?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

46489b4c55fb6dce029c4ebcaa74c9616a0a89dc3be3e0027d0113c698ed9968

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"62a9cb44-177b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Olq2QofCBe5XQGFfMgf1qeo2I%2BKfQYW3HQH84HWTJJ3Sj1Lt9aoishbVl29%2FjRwd7S3557sY5bL6mVsr4x6Mo4yLTonAPzQYFckkHuBJ9AihcJHpc4XRIcktbOA%2BrUAWyyPzp5A1bGi0dEHZegu%2FEb6kpH0lzM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-polished: origSize=6011
cf-ray: 722efad4fea39034-FRA
cf-bgj: minify

GET
H3 200 jquery.smartmenus.js Show response
www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/ 28 KB
9 KB 209ms
206ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/jquery.smartmenus.js?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

4247183ff111bcf12affd18ba0da4a7a1ff0b4e7e491db67b9562b58d6a29c88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"62a9cb44-b62e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0s8DgFUnbx%2F71DU2R%2Bn8lW2XrNg7YfFikYOP11pJsKp%2BtqxcOAFNEXrfiNq6x4Tg%2BCc6kq4X00RV2NKYrw%2BGca%2BE1JhJ3TCxCE%2FGeqfnCO3ov89oiX8hqY%2BxgT%2BZZkdGVetPEZwekJFCY1yMnB891zxeX%2FDOcqU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-polished: origSize=46638
cf-ray: 722efad4fea49034-FRA
cf-bgj: minify

GET
H3 200 main.js Show response
www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/ 314 B
817 B 217ms
214ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/main.js?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

9691e8c38e89f0117aa9aab7dc706fa84ff4c18279a0769cfd90579c897922c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"271-5e17b59d6f323-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jl%2BVIaa2oWQOxugiBTS187pn92VPqsaehDR0qd2DcMJ2JP4pPfPOHUnNTsZAwyJvtRoFtVq5NpRztCSftXMtEzU1msNmQCxGsdP9SuZUmTNRqsFpZYjTzzIFwj8M4w%2FEmSZVL0BzpbYUPRxYZSW%2FSC5iL0OZ6WU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-accel-version: 0.01
cache-control: max-age=43200
cf-polished: origSize=625
cf-ray: 722efad4fea59034-FRA
cf-bgj: minify

GET
H3 200 jquery.marquee.min.js Show response
www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/ 9 KB
3 KB 217ms
215ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/jquery.marquee.min.js?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

f7ec795d6ca0df8d0083c41b1a57aed9a3500897442639a0c24999a749eed08a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"62a9cb44-2383"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ra0e2d2RF%2FRp0CitF3IfmDLIowmcO%2F0ioxehfUix3tMKV3oV6VWivTOCmldgZrAWqkdkuEQIrvqNXGQLaBFjb7EIBQv0IrP19NAtWCGbzvey%2FZDuv2Zfr0E%2FVSi0h1%2FGOF6lgY%2Bjt4eqCTRDvW0ZPNNXSeZJpA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fea69034-FRA

GET
H3 200 owl.carousel.min.js Show response
www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/ 23 KB
7 KB 217ms
215ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/owl.carousel.min.js?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

6c1e31700f68d1666de6b0992e89d413434707718bf729a472404029845bdbad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"62a9cb44-5d80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ixurya8FA88TvcjPaSWSDCsVjtFv9mqZ4mwqb6DuP8bDNog%2FLfq06Pr%2F6yfCgroufG5ECGKPtbgkd6BtqIkdOgpqIQo9OgL6sK0vQt%2FFNwSl8syrqM9gilmhOvuoNtb9%2Fs2OZcbFOEP%2B1KrJXr4fE5%2BRTNwo8yE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4fea79034-FRA

GET
H3 200 bootstrap.js Show response
www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/ 88 KB
21 KB 224ms
221ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/bootstrap.js?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

da3e511b908f924d06bcd56a2274b737f070823715600c460dc5d593b276f961

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"62a9cb44-22150"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rPr5aAeqRn%2FIX7J08yfn4bhSJxVJMfZVdNF0Ze9fiwAsLDk5m1F9lXwF%2FztT5CSiJXnrAa%2BNhuNWvXJoO5F6IFNBzBY5%2FkTavfgXu%2Bt0QidYsv61VmoYliXWt7Ek1Gy%2F3Xrpf7B1MPs3OCazngFEC08TI2ssF98%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-polished: origSize=139600
cf-ray: 722efad4fea89034-FRA
cf-bgj: minify

GET
H3 200 navigation.js Show response
www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/ 1 KB
1 KB 225ms
223ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/themes/newsup-pro/js/navigation.js?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

975fcd769077c94bff0b689fbe3ad59e461ea7c948870bd979d21ad4716ecee9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 15 Jun 2022 12:06:28 GMT
server: cloudflare
etag: W/"62a9cb44-938"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7RG0kttPQCqTcZl10j%2FEmGTquTuPEsUC9mbCvibiIPBwG5eIt8QzTBu5ivHqDY4XTSJ0chIRMuP8AUHcoiJLjgdyBoak7yH%2FxOmEWHe6QdB%2BanW1Rszh3sk1nSSaJVv55bXh7ifKhvFrKiBXer9FDN2MB5UlOBA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-polished: origSize=2360
cf-ray: 722efad4fea99034-FRA
cf-bgj: minify

GET
H3 200 jquery-migrate.min.js Show response
www.redpacketsecurity.com/wp-includes/js/jquery/ 11 KB
5 KB 225ms
223ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 22 Dec 2020 15:30:09 GMT
server: cloudflare
etag: W/"5fe21101-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tQfv%2BgCEsUa3MWZxc34pIDWAS%2BNKjK4LOfzXjAVM%2BVojOj%2FH3lhp1xR%2Bec6h6jiqZwgMKrF2souIZnRxGPZLwxvc48jZEdbQ4ANpXyQSPlJX54DPNNRroevdrSTyBkPStoOhyI9ClMigBb3pOEKAYmpefse2J7M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4feaa9034-FRA

GET
H3 200 jquery.min.js Show response
www.redpacketsecurity.com/wp-includes/js/jquery/ 87 KB
32 KB 226ms
223ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 28 Jul 2021 06:20:01 GMT
server: cloudflare
etag: W/"6100f711-15db1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JwOYaJZb7EAmodOeR%2BfN8ASAh8W02NTzbCrtWJDS0kGWiwpEb%2B5CkYp7HOzkSpd5LsrhGwyrqi1YxULZkTiEIFMA6YcsWcBihDq3s%2FbKz0yed1N5bk92AFWYh%2BvYrkU2iO8oNrPXiZLFfGqomo4v5%2F0x8dSXI78%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad4feab9034-FRA

GET
H3 200 s.js Show response
www.redpacketsecurity.com/cdn-cgi/zaraz/ 6 KB
3 KB 225ms
225ms Script
text/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redpacketsecurity.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyQmxhY2slMjBCYXN0YSUyMFJhbnNvbXdhcmUlMjBWaWN0aW0lM0ElMjBOZXclMjBQZW9wbGVzJTIwQmFuayUyMC0lMjBSZWRQYWNrZXQlMjBTZWN1cml0eSUyMiUyQyUyMnglMjIlM0EwLjkzNTgzNjUzNDkwNzQ3ODIlMkMlMjJ3JTIyJTNBMTYwMCUyQyUyMmglMjIlM0ExMjAwJTJDJTIyaiUyMiUzQTEyMDAlMkMlMjJlJTIyJTNBMTYwMCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnd3dy5yZWRwYWNrZXRzZWN1cml0eS5jb20lMkZibGFjay1iYXN0YS1yYW5zb213YXJlLXZpY3RpbS1uZXctcGVvcGxlcy1iYW5rJTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bce29a0dfdf11c6e73b8ec94c69dfecda8c55e4052403f5605725fdfa9f6ec3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://www.redpacketsecurity.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gySIcs7Y270SacX3JpZmm3hLEke7fgZYdRZnlHVBBf4Y85Hj405swLZvFi3hJ4u5glz0h0Duz6xPO0b8gI%2B%2B9l0Era7Y82i6nSJQxwtBjx2qkwX%2Fk2qrdOJqUWwj8lVw330DuOnB%2Bqb47JbKOlZL6i9go3ln35Q%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 600
access-control-allow-credentials: true
cf-ray: 722efad4feac9034-FRA
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 2122-2.png
www.redpacketsecurity.com/wp-content/uploads/2022/06/ 466 B
1 KB 221ms
221ms Image
image/webp 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/2022/06/2122-2.png

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

b33ad250798eef9bd3379f3e7a9eeb55bd49bc718063bdaf568b7ed9dc3f4b9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
vary: Accept, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
cf-polished: origFmt=png, origSize=613
content-disposition: inline; filename="2122-2.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 466
last-modified: Wed, 29 Jun 2022 11:02:59 GMT
server: cloudflare
x-powered-by: PleskLin
etag: "265-5e29418a03a67"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iaQSwVkK5ob6xLkTv8g47zbyFC7lKLOlWRGQHUpYZVKwgGtPujNxPHIDLOfwN2g1%2BKDnInSdYYY53KHYv3fOU3C0gVU6TGJ3OEo%2BpR2QfQx%2FenrNZY6huWiHUsaqeibR%2BG%2FMM27JLy7FbpdTJ%2FVM4IaIBSkJ1Eo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-accel-version: 0.01
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 722efad50eb19034-FRA
cf-bgj: imgq:100,h2pri

GET
H3 200 Basta.png
www.redpacketsecurity.com/wp-content/uploads/2022/06/ 3 KB
3 KB 221ms
221ms Image
image/webp 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/2022/06/Basta.png

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

c96a3e443478227892693b5f48368af1720b31a64c703dbe7dd7acb85ae0e14d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
vary: Accept, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
content-disposition: inline; filename="Basta.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2804
last-modified: Tue, 07 Jun 2022 21:44:06 GMT
server: cloudflare
etag: "629fc6a6-d51"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W6PnH7Q5Bv6bHTogA5LJqYPpFmt8bVqsYXaqCKT28RR%2B7FXDnMxKGOV0Qf4RL16oT716Y2LdY%2F0X%2Ful9hFnUmeZvI3P7pnRtAHtWWyrCi4%2F4CFIdOTaF%2BJO6oTLecZD74OhJAFs1NCOKWv%2FKOAmSLTNbh2%2B%2Be2Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=43200
cf-polished: origFmt=png, origSize=3409
accept-ranges: bytes
cf-ray: 722efad50eb39034-FRA
cf-bgj: imgq:100,h2pri

GET
H3 200 Cobalt-Strike.jpg
www.redpacketsecurity.com/wp-content/uploads/2021/11/ 145 KB
146 KB 221ms
221ms Image
image/jpeg 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/2021/11/Cobalt-Strike.jpg

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

00ab36d5573ceab85b1bc2de3ff62f4a9402bdc7c8a9749ac58c7037aa4bd2b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:58 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 148817
last-modified: Tue, 09 Nov 2021 23:11:50 GMT
server: cloudflare
etag: "618b0036-25696"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zCPq7fniLdEuv8WnTNgqON5xkvM2lRKpMsAb%2B5hee%2BR93XllAHATG9W972hl9UaN5V588TyoCbD4KCAhULMupY2eQZ2wKGr495B74PeA9LvhTUSD8Rkr3jZ8QNjHOSVdvNuoaQsNSpQEN4kA6yIanaBfqaUC2hs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=43200
cf-polished: origSize=153238, status=webp_bigger
accept-ranges: bytes
cf-ray: 722efad50eb49034-FRA
cf-bgj: imgq:100,h2pri

GET
H3

200

/
www.google.de/pagead/1p-conversion/4209956877/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/4209956877/?guid=ON&random=1656509525378&fst=1656509038886&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fb...
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/4209956877/?guid=ON&random=649849245&fst=1656509038886&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecuri...
https://www.google.com/pagead/1p-conversion/4209956877/?guid=ON&random=649849245&fst=1656509038886&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-...
https://www.google.de/pagead/1p-conversion/4209956877/?guid=ON&random=649849245&fst=1656509038886&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-r...

42 B
0

132ms
54ms

Fetch
image/gif

2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.de/pagead/1p-conversion/4209956877/?guid=ON&random=649849245&fst=1656509038886&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&tiba=Black+Basta+Ransomware+Victim%3A+New+Peoples+Bank+-+RedPacket+Security&u_tz=0&u_his=10&ig=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=b1K8YoLrDJW-lgSR2JWoAg&cid=CAQSKQCNIrLMJtLOrYkq2ht4jVwo8p0PgHoFAG6_I-1pAAnutWnUdvCSTY-X&random=2324084328&ipr=y&prhg=0

Protocol

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:23:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:23:59 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-conversion/4209956877/?guid=ON&random=649849245&fst=1656509038886&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&tiba=Black+Basta+Ransomware+Victim%3A+New+Peoples+Bank+-+RedPacket+Security&u_tz=0&u_his=10&ig=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=b1K8YoLrDJW-lgSR2JWoAg&cid=CAQSKQCNIrLMJtLOrYkq2ht4jVwo8p0PgHoFAG6_I-1pAAnutWnUdvCSTY-X&random=2324084328&ipr=y&prhg=0
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/4209956877/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/4209956877/?guid=ON&random=1656509525378&fst=1656509038886&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketse...
https://www.google.com/pagead/1p-user-list/4209956877/?guid=ON&random=1656509525378&fst=1656507600000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-bas...
https://www.google.de/pagead/1p-user-list/4209956877/?guid=ON&random=1656509525378&fst=1656507600000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-bast...

42 B
0

132ms
50ms

Fetch
image/gif

2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.de/pagead/1p-user-list/4209956877/?guid=ON&random=1656509525378&fst=1656507600000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&tiba=Black+Basta+Ransomware+Victim%3A+New+Peoples+Bank+-+RedPacket+Security&u_tz=0&u_his=10&is_vtc=1&random=2190249940&ipr=y

Protocol

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:23:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:23:59 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/4209956877/?guid=ON&random=1656509525378&fst=1656507600000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&tiba=Black+Basta+Ransomware+Victim%3A+New+Peoples+Bank+-+RedPacket+Security&u_tz=0&u_his=10&is_vtc=1&random=2190249940&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 wp-emoji-release.min.js Show response
www.redpacketsecurity.com/wp-includes/js/ 18 KB
5 KB 55ms
55ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-includes/js/wp-emoji-release.min.js?ver=5494467d91318570f42d5f3c69e98ca3

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 28 May 2022 21:05:44 GMT
server: cloudflare
etag: W/"62928ea8-48b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cqyXncoWH6yPaRpPVVm3N87gwP74ss9873io96l2%2FmPKhVE1c4gQrbrsuWLntf2QUXqcLYTBHA3yC2ISGPcIBwhEQnWNzVpPMIppZ9S29MZJzbF1KSqICjGckCABWpEkzADafDte2sy%2B1MBVvQLMVK4LYVXJ6%2Fo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 722efad698969034-FRA

POST
H2 204 collect
analytics.google.com/g/ 0
354 B 130ms
48ms Ping
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-GN0W0LT7ZX&gtm=2oe6r0&_p=1984713907&_z=ccd.v9B&_gaz=1&cid=561496504.1656509039&ul=en-us&sr=1600x1200&_s=1&sid=1656509039&sct=1&seg=0&dl=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&dt=Black%20Basta%20Ransomware%20Victim%3A%20New%20Peoples%20Bank%20-%20RedPacket%20Security&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.site_speed_sample_rate=1
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/uploads/caos/a01b5086.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:23:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.redpacketsecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
354 B 142ms
47ms Ping
text/plain 2a00:1450:400c:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-GN0W0LT7ZX&cid=561496504.1656509039&gtm=2oe6r0&aip=1
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/uploads/caos/a01b5086.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:23:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.redpacketsecurity.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 a01b5086.js Show response
www.redpacketsecurity.com/wp-content/uploads/caos/ 192 KB
69 KB 54ms
54ms Script
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/caos/a01b5086.js

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

7d853f12f80f4e85343c2bc6ee4ab226f479c09a0dfd46e00808ff0e32043293

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5787
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 29 Jun 2022 07:27:03 GMT
server: cloudflare
etag: W/"62bbfec7-303e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rM7RjALHZCvrVOqgvq0m3w9OkQ%2BzYY4gNssE6L%2FUrWL5kgfcr56gl%2F1ADpUtkN5hUQ5qhoBqDzkZkj3C%2BNIW8JUFGa3ljVdNfEDMb1cK%2FvBxbiP4WTiGzjdb%2BUbY7R5lPyvm34WFBTvDLxUZnh6xSdiD%2Fe58z6M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-polished: origSize=197603
cf-ray: 722efad6c8e19034-FRA
cf-bgj: minify

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206270101/ 340 KB
120 KB 138ms
61ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206270101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com&bust=31068232

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1536334219562771

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

daa7570536a241579efb1eca60b9b8b3e30d171663777c0ca3011414a42cfc61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122508
x-xss-protection: 0
server: cafe
etag: 7159627652184417607
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 29 Jun 2022 13:23:59 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220623/r20190131/ Frame 4BEE 10 KB
5 KB 38ms
38ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220623/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1536334219562771

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 62528
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4414
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Jun 2022 20:01:51 GMT
etag: 10429905676100781186
expires: Tue, 12 Jul 2022 20:01:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view Show response
comments.app/embed/ Frame C5F5 7 KB
3 KB 54ms
54ms Document
text/html 149.154.164.13
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Black%20Basta%20Ransomware%20Victim%3A%20New%20Peoples%20Bank%20-%20RedPacket%20Security&limit=5&color=E22F38

Requested by

Host: comments.app
URL: https://comments.app/js/widget.js?2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.164.13 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

c1c4a5cd21da66fc405d7f029b47796497445dca00c11f9fb8eca2f90a171a5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
content-encoding: gzip
content-length: 2554
content-type: text/html; charset=utf-8
date: Wed, 29 Jun 2022 13:23:59 GMT
pragma: no-cache
server: nginx/1.20.1
strict-transport-security: max-age=31536000; includeSubDomains; preload

GET
H3 200 Basta.png
www.redpacketsecurity.com/wp-content/uploads/2022/06/ 3 KB
3 KB 58ms
58ms Image
image/webp 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/2022/06/Basta.png

Requested by

Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.10.2

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

c96a3e443478227892693b5f48368af1720b31a64c703dbe7dd7acb85ae0e14d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
vary: Accept, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5787
x-powered-by: PleskLin
content-disposition: inline; filename="Basta.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2804
last-modified: Tue, 07 Jun 2022 21:44:06 GMT
server: cloudflare
etag: "629fc6a6-d51"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cnjeFfu4zFF2XGZ6uof5BgG7b0VZVzFFF%2FY1OlpWglz%2Fwfh3B3pxLmLTqugtaNhhdXfZv7t1m%2FfJglM5pxrW4hF2s0gax5gS%2BnGT%2FIDR13Z9uttNV10UKkaLu7Zir9piq2PYpr6Fs8idjn8opU3jUa57mHZRmyo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=43200
cf-polished: origFmt=png, origSize=3409
accept-ranges: bytes
cf-ray: 722efad719699034-FRA
cf-bgj: imgq:100,h2pri

GET
H3 200 cropped-cropped-redpacketsecurity-banner.webp
www.redpacketsecurity.com/wp-content/uploads/2022/01/ 860 B
1 KB 57ms
57ms Image
image/webp 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/2022/01/cropped-cropped-redpacketsecurity-banner.webp

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

4cb636b91baa2ce444767df4b186194cd84ce5740b196123d3da1e2ead84e245

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 860
last-modified: Wed, 15 Jun 2022 09:09:51 GMT
server: cloudflare
etag: "35c-5e178e2382617"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qANmevsCf%2BP6JBZr29uEAm1lF2VDAs41G%2F9Dr04RfbfMgjjAqywPVJtRlCaxt6dFeOOEJK%2FcH%2BBS%2FYyF2BwL0oqCqcaq7SILN0begEtBxj7BQXEj6qnEu96FqLAzYls41BVey%2Blfz%2BEz198SmVXz%2FAKDfJ%2FwgSY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-accel-version: 0.01
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 722efad7196b9034-FRA

GET
H3 200 pica.js
www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/ 18 KB
7 KB 50ms
50ms Other
application/javascript 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0bb10a2d723e30af4234cc3dcc1a82702a390c01ebe7f3171bfb1f42be2f0d09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gz4CSnvdfgZsFMa4xzq%2F8lztF6VJB2%2BjT5EIKx3OD%2FhD0bWfxnaQBk4GSRVZgyrl3ZO7oWA%2FkmJVvTwZoB1X8Y8FQ%2FAGD%2B3UDkCAQHlvIKNRMwAC3HCwVAlzSqkDFxDpdkybd1IDNbSUHOw2h3UVd5mXfWE4DDw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 722efad7297b9034-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 smush-placeholder.png
www.redpacketsecurity.com/wp-content/plugins/wp-smushit/app/assets/images/ 136 B
860 B 51ms
50ms Image
image/webp 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.redpacketsecurity.com/wp-content/plugins/wp-smushit/app/assets/images/smush-placeholder.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

ae394bf43bc39f7c6b3f439de04f6b75288d849a0ecae5000a2452546063647c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
vary: Accept, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5786
cf-polished: origFmt=png, origSize=995
content-disposition: inline; filename="smush-placeholder.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 136
last-modified: Mon, 20 Jun 2022 07:48:55 GMT
server: cloudflare
x-powered-by: PleskLin
etag: "3e3-5e1dc55ffc272"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O9FPwobGlmfAX0mLTppJTFdkoBz%2B3Hw%2BtHyGdkFyajkZz5qO68NXbeWV4srTClhnpbTnRb0UUVdqvS3l4oTzrvt9E8DVoFYOTmviLJSvP5cS4E5PPTi0%2BBppl%2Br1qnJlNW2o2V6nzzUEMrpY3M0GC5HYpt5Y808%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-accel-version: 0.01
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 722efad729839034-FRA
cf-bgj: imgq:100,h2pri

GET
H3 200 loading.gif
www.redpacketsecurity.com/wp-admin/images/ 1 KB
2 KB 170ms
169ms Image
image/gif 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.redpacketsecurity.com/wp-admin/images/loading.gif

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

6d53299eeb9516dbba670ceeb55e8e5ce2186edb71518f6a1bd16553308f17c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1372
last-modified: Thu, 16 Jan 2020 19:35:16 GMT
server: cloudflare
etag: "5e20baf4-55c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XShsfV9FdfmvN5b7OMcDFbsFzLHfEzHrItOvTGQVOVAEUHagIV4PIYlpD2Yg%2BXB74asS57SxV4CrzS2n2cMtaGVIuQ9M5FQGqaHNCskd55Cpte8Si9JAxnhGUA1L5XqaLPSsp1NULs%2BXVPhgyG7%2Bs5d7wGuWlbE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
accept-ranges: bytes
cf-ray: 722efad739959034-FRA

POST
H3 200 rum Show response
www.redpacketsecurity.com/cdn-cgi/ 0
173 B 50ms
39ms XHR
text/plain 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.redpacketsecurity.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
content-type: application/json

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.redpacketsecurity.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 722efad739979034-FRA
vary: Origin

GET
H3 200 css
fonts.googleapis.com/ Frame C5F5 4 KB
621 B 123ms
46ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500

Requested by

Host: comments.app
URL: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Black%20Basta%20Ransomware%20Victim%3A%20New%20Peoples%20Bank%20-%20RedPacket%20Security&limit=5&color=E22F38

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 12:44:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Jun 2022 13:23:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Jun 2022 13:23:59 GMT

GET
H2 200 bootstrap.min.css
tg.dev/css/ Frame C5F5 42 KB
10 KB 234ms
89ms Stylesheet
text/css 104.222.176.10
SEABONE-NET TELEC...

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/css/bootstrap.min.css?3

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-a61b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=345600
expires: Sun, 03 Jul 2022 13:23:59 GMT

GET
H2 200 bootstrap-extra.css
tg.dev/css/ Frame C5F5 70 KB
13 KB 236ms
91ms Stylesheet
text/css 104.222.176.10
SEABONE-NET TELEC...

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/css/bootstrap-extra.css?2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

6342d16a93416b5e826f6d0e0e930ef033efb682851ae46270f3c4f5b4a1c194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-11648"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=345600
expires: Sun, 03 Jul 2022 13:23:59 GMT

GET
H2 200 widget-frame.css
tg.dev/css/ Frame C5F5 83 KB
22 KB 279ms
134ms Stylesheet
text/css 104.222.176.10
SEABONE-NET TELEC...

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/css/widget-frame.css?59

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

37e87643d88538a3667dd0cf9aded067e0a52bc47e4b3a901a5c3c0a3b3a453b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
last-modified: Fri, 18 Mar 2022 10:32:52 GMT
server: nginx/1.18.0
etag: W/"62345fd4-14ddc"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=345600
expires: Sun, 03 Jul 2022 13:23:59 GMT

GET
H2 200 comments.css
comments.app/css/ Frame C5F5 83 KB
20 KB 90ms
89ms Stylesheet
text/css 149.154.164.13
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://comments.app/css/comments.css?31

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.164.13 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

e450af4a7c4974ea3ff324b629876380e0ca9605333a57152a953310c4a4661a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Black%20Basta%20Ransomware%20Victim%3A%20New%20Peoples%20Bank%20-%20RedPacket%20Security&limit=5&color=E22F38
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
last-modified: Fri, 24 Jul 2020 12:57:13 GMT
server: nginx/1.20.1
etag: W/"5f1adaa9-14b98"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css

GET
H2 200 jquery.min.js Show response
tg.dev/js/ Frame C5F5 94 KB
38 KB 326ms
181ms Script
application/javascript 104.222.176.10
SEABONE-NET TELEC...

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-1762a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sun, 03 Jul 2022 13:23:59 GMT

GET
H2 200 jquery-ui.min.js Show response
tg.dev/js/ Frame C5F5 96 KB
32 KB 324ms
179ms Script
application/javascript 104.222.176.10
SEABONE-NET TELEC...

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/jquery-ui.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

eb46d82ef6f86859f18e379660e0f45b85c6f69fa97111905f0c125a08506376

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-181a9"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sun, 03 Jul 2022 13:23:59 GMT

GET
H2 200 bootstrap.min.js Show response
tg.dev/js/ Frame C5F5 31 KB
10 KB 283ms
138ms Script
application/javascript 104.222.176.10
SEABONE-NET TELEC...

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/bootstrap.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

b5e930df6a2976d5df996e18b347e091756699ea32716dc53d0e1c0fd814c526

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
server: nginx/1.18.0
etag: W/"5a05e7c6-7d0d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sun, 03 Jul 2022 13:23:59 GMT

GET
H2 200 main-aj.js Show response
tg.dev/js/ Frame C5F5 34 KB
10 KB 282ms
138ms Script
application/javascript 104.222.176.10
SEABONE-NET TELEC...

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/main-aj.js?58

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

e28b35a3da8773aebff732255cd50f4693c5bc2b6906f7a0d2b9f76060d0a2e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
last-modified: Fri, 03 Jun 2022 13:37:51 GMT
server: nginx/1.18.0
etag: W/"629a0eaf-88ea"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sun, 03 Jul 2022 13:23:59 GMT

GET
H2 200 tgsticker.js Show response
tg.dev/js/ Frame C5F5 14 KB
4 KB 281ms
137ms Script
application/javascript 104.222.176.10
SEABONE-NET TELEC...

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/tgsticker.js?27

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

8ba64ea38909392d4cabab89c686db48a38780d9a9efa30d8cc20980c21f7946

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
last-modified: Sat, 09 Apr 2022 12:24:06 GMT
server: nginx/1.18.0
etag: W/"62517ae6-38ec"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sun, 03 Jul 2022 13:23:59 GMT

GET
H2 200 telegram-widget.js Show response
oauth.tg.dev/js/ Frame C5F5 19 KB
6 KB 155ms
51ms Script
application/javascript 104.222.176.10
SEABONE-NET TELEC...

General

Check archive.org

Show headers Download Go to

Full URL

https://oauth.tg.dev/js/telegram-widget.js?19

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

60c62e0e44a2b4a1116d28f8a69f20c108cc84b5c173060d134a6ec083e12240

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
last-modified: Thu, 14 Apr 2022 10:47:14 GMT
server: nginx/1.18.0
etag: W/"6257fbb2-4a0b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sun, 03 Jul 2022 13:23:59 GMT

GET
H2 200 widget-frame.js Show response
tg.dev/js/ Frame C5F5 84 KB
23 KB 280ms
136ms Script
application/javascript 104.222.176.10
SEABONE-NET TELEC...

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.dev/js/widget-frame.js?56

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

333995c0787761614afd94b2c38133bcfc513b40caa1e2708e65a8ff89e707c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
last-modified: Thu, 23 Dec 2021 02:02:36 GMT
server: nginx/1.18.0
etag: W/"61c3d8bc-14ff3"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sun, 03 Jul 2022 13:23:59 GMT

GET
H2 200 comments.js Show response
comments.app/js/ Frame C5F5 81 KB
22 KB 90ms
90ms Script
application/javascript 149.154.164.13
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://comments.app/js/comments.js?35

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.154.164.13 London, United Kingdom, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.20.1 /

Resource Hash

aa441bf5f2ac8c608371513bad73ea45ad6dc8b7c50e3c6841af81147d0b96ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://comments.app/embed/view?website=S_Epbvwz&page_url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&origin=https%3A%2F%2Fwww.redpacketsecurity.com&page_title=Black%20Basta%20Ransomware%20Victim%3A%20New%20Peoples%20Bank%20-%20RedPacket%20Security&limit=5&color=E22F38
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
last-modified: Tue, 17 Nov 2020 20:59:36 GMT
server: nginx/1.20.1
etag: W/"5fb439b8-142f4"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript

POST
H3 200 722efaccda519107 Show response
www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/cv/result/ 2 B
740 B 61ms
60ms XHR
text/plain 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/cv/result/722efaccda519107
Requested by: Host: www.redpacketsecurity.com
URL: https://www.redpacketsecurity.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1656504000
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FEKr8fDftkKXSmkuxvJPucOSpuCimDN%2B0mPc%2BBw8a%2FiCgoP2KH74g8eNkcmGo5Ethde4jd9XC8FeIcEprlv2oke1QRXx3Ad3F26UI0ZjNiie%2BoCKJsbY6mOyYRvciNdo%2BgMbmpcP5Qv%2Bs4c8fcoc2TAQjxCel3w%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 722efad92c5a9034-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 225 B
655 B 128ms
45ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.redpacketsecurity.com&callback=_gfp_s_&client=ca-pub-1536334219562771

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206270101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1536334219562771&plah=www.redpacketsecurity.com&bust=31068232

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

52bbb80de38a831973b2eef5325fa01354cae1a031376ded2f93b2a1de53fa94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 211
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C5F5 694 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76216b6c25b768e5bee4b758dacfef993b3e87cc2d7fd9bf192bd685d1ae9bfb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame C5F5 706 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b28d8e93ecf9067ff746e514c79ad5adc53cc00965630bfe0b118cf80f7bf065

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C5F5 16 KB
16 KB 113ms
37ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://comments.app
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 12:56:05 GMT
x-content-type-options: nosniff
age: 174474
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Jun 2023 12:56:05 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C5F5 15 KB
15 KB 117ms
41ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://comments.app
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 19:07:55 GMT
x-content-type-options: nosniff
age: 152164
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Jun 2023 19:07:55 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 130ms
47ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.redpacketsecurity.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 128ms
45ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.redpacketsecurity.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 70ms
70ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&tn=DIV&id=cookie-notice&cls=cookie-revoke-hidden%20cn-position-bottom%20cn-effect-fade%20cn-animated%20cookie-notice-visible&ign=false&pw=1600&ph=1200&x=1575&y=1175

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:23:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B6BF 42 KB
6 KB 182ms
180ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&adk=1812271804&adf=3025194257&lmt=1656500643&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039165&bpp=3&bdt=902&idt=385&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8545601013669&frm=20&pv=2&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=405

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5fdfb2304fc4b4ce74cdc70e83a8d62bdd46b3bfd0a69abea17fe490faec746c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 5822
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 13:23:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 135ms
58ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220623&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

898bb33c4d697683d384a3ac69acba30a8eaefb8591c54bb287a3eb445dc0278

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10616
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame C5F5 112 KB
29 KB 50ms
49ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=M+PLUS+Rounded+1c:wght@700&display=swap

Requested by

Host: tg.dev
URL: https://tg.dev/css/widget-frame.css?59

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f1c5e16c3abc728ef3c7eb1ff66fc5b15f08232156bae6493e37becbd1b2f01d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tg.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 12:42:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Jun 2022 13:23:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Jun 2022 13:23:59 GMT

GET
H3 200 PATREON-SQUARE-300x300.jpg
www.redpacketsecurity.com/wp-content/uploads/2021/05/ 18 KB
19 KB 51ms
51ms Image
image/jpeg 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/2021/05/PATREON-SQUARE-300x300.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

2c6c5fa1a182530d794b033ee34f4a2d9e0b12db9ca65d696d79c6862f63a801

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5781
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18596
last-modified: Wed, 12 May 2021 10:31:12 GMT
server: cloudflare
etag: "609bae70-4af9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ei3kBULg8t4EaSvDQUR0JsyptNbXa40AXQ7%2FaT4ndQYfbzJpxrWZF6nY62iXMIUbT2QPwpcIAOf6ScGz3uKqHd0kjFHsvswow3sL6VG1T7Wu9jg0XpQnSQxIWzvN8dHeNKH0ZjbUiEcB%2FmwlG9rNzHkKnEAUBT8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=43200
cf-polished: origSize=19193, status=webp_bigger
accept-ranges: bytes
cf-ray: 722efad98cc19034-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 132ms
48ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 29 Jun 2022 13:23:59 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 122ms
46ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.redpacketsecurity.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 122ms
46ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.redpacketsecurity.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 29 Jun 2022 13:23:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0938 436 B
232 B 189ms
189ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=401700074&adf=3899895289&pi=t.aa~a.1129142743~i.8~rp.1&w=1038&fwrn=4&fwrnh=100&lmt=1656500643&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=6266461316&psa=0&ad_type=text_image&format=1038x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rh=200&rw=1037&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=3&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0&nras=2&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=90&ady=1541&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=V9qQDhEz1r&p=https%3A//www.redpacketsecurity.com&dtd=19

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a3557561f3fca1c3bab36778cfeb2a9990aa86a23e50d64216f1f1a46adb571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 13:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6E76 91 KB
33 KB 1426ms
1425ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ab9923ddf87ea918721ca60169271da941bbdc98c55793246a8b3c1dd4cc25cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 33540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 13:24:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3129 65 KB
22 KB 704ms
703ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=gTSH63IVYS&p=https%3A//www.redpacketsecurity.com&dtd=57

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

019dbff595e10442fcdc74c8cba3419c88100517861d3bca0ab49164a1338448

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 22175
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 13:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5CDA 96 KB
34 KB 1145ms
1145ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

43124dcb89fbed91eb7ab07811071065ae32e74a4f682bc11a2654c826220007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 34348
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 13:24:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3FF1 95 KB
33 KB 934ms
933ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a813f571283df3b4c18c535c9f408ae4897bf5e4d46faa8adeee189d8f732672

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 33999
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 13:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D9C8 73 KB
24 KB 542ms
541ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=90&adk=2234643338&adf=1237150122&pi=t.aa~a.3524117837~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=1200x90&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=1&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280%2C353x280&nras=7&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4548&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=lDKDtZwD4x&p=https%3A//www.redpacketsecurity.com&dtd=67

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

342125f8b526a75dd8ed829225c6a23af06249bf360efc2962c340cacd3fe517

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 24467
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 13:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3741 13 KB
5 KB 116ms
38ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 587
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 13:14:13 GMT
expires: Thu, 29 Jun 2023 13:14:13 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 43EC 783 B
535 B 47ms
47ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ed975bb9abdeeb1bbfdbade21b8fda090b77d786cc2fa4c6b4577ffc33530d5d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-pNtPH-9KJWM8v_0xAiBeQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.redpacketsecurity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-pNtPH-9KJWM8v_0xAiBeQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 13:23:59 GMT
expires: Wed, 29 Jun 2022 13:23:59 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 43EC 0
0 104ms
104ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220623&jk=506695731728135&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 ViAmyRY-LKGlXGI_ktt9sOy-HRzFpgmS9L9D6qSMV6s.js Show response
pagead2.googlesyndication.com/bg/ Frame 3741 36 KB
14 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ViAmyRY-LKGlXGI_ktt9sOy-HRzFpgmS9L9D6qSMV6s.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

562026c9163e2ca1a55c623f92db7db0ecbe1d1cc5a60992f4bf43eaa48c57ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 11:45:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5900
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13935
x-xss-protection: 0
last-modified: Tue, 21 Jun 2022 16:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Jun 2023 11:45:40 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3741 0
9 B 37ms
37ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?dKswbg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 Digital-Patreon-Wordmark_FieryCoralv2-1024x209.png
www.redpacketsecurity.com/wp-content/uploads/2021/01/ 9 KB
9 KB 55ms
54ms Image
image/webp 2606:4700:20::ac43:4810
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.redpacketsecurity.com/wp-content/uploads/2021/01/Digital-Patreon-Wordmark_FieryCoralv2-1024x209.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4810 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

798519ce47ff93dbb094e3bb3ee857bea4dfd1dfaa919bd0f3ea2a91479bec9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:00 GMT
vary: Accept, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 181
x-powered-by: PleskLin
content-disposition: inline; filename="Digital-Patreon-Wordmark_FieryCoralv2-1024x209.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8722
last-modified: Sun, 03 Jan 2021 14:16:16 GMT
server: cloudflare
etag: "5ff1d1b0-3eab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WKBKRgs3PCCQIk6jZxrcoc6RUodLANgrOkL85dr3PVzOHZ4VzhJm9rHZkBL64KvHfpzu1h2ZGzmXpHXu2DVIAFVY94Q6mjIxDvnTDFcPqinkAdfdSTaXQkAs6HoakP5RsBab4Ke2DwZfzenrqvAkEQggKYLXaR4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=43200
cf-polished: origFmt=png, origSize=16043
accept-ranges: bytes
cf-ray: 722efadeecd89034-FRA
cf-bgj: imgq:100,h2pri

GET
H2 200 fa287546e1d5bd0678894d5c227e456c.js Show response
www.gstatic.com/mysidia/ Frame D9C8 10 KB
5 KB 124ms
37ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fa287546e1d5bd0678894d5c227e456c.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=90&adk=2234643338&adf=1237150122&pi=t.aa~a.3524117837~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=1200x90&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=1&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280%2C353x280&nras=7&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4548&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=lDKDtZwD4x&p=https%3A//www.redpacketsecurity.com&dtd=67

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd49219477a365773f010355db7e75d2430693594965a28d835d7c579536948f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101899
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4351
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 00:04:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 09:05:41 GMT

GET
H2 200 db2e47a9a3671f527cf86ca9ac22fc67.js Show response
www.gstatic.com/mysidia/ Frame D9C8 10 KB
4 KB 125ms
39ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/db2e47a9a3671f527cf86ca9ac22fc67.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3fbe67fed994d974916f80939f43e83889b033b3a565f349f26255620037a4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101899
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4277
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 00:04:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 09:05:41 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D9C8 8 KB
893 B 48ms
47ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 12:44:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Jun 2022 13:24:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Jun 2022 13:24:00 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame D9C8 2 KB
902 B 38ms
37ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 250
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:19:50 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/ Frame D9C8 21 KB
8 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:18:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 305
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:18:55 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame D9C8 3 KB
1 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 206
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:20:34 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame D9C8 17 KB
7 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:13:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 637
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:13:23 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D9C8 0
0 46ms
45ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQakXVrzo2VeaH9ziCWIKSf5mYjT15KOT8qzNTZWFQWJoZB9SaRMzJND8yEAyrW2tKYoSpyOxy51SDi0Lu1utG0oC9idQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=90&adk=2234643338&adf=1237150122&pi=t.aa~a.3524117837~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=1200x90&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=1&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280%2C353x280&nras=7&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4548&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=lDKDtZwD4x&p=https%3A//www.redpacketsecurity.com&dtd=67
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D9C8 138 KB
42 KB 186ms
103ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 29 Jun 2022 13:24:00 GMT

GET
H3 200 21b2dfe42abab24529e209ac1efa07c6.js Show response
www.gstatic.com/mysidia/ Frame D9C8 31 KB
13 KB 116ms
37ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/21b2dfe42abab24529e209ac1efa07c6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 07:02:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22865
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13060
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 20:43:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 27 Sep 2022 07:02:55 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/11800230475030986862/ Frame D9C8 2 KB
2 KB 38ms
38ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11800230475030986862/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c46e975fc3535ada808fc824ed124688634e1eca90f8e5fbd18a821e9e80068f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 12:55:51 GMT
x-content-type-options: nosniff
age: 88089
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1730
x-xss-protection: 0
last-modified: Thu, 20 Dec 2018 14:42:28 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 28 Jun 2023 12:55:51 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D9C8 0
0 85ms
84ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CAYU7b1K8YpqzPLaezLUPiNG0kAG3kvCDYrDapcPODsPSiKKUGhABILWvoCdglZqagqwHoAGV9vDeA8gBAakCpTX3jFCjsT6oAwGqBI0CT9ADU_iI7HBSbsEqqVrdBkANN2G2DhfsiOWkLjDiOYmX8fCMWQLtCj4ztWppO2lbwoLtQcQgFy5szQ243E9j8ly1ThJAHJ6hI5mXs4fnPzHeCUpYV7RhABonKyKBv6OcIKGS0FkPFM9yrp4IeJZPrQ-2Ucb7lr3YhwLJXfQK5tLaMHxkGzP5t2Lzi-hbgYOJk8KSOCHKdJvzWf4RZkOew3Q7sOBjhGLtyHjONxlfMGCQxCbbF0AAiGXeEGSgr64Fnmlyb8n4sqlAL7a5nDZ_yDjH5TVpTYLQQbQ625_3ZYQjacZNABT22zS-iY3897GHWs5410PZIN0LoeCRpA14zFKg5X-k87aidHeQ5InABM_0yOPyAZIFBAgEGAGSBQQIBRgEgAfTiY8hqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwMQ7UDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDIgUAtAVAYAXAbIXHAoaCAASFHB1Yi0xNTM2MzM0MjE5NTYyNzcxGAA&sigh=RJwfoWTNqFg&uach_m=[UACH]&template_id=5001

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=90&adk=2234643338&adf=1237150122&pi=t.aa~a.3524117837~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=1200x90&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=1&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280%2C353x280&nras=7&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4548&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=lDKDtZwD4x&p=https%3A//www.redpacketsecurity.com&dtd=67
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 29 Jun 2022 13:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5C4A 143 B
163 B 37ms
36ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=90&adk=2234643338&adf=1237150122&pi=t.aa~a.3524117837~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=1200x90&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=1&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280%2C353x280&nras=7&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4548&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=lDKDtZwD4x&p=https%3A//www.redpacketsecurity.com&dtd=67
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1994
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 12:50:46 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D29F 1 KB
749 B 37ms
37ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 27016
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 05:53:44 GMT
etag: 48472445140208031
expires: Thu, 30 Jun 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D9C8 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e11a59dd88d8cb969b8297e9e6e2cdd1012edaa60435e3c8330d90529af863cb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 3129 8 KB
893 B 48ms
48ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=gTSH63IVYS&p=https%3A//www.redpacketsecurity.com&dtd=57

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 12:44:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Jun 2022 13:24:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Jun 2022 13:24:00 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 3129 2 KB
902 B 39ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 250
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:19:50 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/ Frame 3129 21 KB
8 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:18:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 305
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:18:55 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 3129 3 KB
1 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 206
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:20:34 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 3129 17 KB
7 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:13:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 637
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:13:23 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3129 138 KB
43 KB 103ms
53ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 29 Jun 2022 13:24:00 GMT

GET
H3 200 21b2dfe42abab24529e209ac1efa07c6.js Show response
www.gstatic.com/mysidia/ Frame 3129 31 KB
13 KB 83ms
39ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/21b2dfe42abab24529e209ac1efa07c6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 07:02:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22865
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13060
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 20:43:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 27 Sep 2022 07:02:55 GMT

GET
H2 200 /
track.seadform.net/adfserve/ Frame 3129 35 B
0 198ms
57ms Fetch
image/gif 37.157.4.40
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.seadform.net/adfserve/?bn=54461400;1x1inv=1;srctype=3;ord=3371293618

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.40 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
expires: -1

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3129 0
0 80ms
80ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CZbOrb1K8YqrqO4bB0_wP4Nuk-Am3yqnjaua4p870D7ivyKT-LxABILWvoCdglZqagqwHoAHI5NeKA8gBAakC8k2SO72ksT6oAwGqBJECT9Atq6wYFYTONzJ2CX_-6Us1vvgAtuzqGWKIDvA8n3Hr1PrT7l3O8JUhRCp5e5JTH78xEu3sPI5uqsQmFBi4nyssIGMormr2MEqPhKNHKlC7MuQjCyVE7E8e0wwW5pNvaZsMZoUS_wEpdUvyS4Ye6QAJ9u10R6ThLxj8hTqaTE_gFm2nf09a5wgyZePMYA23D1iWrZ9bMNoZ6uAfg8ucvADJxqsQgVxHZ-QRX6iNcCl4prIv8h2DuOtM-3QsTg7RKfD_ArqBwMO8Mnlbfk6lzZTr08WH9C4k8Gdd5GiaD7Mpds4ztfV8Ok1vKKx4HbAWPV6gR2SdEs6lFi4g4Mi1HQgvCVeDIwb0uKuTC5OPxF1gwATbgJydjQSSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAYAHoJuodagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEENm7AdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTE1MzYzMzQyMTk1NjI3NzEYAA&sigh=hcHWT3rNpro&uach_m=[UACH]&template_id=5007

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=gTSH63IVYS&p=https%3A//www.redpacketsecurity.com&dtd=57
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 29 Jun 2022 13:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5433359793388361045/ Frame 3129 2 KB
2 KB 61ms
60ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5433359793388361045/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7147639902c3336843e877d3245dc6adc61ffca9b8aa61ab591b50491e13c9cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 14:16:58 GMT
x-content-type-options: nosniff
age: 601622
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1904
x-xss-protection: 0
last-modified: Fri, 24 Sep 2021 12:26:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 22 Jun 2023 14:16:58 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/8144808980298310868/ Frame 3129 967 B
994 B 60ms
58ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8144808980298310868/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b280d1cc19c24e39b526105b152d8458a53f9ac9a338d40daca2c7bed1c90034

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 11:37:02 GMT
x-content-type-options: nosniff
age: 6418
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 967
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 16:03:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 29 Jun 2023 11:37:02 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame D29F 35 B
462 B 132ms
42ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJBdCjHWMPPJM6f4gBGC0Go&google_cver=1&google_push=ARnp8GCTSnQW0R3Y0C6Dikpke3pL6AhlERohAhkF6pu6Bnjzdk6EpxpPl89AP_Qvjs7tGGt2RRZXDJY12g64qWkpKb_J7_IA

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D29F
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEJo_LOFA_6oW7ZGCUvk5lr0&google_cver=1&google_push=ARnp8GBP4NzpIufufHhR1ucO5YhjGxxhktXxyTO-jQpvvaVnZyeGUoNVHfoNDLOY0rEl2e8_hsZU30HRoe1x-OyMKgdzldxb
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ARnp8GBP4NzpIufufHhR1ucO5YhjGxxhktXxyTO-jQpvvaVnZyeGUoNVHfoNDLOY0rEl2e8_hsZU30HRoe1x-OyMKgdzldxb&google_hm=Q0FFU0VKb19MT0ZBXzZvVzdaR...

170 B
188 B

101ms
54ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ARnp8GBP4NzpIufufHhR1ucO5YhjGxxhktXxyTO-jQpvvaVnZyeGUoNVHfoNDLOY0rEl2e8_hsZU30HRoe1x-OyMKgdzldxb&google_hm=Q0FFU0VKb19MT0ZBXzZvVzdaR0NVdms1bHIw

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 29 Jun 2022 13:23:59 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ARnp8GBP4NzpIufufHhR1ucO5YhjGxxhktXxyTO-jQpvvaVnZyeGUoNVHfoNDLOY0rEl2e8_hsZU30HRoe1x-OyMKgdzldxb&google_hm=Q0FFU0VKb19MT0ZBXzZvVzdaR0NVdms1bHIw
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D29F
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GCmDfg2...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GCmDfg2...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MjkxMzI0MDEwMDA2OTQ2MjYzODE5Mg%3D%3D&google_push=ARnp8GCmDfg2STzNTPqbE7dCdu2arkxVhEjMhTphsQBHvuJva5TzarQYqzM7jrWZDz56ZZ...

170 B
188 B

47ms
47ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MjkxMzI0MDEwMDA2OTQ2MjYzODE5Mg%3D%3D&google_push=ARnp8GCmDfg2STzNTPqbE7dCdu2arkxVhEjMhTphsQBHvuJva5TzarQYqzM7jrWZDz56ZZKiAQX0pj1xLGLI9cgqPPbVK2DJ3A

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MjkxMzI0MDEwMDA2OTQ2MjYzODE5Mg%3D%3D&google_push=ARnp8GCmDfg2STzNTPqbE7dCdu2arkxVhEjMhTphsQBHvuJva5TzarQYqzM7jrWZDz56ZZKiAQX0pj1xLGLI9cgqPPbVK2DJ3A
pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Wed, 29 Jun 2022 13:24:01 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame D29F 43 B
134 B 155ms
54ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEMmriXffsUqwkC_ZHZYKibE&google_cver=1&google_push=ARnp8GBEdw1MBb88vFtJMIhYr3T7loD6pa1NOQ4wXKSbSKIDIVFc0iaIXjNbsXNZ-fEQiroI2hWJ4J7bRVqukxbvTKF8CPxlbQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=90&adk=2234643338&adf=1237150122&pi=t.aa~a.3524117837~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=1200x90&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=1&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280%2C353x280&nras=7&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4548&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=lDKDtZwD4x&p=https%3A//www.redpacketsecurity.com&dtd=67
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: o6ligs92t62716tenlpdhco2emm9nl14

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame D29F 0
41 B 329ms
49ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKz49wHjuWyUJOSOhqWiWDk&google_cver=1&google_push=ARnp8GAtgjWIoM4op0fvxsDQCZHpb-Q092V5LCCapbPSp_IQQgErRYwif7gsWyg3FBq6qR2IZ9iKsajWNCwH1i-KXYZvQCdG4Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=90&adk=2234643338&adf=1237150122&pi=t.aa~a.3524117837~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=1200x90&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=1&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280%2C353x280&nras=7&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4548&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=lDKDtZwD4x&p=https%3A//www.redpacketsecurity.com&dtd=67
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D29F
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMTrQVCe8oUW4Of8YryJf6E&google_cver=1&google_push=ARnp8GA_cvbV35btVhUHuXMcC9tAFsyFQmA8ccKrCWtnJLpx6ZrQvW4I10Jiz8akGmFEI5-rJhi...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPNjUtMVQtS0pCUg==&google_push=ARnp8GA_cvbV35btVhUHuXMcC9tAFsyFQmA8ccKrCWtnJLpx6ZrQvW4I10Jiz8akGmFEI5-rJhiPdd9WgZ7vfKo5Op6G4SF7CA

170 B
188 B

132ms
55ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPNjUtMVQtS0pCUg==&google_push=ARnp8GA_cvbV35btVhUHuXMcC9tAFsyFQmA8ccKrCWtnJLpx6ZrQvW4I10Jiz8akGmFEI5-rJhiPdd9WgZ7vfKo5Op6G4SF7CA

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPNjUtMVQtS0pCUg==&google_push=ARnp8GA_cvbV35btVhUHuXMcC9tAFsyFQmA8ccKrCWtnJLpx6ZrQvW4I10Jiz8akGmFEI5-rJhiPdd9WgZ7vfKo5Op6G4SF7CA
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D29F
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_push=AR...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GBYUPWF6RqF-hrsUZJD2lXSpoqjTwuNz...

170 B
188 B

60ms
54ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GBYUPWF6RqF-hrsUZJD2lXSpoqjTwuNzAJKoX0mT_Bw7QynsJKvKSDO9nv8a4Q0aUWC5h-twnwboPu0GgFworLtVXl6FQ

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mgl6EKagcIoTE8tjaX5dhnH%2F0Owhqd%2BeSFbQvvlP2tLpqUPGA774KSryWGEUIuW9J9kmYSpqXVzbMFtA8GR1SyAV2q0ieXBGqjEBp71kzNJSw879mjLkL7%2BuIwLrrb8sSUU3gEAw2OL%2BZw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GBYUPWF6RqF-hrsUZJD2lXSpoqjTwuNzAJKoX0mT_Bw7QynsJKvKSDO9nv8a4Q0aUWC5h-twnwboPu0GgFworLtVXl6FQ
cache-control: no-cache
cf-ray: 722efae17bf09960-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame D29F 0
40 B 157ms
52ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ia_YwWE-suWw5M1BY_tbAmYxre9gzEjNMsg7D5ImRtLA4BjyZCZcFP6gUKywZfWiTpdg_A

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:00 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5C4A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

65ms
64ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 13:24:00 GMT
expires: Wed, 29 Jun 2022 13:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 13:24:00 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8663 143 B
163 B 39ms
38ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=gTSH63IVYS&p=https%3A//www.redpacketsecurity.com&dtd=57
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1994
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 12:50:46 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C37E 1 KB
749 B 37ms
37ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 27016
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 05:53:44 GMT
etag: 48472445140208031
expires: Thu, 30 Jun 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 106ms
105ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220623&jk=506695731728135&bg=!WlmlWR3NAAa8IIBmnCA7ACkAdvg8WhQRJpeW_GXD1yX9ZVrxkrle-JyTrkX2tpWChC6S0PJeNjQlRwIAAABIUgAAAAFoAQcKAF35gjO4KaYOs8VEiRKHzucqjV7u4RNZzZaWHjlOAkgLn9S63t_NisUDSWh2XCG0TDPkuxCIO0dF4PSwFQ-fkQ00PD24aP5gLHMr5Qp8T-kiFb1RAHtxmytJCoOH4d-ZAqHnQp61RvSiMyoYHserOY65n37g3P0lukIMXC_aBf6dLsb4lkE1RDShItzvOFMGr-ZD756pZbVI6YITAciiPEpG87dBjH1Zi1LTVE67RpJ3DunXzEx_AQV-bJ1xPtXULgQaaOUpNogOoY1T2gJ0kL-x-Jj9yS4A5B4-TFJH_Q7VI0F7g9iNXT2XrGkqC5Ebp-n_4J0x5cNsv0XSf_Kwxy7NQDv-_OS8eVZgIJNi9BymrO0onot_wJWuIi0ZQ-nGakVgMEXUmz1VJ_-lXwOKdRvUiIfHB_c_fKOgY4JqGprvmG5B5xLUGawIv3NY1ib35KMopD1vidEU3_63lgzJKsYBa_oBF30eQcVfZiRQUfgNF7zons8B25-232nXDqrBwuJ23PicPOCCtojNL969-ES7vdq9be7bL7tb_CtzD2mKm-0gLUOajkytVftiY_hqzZHAxx_y6h3ZjRLl4pF0-c1rtSziYAL8zpIWapgZRHYlch13DJQMJvikbTNT-xUQAEFObQ4PVHnutjLYG6Ku24Df-w7iWZDqAnHjKgpiqAq0nY0EnMYCNUGbUiO-OdK6KvHqE6XmttQGhUlBB5MfU9IxJj8FXnf8NYfVdlhJ5MJ12alsfThqqybJSbwdfCHPM7t51pmuZ2uAWeIn6XB7wmAO3b7tbeiFIl2jsft4Di9iMmb56zBckzK86w-xTJ_73x2m8EYdde9sTAkK_UnioUNgTgdXXfi0psD4jxkR7yqrbStTSxXKzhewfOYL8ETt9BQC5C0IVuYlRceRWHtybhgYFw5X9SQKlRgG_YNc7zGGxVLHiBfJ3KXaUkgv4Xul7MZcy7yjmM5QTiMzcMa_83ZJCo4pdKXdOL5hI7WBYZUO8Ssd8Ffe3Dod5MgU6wlYSxjO
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.redpacketsecurity.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 3129 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81f4e3d22360404c617b9a25ee0b9f8e0da0528e16f37e56b6a95e75d30d7036

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame C37E 35 B
463 B 70ms
41ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJBdCjHWMPPJM6f4gBGC0Go&google_cver=1&google_push=ARnp8GD3bmgYBM3sdvrFC43CxcgZSlZwNr811cQFeTcS0HeHtoc0bKksOo8nSdjItrumitIVPybj3zyn9cmZSf9vBk5-umS-ixA

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C37E
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DARnp8GCBxF1LE9ShBPbtImLghDWNIrnOFUaJ5st29C9...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXJ4U2NBQUFCWUczaXpmWA&google_push=ARnp8GCBxF1LE9ShBPbtImLghDWNIrnOFUaJ5st29C9yeAWdreVVTihNuu0yTTZof7O1p69j4w21jcNG3jy3zTO_BuDzhqJll_Bm

170 B
188 B

55ms
54ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXJ4U2NBQUFCWUczaXpmWA&google_push=ARnp8GCBxF1LE9ShBPbtImLghDWNIrnOFUaJ5st29C9yeAWdreVVTihNuu0yTTZof7O1p69j4w21jcNG3jy3zTO_BuDzhqJll_Bm

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXJ4U2NBQUFCWUczaXpmWA&google_push=ARnp8GCBxF1LE9ShBPbtImLghDWNIrnOFUaJ5st29C9yeAWdreVVTihNuu0yTTZof7O1p69j4w21jcNG3jy3zTO_BuDzhqJll_Bm
Date: Wed, 29 Jun 2022 13:24:00 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame C37E 43 B
356 B 144ms
47ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEHCE8_SDTaXgcK-bBtGxU_8&google_push=ARnp8GBNQdtlPAZDaj2cVSX0riGw8m0cVCU6NOjm5G3SmnH74r_jP61-XG6TCG9Rzqln9rXKgFrly-DsQrOIJwCdfi2nx_gm0Rs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=gTSH63IVYS&p=https%3A//www.redpacketsecurity.com&dtd=57
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame C37E 43 B
350 B 92ms
53ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEMmriXffsUqwkC_ZHZYKibE&google_cver=1&google_push=ARnp8GCLRJ8QUK-VBDfpofwUnu1gWqgrdZs_wYfYzYuuhJ1ndcMybUfu2TsiBW_YqLIqwLCGKJUv43AZu4OCpEIYmtmFxIcXOnNi
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=gTSH63IVYS&p=https%3A//www.redpacketsecurity.com&dtd=57
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 0soqhu1obrlq10ns2t2ao8oooviuornv

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame C37E 0
166 B 267ms
48ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKz49wHjuWyUJOSOhqWiWDk&google_cver=1&google_push=ARnp8GAqWeN8fataCt5wh2JqrojLssgkVvkwDJ0UCcSGYWUEyFkArMxaozIt0dhETttyS6yrRNQ945oMQXiF_rW4qlva8z3lfe4F
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1749&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=gTSH63IVYS&p=https%3A//www.redpacketsecurity.com&dtd=57
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C37E
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMTrQVCe8oUW4Of8YryJf6E&google_cver=1&google_push=ARnp8GBxGW8PZZqqgCjyrXOb02oSNUxZl3IxQkDVv10Ev1Figby1cavS8QzecgKocjC-8M9MoqQ...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPN0EtSC1HWFhH&google_push=ARnp8GBxGW8PZZqqgCjyrXOb02oSNUxZl3IxQkDVv10Ev1Figby1cavS8QzecgKocjC-8M9MoqQw1b9xkkJhbZyxUFmXyz5lgvY

170 B
188 B

93ms
61ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPN0EtSC1HWFhH&google_push=ARnp8GBxGW8PZZqqgCjyrXOb02oSNUxZl3IxQkDVv10Ev1Figby1cavS8QzecgKocjC-8M9MoqQw1b9xkkJhbZyxUFmXyz5lgvY

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPN0EtSC1HWFhH&google_push=ARnp8GBxGW8PZZqqgCjyrXOb02oSNUxZl3IxQkDVv10Ev1Figby1cavS8QzecgKocjC-8M9MoqQw1b9xkkJhbZyxUFmXyz5lgvY
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C37E
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_push=AR...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GAb2A-WpGCW2P8yCxiZgdmCFnfDx_CzP...

170 B
188 B

55ms
55ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GAb2A-WpGCW2P8yCxiZgdmCFnfDx_CzP95WHebrMfZJxIpkaxCb0WHhC6vmDmuHP-Rc4qDzRSENSg05LRNNLfKpWOmI6Fg

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=awig1b2Fpwz2cz7hDD23A7%2Br1AXTB%2Bw6M4WofJAaJq7w5yJy8I3z6ztgrVNCfvX1PjRyq885Xz0OABTFOZ5Fq%2BSRPPRRKwPotcDm3o8dXQsS%2FhsKqzJRsOZfLmwM1NbbKVVq1Ufum5KlEw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GAb2A-WpGCW2P8yCxiZgdmCFnfDx_CzP95WHebrMfZJxIpkaxCb0WHhC6vmDmuHP-Rc4qDzRSENSg05LRNNLfKpWOmI6Fg
cache-control: no-cache
cf-ray: 722efae17bf29960-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame C37E 0
232 B 89ms
45ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LSszeLe6eOVYbwuxgZrSkzSyViB4OrAWNyGz2qZmM8HCu70XHxMvLOKw8CXh_nNqvRR6zh

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:00 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8663
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

123ms
114ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 13:24:00 GMT
expires: Wed, 29 Jun 2022 13:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 13:24:00 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 3129 28 KB
28 KB 41ms
39ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 20:36:54 GMT
x-content-type-options: nosniff
age: 578826
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jun 2023 20:36:54 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame D9C8 28 KB
28 KB 39ms
37ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 20:36:54 GMT
x-content-type-options: nosniff
age: 578826
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jun 2023 20:36:54 GMT

GET
H3 200 fa287546e1d5bd0678894d5c227e456c.js Show response
www.gstatic.com/mysidia/ Frame 3FF1 10 KB
4 KB 42ms
38ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fa287546e1d5bd0678894d5c227e456c.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd49219477a365773f010355db7e75d2430693594965a28d835d7c579536948f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101899
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4351
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 00:04:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 09:05:41 GMT

GET
H3 200 db2e47a9a3671f527cf86ca9ac22fc67.js Show response
www.gstatic.com/mysidia/ Frame 3FF1 10 KB
4 KB 43ms
39ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/db2e47a9a3671f527cf86ca9ac22fc67.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3fbe67fed994d974916f80939f43e83889b033b3a565f349f26255620037a4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101899
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4277
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 00:04:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 09:05:41 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 3FF1 8 KB
893 B 50ms
46ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 12:38:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Jun 2022 13:24:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Jun 2022 13:24:00 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 3FF1 2 KB
902 B 41ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 250
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:19:50 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/ Frame 3FF1 21 KB
8 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:18:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 305
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:18:55 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 3FF1 3 KB
1 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 206
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:20:34 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 3FF1 17 KB
7 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:13:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 637
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:13:23 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3FF1 0
0 47ms
45ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSXDpCKW5545uFR7bgle943H_qY3Rnd70TfDSdvGg7maqUZTgcfdGtJC9Te70i0WaBmiaX21wyzp61-0O0COGXrGx4oAw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3FF1 138 KB
42 KB 129ms
46ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 29 Jun 2022 13:24:00 GMT

GET
H3 200 21b2dfe42abab24529e209ac1efa07c6.js Show response
www.gstatic.com/mysidia/ Frame 3FF1 31 KB
13 KB 44ms
42ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/21b2dfe42abab24529e209ac1efa07c6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 07:02:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22865
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13060
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 20:43:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 27 Sep 2022 07:02:55 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3FF1 0
0 81ms
81ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CjLEQb1K8YteQPICXj-8P7YyHeJ6uzqlp2N70vfoPpOfy7ZUCEAEgta-gJ2CVmpqCrAegAfSvpvkDyAEBqQKjOaHmiA-qPqgDAcgDwwSqBJ0CT9BJDNOC6wNhX0PdX-UXbZ80eGleBftD86SXLLB6S8hGVEehzhonzvUEmyQ4QvuHjHUeEq_vxSiP-12TJxMJLalPB-xK1OS1C07obtBRqMOYMD-tHVE_b3nAlF0yxDL-bw-Q6mcNmYZ12Jb2g2Gv84ZN1x8F-q-PRDQNJRF2Pd-G5adXBXcvIx0WxVEaj3xoX3rggx8smDp_2lnxUSyvOrGOuoX9NF7maqVhAwCUcWEVnGwkI8-sfQ5mHFmeziybJLiMaIilOcpEU5EIJxKiF-cgUSIe3jfOYG7VbbZiHnbscA1OOg5S4LrMuQ72HV_CTHISD5o2JSqj3WMyuHAiTW44mzoPMOn7W5XZ7X98xaugReAhf-6KY0GuaKwQwASrkpqr9QOSBQQIBBgBkgUECAUYBKAGUYAH9M_ZBqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEIaiAdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMNiBQB0BUBmBYBgBcBshccChoIABIUcHViLTE1MzYzMzQyMTk1NjI3NzEYAA&sigh=-EprKcm6q8o&uach_m=[UACH]

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 29 Jun 2022 13:24:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D668 143 B
163 B 43ms
37ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1994
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 12:50:46 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 047F 1 KB
749 B 44ms
37ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 27016
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 05:53:44 GMT
etag: 48472445140208031
expires: Thu, 30 Jun 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3FF1 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e4746fd8d4df17e1ac054b21445d7e64ac2f256dabe562f56c145b68f8e4b70

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 047F
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJBdCjHWMPPJM6f4gBGC0Go&google_cver=1&google_push=ARnp8GBXE7u4SeChcjkuqj-fcwb7Vr0srqXfhptgwEgqq4yh7IEjXYisew...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ARnp8GBXE7u4SeChcjkuqj-fcwb7Vr0srqXfhptgwEgqq4yh7IEjXYisewSDNmosEUWSDk_9i713fdgK8LikziURe940d5kjmW8&google_hm=h4YN7soN0COg4...

170 B
188 B

56ms
56ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ARnp8GBXE7u4SeChcjkuqj-fcwb7Vr0srqXfhptgwEgqq4yh7IEjXYisewSDNmosEUWSDk_9i713fdgK8LikziURe940d5kjmW8&google_hm=h4YN7soN0COg411ipe3mvQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ARnp8GBXE7u4SeChcjkuqj-fcwb7Vr0srqXfhptgwEgqq4yh7IEjXYisewSDNmosEUWSDk_9i713fdgK8LikziURe940d5kjmW8&google_hm=h4YN7soN0COg411ipe3mvQ
pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 047F
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DARnp8GADZM7MzgBN6CWOTcoCcMOFLrZLHqX3CAILV2H...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXJ4U2NRQUFCRmJ3em1vSg&google_push=ARnp8GADZM7MzgBN6CWOTcoCcMOFLrZLHqX3CAILV2HQzDFQYolbTzqjmo6gmWqIr1VMe1TYvs97LCLSeFk-lSXMRoq1fcvz0lxQ

170 B
188 B

54ms
53ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXJ4U2NRQUFCRmJ3em1vSg&google_push=ARnp8GADZM7MzgBN6CWOTcoCcMOFLrZLHqX3CAILV2HQzDFQYolbTzqjmo6gmWqIr1VMe1TYvs97LCLSeFk-lSXMRoq1fcvz0lxQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXJ4U2NRQUFCRmJ3em1vSg&google_push=ARnp8GADZM7MzgBN6CWOTcoCcMOFLrZLHqX3CAILV2HQzDFQYolbTzqjmo6gmWqIr1VMe1TYvs97LCLSeFk-lSXMRoq1fcvz0lxQ
Date: Wed, 29 Jun 2022 13:24:01 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 047F
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GCtkzHe...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GCtkzHe...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MjkxMzI0MDEwMDAxMjk2MzA3Njc1Mw%3D%3D&google_push=ARnp8GCtkzHedzMmocKr6RNPG9Lktrew_gBSJigYizaf_-x_elEvaXOiGFzdX1V11d4zkH...

170 B
188 B

47ms
47ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MjkxMzI0MDEwMDAxMjk2MzA3Njc1Mw%3D%3D&google_push=ARnp8GCtkzHedzMmocKr6RNPG9Lktrew_gBSJigYizaf_-x_elEvaXOiGFzdX1V11d4zkHbNRg-dhmM_UnLSLmyT0QyJu8YP8Ao

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MjkxMzI0MDEwMDAxMjk2MzA3Njc1Mw%3D%3D&google_push=ARnp8GCtkzHedzMmocKr6RNPG9Lktrew_gBSJigYizaf_-x_elEvaXOiGFzdX1V11d4zkHbNRg-dhmM_UnLSLmyT0QyJu8YP8Ao
pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Wed, 29 Jun 2022 13:24:01 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame 047F 43 B
64 B 95ms
55ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEMmriXffsUqwkC_ZHZYKibE&google_cver=1&google_push=ARnp8GACeoeY6edfCuD6Gx4tmNtiS6-rOSCeLsMpWAQgkNtyLxLb-hi1j-as5WFjp4mtcKo6-LwhY4Zb9jqBOJKvWoQ4h33UA-Yr
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: cvg227a43f7h8t7bei61upd36smaig06

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 047F 0
41 B 48ms
46ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKz49wHjuWyUJOSOhqWiWDk&google_cver=1&google_push=ARnp8GDdy4UY70D_fRcJCy7t7QbuAKxTL8VI9D5rhd7FZAPLfzqNGB4PZFOKaibkWCbOL-75isB5zSaPpzITio65YV3ttSSpew
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:01 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 047F
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMTrQVCe8oUW4Of8YryJf6E&google_cver=1&google_push=ARnp8GDMx0MTPySSx2a9AfBolsMHHFE0urEfSuORj56x5pJG09ZXWfVaKPnkJtOfyo6MObdW0-1...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPQzMtMVQtTEhYTA==&google_push=ARnp8GDMx0MTPySSx2a9AfBolsMHHFE0urEfSuORj56x5pJG09ZXWfVaKPnkJtOfyo6MObdW0-1KAeW2XXcehQVc4Co6tJ8wNjfs

170 B
188 B

55ms
55ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPQzMtMVQtTEhYTA==&google_push=ARnp8GDMx0MTPySSx2a9AfBolsMHHFE0urEfSuORj56x5pJG09ZXWfVaKPnkJtOfyo6MObdW0-1KAeW2XXcehQVc4Co6tJ8wNjfs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPQzMtMVQtTEhYTA==&google_push=ARnp8GDMx0MTPySSx2a9AfBolsMHHFE0urEfSuORj56x5pJG09ZXWfVaKPnkJtOfyo6MObdW0-1KAeW2XXcehQVc4Co6tJ8wNjfs
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET googleredir
googlecm.hit.gemius.pl/ Frame 047F 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 047F 0
12 B 46ms
44ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LRAxxpnNprnl1naQEGuaJo3y6Z_LchdFqhpjJ5nWZmswc1UgISa29Oyf48nuamklk5ye7vQQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D668
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

93ms
93ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 13:24:01 GMT
expires: Wed, 29 Jun 2022 13:24:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 13:24:01 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 fa287546e1d5bd0678894d5c227e456c.js Show response
www.gstatic.com/mysidia/ Frame 5CDA 10 KB
4 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fa287546e1d5bd0678894d5c227e456c.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd49219477a365773f010355db7e75d2430693594965a28d835d7c579536948f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101900
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4351
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 00:04:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 09:05:41 GMT

GET
H3 200 db2e47a9a3671f527cf86ca9ac22fc67.js Show response
www.gstatic.com/mysidia/ Frame 5CDA 10 KB
4 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/db2e47a9a3671f527cf86ca9ac22fc67.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3fbe67fed994d974916f80939f43e83889b033b3a565f349f26255620037a4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101900
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4277
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 00:04:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 09:05:41 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 5CDA 8 KB
893 B 47ms
47ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 12:44:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Jun 2022 13:24:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Jun 2022 13:24:01 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 5CDA 2 KB
902 B 40ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:19:50 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/ Frame 5CDA 21 KB
8 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:18:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 306
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:18:55 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 5CDA 3 KB
1 KB 40ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 207
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:20:34 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 5CDA 17 KB
7 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:13:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 638
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:13:23 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5CDA 0
0 47ms
45ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ8LVC7IVyyYgTa7N2nBg8kqS002tlm23wPJodTksUuxFVh6haP_3r8JN4rOC-I01hBkixuDItddO5rR1sKcGjc4cV_gg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5CDA 138 KB
42 KB 53ms
51ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 29 Jun 2022 13:24:01 GMT

GET
H3 200 21b2dfe42abab24529e209ac1efa07c6.js Show response
www.gstatic.com/mysidia/ Frame 5CDA 31 KB
13 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/21b2dfe42abab24529e209ac1efa07c6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 07:02:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22866
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13060
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 20:43:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 27 Sep 2022 07:02:55 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5CDA 0
0 81ms
81ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cwoa2b1K8Yp2EPJ32zLUPr6OtyAjEjL2Uapqi2NWpD8CNtwEQASC1r6AnYJWamoKsB6ABra6QnwPIAQGoAwHIA8MEqgSOAk_QRbOBf-FiTW5c9i_mrKtm36H3WNM6yHltYALTx9dsun6GmyVrORRISMAUj41eZQa9sDy2o87xmry63uRswpIM1HcH6ylnqOmsBDjQScDlUoCKK9GSGJr3x83pmXBmZCM8jk1KgECgN-7AXQZQgjLfrEf0WVW2GuCmPVf3ycvjFJq3CIVXU2cMQUuLMiZKBJOIJ8YbDA6QT0opGTnzCEZzXWR6wEzS7gjOLrDU3s3sNC8W1X3_YMD1P2GP5Gg7xrBy_0NNp3FMv5Mf3UXWkW-8OVrk_gP3V_eYTNQMQbUuc8fJ8jBNLf5WTS0Ms-622ZmT6r9K0bgtC8U8gjrV8DYbYOM_q66Ia3a9EuPlfcAE1oHyyO4DkgUECAQYAZIFBAgFGASgBmaAB7vR72CoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDorALSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDIgUAdAVAZgWAYAXAbIXHAoaCAASFHB1Yi0xNTM2MzM0MjE5NTYyNzcxGAA&sigh=1gZ3s6TfMGA&uach_m=[UACH]

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 29 Jun 2022 13:24:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 3FF1 28 KB
28 KB 37ms
37ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 20:36:54 GMT
x-content-type-options: nosniff
age: 578827
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jun 2023 20:36:54 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame AFEC 143 B
163 B 39ms
37ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1995
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 12:50:46 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A801 1 KB
749 B 38ms
36ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 27017
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 05:53:44 GMT
etag: 48472445140208031
expires: Thu, 30 Jun 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5CDA 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 700fc2b4f089fb56eec6028fec52d52c2cc1d4b3186faaafb9e19c0f501c1e94

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame A801 35 B
210 B 43ms
41ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJBdCjHWMPPJM6f4gBGC0Go&google_cver=1&google_push=ARnp8GAJoLL3ArNkbDkMEGo8DxxqFS0uloJ3dexQY_rm5smDpRMlaMkxI390pVCy_dQlV3AZcs5JebY1eoliL7JmDJVCV14KV3e6

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A801
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DARnp8GBF3cEnCp5IzXMgC5KDe_DAce_c26-mj1EzvE8...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXJ4U2NRQUFCUkVtWTF0Rg&google_push=ARnp8GBF3cEnCp5IzXMgC5KDe_DAce_c26-mj1EzvE8Pg11M5XlGc5rgW-Q0Vj8HbctcHGFRB82Zwb8cWq1ndJcbrUEUvHN5TIB3

170 B
188 B

47ms
47ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXJ4U2NRQUFCUkVtWTF0Rg&google_push=ARnp8GBF3cEnCp5IzXMgC5KDe_DAce_c26-mj1EzvE8Pg11M5XlGc5rgW-Q0Vj8HbctcHGFRB82Zwb8cWq1ndJcbrUEUvHN5TIB3

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXJ4U2NRQUFCUkVtWTF0Rg&google_push=ARnp8GBF3cEnCp5IzXMgC5KDe_DAce_c26-mj1EzvE8Pg11M5XlGc5rgW-Q0Vj8HbctcHGFRB82Zwb8cWq1ndJcbrUEUvHN5TIB3
Date: Wed, 29 Jun 2022 13:24:01 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A801
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DARnp8GAopUh-...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MjkxMzI0MDEwMDAxNjE0NDI1MTM5OQ%3D%3D&google_push=ARnp8GAopUh-0oDaBJgdVO_8_BMh3kdRiaQRxM6k3iuOVZbOn9h9YVdxrUVL2MyfGkmGDh...

170 B
188 B

54ms
54ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MjkxMzI0MDEwMDAxNjE0NDI1MTM5OQ%3D%3D&google_push=ARnp8GAopUh-0oDaBJgdVO_8_BMh3kdRiaQRxM6k3iuOVZbOn9h9YVdxrUVL2MyfGkmGDhaSl6ICF8AVyolVKYyBDC7rRulNdwvg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjA2MjkxMzI0MDEwMDAxNjE0NDI1MTM5OQ%3D%3D&google_push=ARnp8GAopUh-0oDaBJgdVO_8_BMh3kdRiaQRxM6k3iuOVZbOn9h9YVdxrUVL2MyfGkmGDhaSl6ICF8AVyolVKYyBDC7rRulNdwvg
pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Wed, 29 Jun 2022 13:24:01 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame A801 43 B
64 B 54ms
53ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEMmriXffsUqwkC_ZHZYKibE&google_cver=1&google_push=ARnp8GBTxVCTf9s9_hALJqEyGfydpZ34-3724U85pIg2qskrD8kNLv2SwP40wppSxlhA1bqJliWjZNms7PXS1TldKqhoA4YKfUfM
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: qp0v54he0fdqh1voh8l21edscblv4f86

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame A801 0
41 B 48ms
46ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKz49wHjuWyUJOSOhqWiWDk&google_cver=1&google_push=ARnp8GCy225fiOyhka-ucfMRkHlrLN9TgZBZqwk-TAcj8zw6p0hReqDK_qfY0ZU0Wj6BlgGoENvwovlzdrk3C8lQToPakUiNBHr3
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A801
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMTrQVCe8oUW4Of8YryJf6E&google_cver=1&google_push=ARnp8GAqP2n4GY-Eey8zcCuKezjmF33ROxGU2A8iu4gEi3Y7f-DajQF1bY1aStMXDjOB_xGE59f...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPSFQtUS00Vjc3&google_push=ARnp8GAqP2n4GY-Eey8zcCuKezjmF33ROxGU2A8iu4gEi3Y7f-DajQF1bY1aStMXDjOB_xGE59foxKd8ZPROezkH0kMNIV6znJyn

170 B
188 B

54ms
54ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPSFQtUS00Vjc3&google_push=ARnp8GAqP2n4GY-Eey8zcCuKezjmF33ROxGU2A8iu4gEi3Y7f-DajQF1bY1aStMXDjOB_xGE59foxKd8ZPROezkH0kMNIV6znJyn

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPSFQtUS00Vjc3&google_push=ARnp8GAqP2n4GY-Eey8zcCuKezjmF33ROxGU2A8iu4gEi3Y7f-DajQF1bY1aStMXDjOB_xGE59foxKd8ZPROezkH0kMNIV6znJyn
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A801
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GBT1FFLz6BonakW8bCh4B6WgVs_ji5uD...

170 B
188 B

48ms
48ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GBT1FFLz6BonakW8bCh4B6WgVs_ji5uDjJI0zpZtDsLDdhdDIMlDT3OICXRda4EfD9BGPJSQlYSXh3ClnN3ehPjweP4uIWB

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uEDK1Ca1hohzYo%2Bw7VlzkIaY6po4Dnh7dxK9KFXx4U%2FWIQMKb%2BVb35jvTZxebRDpibe0jQQQ1k%2B1npxErBbPveYXC%2FmAayjGrl2S2n3Wdp7FBDjEAaW9nDPXdmd0v5MFsNy3ZKxFkw8H7w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GBT1FFLz6BonakW8bCh4B6WgVs_ji5uDjJI0zpZtDsLDdhdDIMlDT3OICXRda4EfD9BGPJSQlYSXh3ClnN3ehPjweP4uIWB
cache-control: no-cache
cf-ray: 722efae39fcf9960-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame A801 0
12 B 46ms
45ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I5Rxo8SBfA1rxI7hYfTvix0Tm3ao_it2j4wa7nw2GAxJSAxbnNQ2ZdTkadNSpZes9aMNly

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 5CDA 28 KB
28 KB 39ms
38ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 20:36:54 GMT
x-content-type-options: nosniff
age: 578827
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jun 2023 20:36:54 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame AFEC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

107ms
106ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 13:24:01 GMT
expires: Wed, 29 Jun 2022 13:24:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 13:24:01 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ViAmyRY-LKGlXGI_ktt9sOy-HRzFpgmS9L9D6qSMV6s.js Show response
pagead2.googlesyndication.com/bg/ Frame 394D 36 KB
14 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ViAmyRY-LKGlXGI_ktt9sOy-HRzFpgmS9L9D6qSMV6s.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=944551752&pi=t.aa~a.429328830~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280%2C353x280&nras=6&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=3199&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=dPz8Ehne74&p=https%3A//www.redpacketsecurity.com&dtd=64

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

562026c9163e2ca1a55c623f92db7db0ecbe1d1cc5a60992f4bf43eaa48c57ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 11:45:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5901
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13935
x-xss-protection: 0
last-modified: Tue, 21 Jun 2022 16:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Jun 2023 11:45:40 GMT

GET
H3 200 fa287546e1d5bd0678894d5c227e456c.js Show response
www.gstatic.com/mysidia/ Frame 6E76 10 KB
4 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fa287546e1d5bd0678894d5c227e456c.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd49219477a365773f010355db7e75d2430693594965a28d835d7c579536948f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101900
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4351
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 00:04:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 09:05:41 GMT

GET
H3 200 db2e47a9a3671f527cf86ca9ac22fc67.js Show response
www.gstatic.com/mysidia/ Frame 6E76 10 KB
4 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/db2e47a9a3671f527cf86ca9ac22fc67.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3fbe67fed994d974916f80939f43e83889b033b3a565f349f26255620037a4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101900
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4277
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 00:04:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 09:05:41 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 6E76 8 KB
893 B 47ms
46ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Jun 2022 12:40:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Jun 2022 13:24:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Jun 2022 13:24:01 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 6E76 2 KB
902 B 38ms
37ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:19:50 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/ Frame 6E76 21 KB
8 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:18:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 306
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8671
x-xss-protection: 0
server: cafe
etag: 18116328616323621410
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:18:55 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 6E76 3 KB
1 KB 39ms
37ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:20:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 207
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:20:34 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/ Frame 6E76 17 KB
7 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220623/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:13:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 638
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7309
x-xss-protection: 0
server: cafe
etag: 16921397534319471551
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Jul 2022 13:13:23 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6E76 0
0 46ms
44ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTudmwCmOPOT3T54tc3Yw1u09G7q07fnOsiScNkG2MNO8gcvgWKrEt2LADPRklDeW6U6IFyJh2TJFOGDK_P6E7tqVCrcg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6E76 138 KB
42 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43256
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1656329918998510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 29 Jun 2022 13:24:01 GMT

GET
H3 200 21b2dfe42abab24529e209ac1efa07c6.js Show response
www.gstatic.com/mysidia/ Frame 6E76 31 KB
13 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/21b2dfe42abab24529e209ac1efa07c6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 07:02:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22866
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13060
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 20:43:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 27 Sep 2022 07:02:55 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6E76 0
0 80ms
80ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CkQezb1K8YqSIO6Dgj-8P9dGZ-Aaqnp_iar7NqKP3D6Tn8u2VAhABILWvoCdglZqagqwHoAHkmeu8AsgBAagDAcgDwwSqBJECT9DjLmw1Wqt4dmN3__yYVfqSDsn9CouXuIyFoglGthijYqk3hRXNefi-lHGqSEiQO-ZBqmBEUMC67T_l5SPpVZlTvOzUxZAjMyapoJFsunADEzDytvaDqCfSxhSx37SaB81tjREf4L3hHCMz2UCkf75fmspunFuAnzf9yuYiVZCBq5lM0dauyNI3wfXd3BU1E7OI5cdBxFdanpDGgBxK8H7uYcN_mTk76UZGmEqzm3SZlUi104KgPZQugeFp4K2cN3EjADjPDIVmUHyxHEK23j-1bExC5no-uorDTJh7T4KgL2ADgNRP9UTf8U1FHn1GgU15yYzWPpuk19A3ey_0gbwYsBddZWUoj1xH0gEO2pWZwASU483ygQSSBQQIBBgBkgUECAUYBKAGZoAHhOaUwwGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBD8nQPSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDYgUAdAVAYAXAbIXHAoaCAASFHB1Yi0xNTM2MzM0MjE5NTYyNzcxGAA&sigh=lESRKT7y-4Q&uach_m=[UACH]

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 29 Jun 2022 13:24:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A226 143 B
163 B 37ms
37ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1995
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 12:50:46 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 221C 1 KB
749 B 38ms
37ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 27017
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Jun 2022 05:53:44 GMT
etag: 48472445140208031
expires: Thu, 30 Jun 2022 05:53:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 6E76 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 37e7c0401ebcaabae9bfef1b97a13f5f7c9b40e88d783a2d175f829b1e2c241d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 221C
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJBdCjHWMPPJM6f4gBGC0Go&google_cver=1&google_push=ARnp8GBzK59kKV_KBSPWQ361LrT4usRcslaM-YugbZq2BVpzaSjd5M3dTf...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ARnp8GBzK59kKV_KBSPWQ361LrT4usRcslaM-YugbZq2BVpzaSjd5M3dTfqhLTwSd87ivetCki1UZDtaamu0QltzoIrK7H4eN7p5&google_hm=h4YN7soN0COg...

170 B
188 B

55ms
55ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ARnp8GBzK59kKV_KBSPWQ361LrT4usRcslaM-YugbZq2BVpzaSjd5M3dTfqhLTwSd87ivetCki1UZDtaamu0QltzoIrK7H4eN7p5&google_hm=h4YN7soN0COg411ipe3mvQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ARnp8GBzK59kKV_KBSPWQ361LrT4usRcslaM-YugbZq2BVpzaSjd5M3dTfqhLTwSd87ivetCki1UZDtaamu0QltzoIrK7H4eN7p5&google_hm=h4YN7soN0COg411ipe3mvQ
pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 451 466606.gif
id.rlcdn.com/ Frame 221C 0
98 B 129ms
46ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DARnp8GBZ_GmRHXQS6ZQwvUxX1wOQYObS0d_BcHJZeJ54r_YVbbdkL7HLtP5g0nTL4BMkpyN9QWh0UQmDPyp0IGPwyLJrGyXqaOgm&google_gid=CAESEHcSydP3haeHzKRxspy0Uns&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:01 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 dds
rtb.openx.net/sync/ Frame 221C 43 B
64 B 55ms
54ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEMmriXffsUqwkC_ZHZYKibE&google_cver=1&google_push=ARnp8GCcfpY-GiQ0BkpLVYBXRhn1VrCJ3cJXvpRX3xR7DuaBSZxhPdNwP2WVftqY-_wPdcw-DOOsLF5ab93BwCCs1tPYawujuN0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:00 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: me7rkb4vlosuk65ufmvkqdlgg4j14unh

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 221C 0
41 B 47ms
45ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKz49wHjuWyUJOSOhqWiWDk&google_cver=1&google_push=ARnp8GAR3WOh053qoMaVtovKR8CYJF059uogxLWS2gplumg7S8_ftj-9h5-dbZBfhF63-tc9iieUUoZXsrciJWr_SXP0e7MZnuDt
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 221C
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMTrQVCe8oUW4Of8YryJf6E&google_cver=1&google_push=ARnp8GDUCC1J0aK-ptxXWiikQdpaI_iLywoHWqfEjArntKf8uYp0OABfJ8Czl6KsowNYwgYJZo7...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPT1ctTC03MUJV&google_push=ARnp8GDUCC1J0aK-ptxXWiikQdpaI_iLywoHWqfEjArntKf8uYp0OABfJ8Czl6KsowNYwgYJZo7DZmR33LP-CQb6UmGpJizwzjhw

170 B
188 B

47ms
47ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPT1ctTC03MUJV&google_push=ARnp8GDUCC1J0aK-ptxXWiikQdpaI_iLywoHWqfEjArntKf8uYp0OABfJ8Czl6KsowNYwgYJZo7DZmR33LP-CQb6UmGpJizwzjhw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDRaTVBPT1ctTC03MUJV&google_push=ARnp8GDUCC1J0aK-ptxXWiikQdpaI_iLywoHWqfEjArntKf8uYp0OABfJ8Czl6KsowNYwgYJZo7DZmR33LP-CQb6UmGpJizwzjhw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 221C
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GBmO5RBW3blc7HDvec-SxD18kSqA44GF...

170 B
188 B

53ms
53ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GBmO5RBW3blc7HDvec-SxD18kSqA44GFpF_iOJ9gWWBrh2N-Dx9tWxIdA5DMaKk_GqxEZdbZv1PMwX_OdpwFmBCUljLBqL6

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Jun 2022 13:24:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cj13cU73vNjDtbyRO7jEcIuVOCMqIH3asXWERP4%2B4M3Vnh5h6rGbSU8FAM5oJRCl5nLjjMtx%2FLEQQ1oYoa0cdyOLWUw7rzfuexkhX0rbtYehSdoihK2MKRStjPRhiFDWieS5aHcBGAge2g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEJmZeiBIAWbuyBgDNzuccUA&google_hm=YrxScJlrvAQ-InTecn1jUwAABKAAAAAB&google_nid=index&google_push=ARnp8GBmO5RBW3blc7HDvec-SxD18kSqA44GFpF_iOJ9gWWBrh2N-Dx9tWxIdA5DMaKk_GqxEZdbZv1PMwX_OdpwFmBCUljLBqL6
cache-control: no-cache
cf-ray: 722efae53a719960-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET googleredir
googlecm.hit.gemius.pl/ Frame 221C 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 221C 0
12 B 46ms
44ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L_NOUBOKiuUgvkaJ6uJWx8RRWzzyj62m40RN8nEdoQ39gZ_GV8bQxk16Q529nPeUVXa7m4Yg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 13:24:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A226
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

71ms
71ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 13:24:01 GMT
expires: Wed, 29 Jun 2022 13:24:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Jun 2022 13:24:01 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ViAmyRY-LKGlXGI_ktt9sOy-HRzFpgmS9L9D6qSMV6s.js Show response
pagead2.googlesyndication.com/bg/ Frame BC45 36 KB
14 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ViAmyRY-LKGlXGI_ktt9sOy-HRzFpgmS9L9D6qSMV6s.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=6087740&pi=t.aa~a.1081604991~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1564&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280%2C353x280%2C353x280&nras=5&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=2463&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=iH2sEFom37&p=https%3A//www.redpacketsecurity.com&dtd=61

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

562026c9163e2ca1a55c623f92db7db0ecbe1d1cc5a60992f4bf43eaa48c57ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 11:45:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5901
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13935
x-xss-protection: 0
last-modified: Tue, 21 Jun 2022 16:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Jun 2023 11:45:40 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 6E76 28 KB
28 KB 37ms
37ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 22 Jun 2022 20:36:54 GMT
x-content-type-options: nosniff
age: 578827
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jun 2023 20:36:54 GMT

GET
H3 200 ViAmyRY-LKGlXGI_ktt9sOy-HRzFpgmS9L9D6qSMV6s.js Show response
pagead2.googlesyndication.com/bg/ Frame E415 36 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ViAmyRY-LKGlXGI_ktt9sOy-HRzFpgmS9L9D6qSMV6s.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1536334219562771&output=html&h=280&adk=3106563156&adf=4029085294&pi=t.aa~a.2402295283~rp.4&w=353&fwrn=4&fwrnh=100&lmt=1656500643&rafmt=1&to=qs&pwprc=6266461316&psa=0&format=353x280&url=https%3A%2F%2Fwww.redpacketsecurity.com%2Fblack-basta-ransomware-victim-new-peoples-bank%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1656509039826&bpp=1&bdt=1563&idt=-M&shv=r20220623&mjsv=m202206270101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Da36102886821a1fa-22ff3648bfcd00f1%3AT%3D1656509039%3ART%3D1656509039%3AS%3DALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg&prev_fmts=0x0%2C1038x280&nras=3&correlator=8545601013669&frm=20&pv=1&ga_vid=561496504.1656509039&ga_sid=1656509040&ga_hid=1984713907&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1198&ady=1138&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068232%2C42531606&oid=2&pvsid=506695731728135&tmod=1469910566&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=LiMayROL8m&p=https%3A//www.redpacketsecurity.com&dtd=46

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

562026c9163e2ca1a55c623f92db7db0ecbe1d1cc5a60992f4bf43eaa48c57ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Wed, 29 Jun 2022 11:45:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5901
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13935
x-xss-protection: 0
last-modified: Tue, 21 Jun 2022 16:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 29 Jun 2023 11:45:40 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEM8xSP8ptmA-xZE8BccAUpw&google_cver=1&google_push=ARnp8GCQdWtf1_gKnBpKzACLbQs44_m7wtlOSzdyFtAurEoP5RxtTghnBsBVZbARwDgrIBsD_pltof-aypQqWl9XzthYKimPvuZHSQ

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEM8xSP8ptmA-xZE8BccAUpw&google_cver=1&google_push=ARnp8GA5RXMyhbUhJ6UVN7DiMM6S_fLB8Xx8UQJ87McbNqoMYUSUQ9WHHSHfXWuq12-3KtPlUHj5lwrBHx0SU6UXj3IP7eOltGyA

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank	1969-12-31 23:59:59	Name: _ga4s Value: 1
www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank	1969-12-31 23:59:59	Name: _ga4sid Value: 995800767
.redpacketsecurity.com/	1970-01-22 13:11:59	Name: _ga Value: 7548009d-be26-43bd-bc8f-43ef9e91972a
.redpacketsecurity.com/	1970-01-22 13:11:59	Name: _ga4 Value: 71d30594-c729-4e33-a88c-6c4137bc4282
.www.redpacketsecurity.com/	1970-01-20 04:51:41	Name: CaosGtag_ga_GN0W0LT7ZX Value: GS1.3.1656509039.1.0.1656509039.60
.www.redpacketsecurity.com/	1970-01-20 04:51:41	Name: CaosGtag_ga Value: GA1.3.561496504.1656509039
comments.app/	1970-01-20 12:53:11	Name: bcom_on Value: 1
.doubleclick.net/	1970-01-20 13:30:05	Name: IDE Value: AHWqTUlQ2vpo6Bf3Meo6MBnGxgFVyVajLrXus951sTEbaJi1d3SMlL7HGHazzYf7
.redpacketsecurity.com/	1970-01-20 04:08:30	Name: __cf_bm Value: jDuo4Q3XoAuQ3VTfyBo7MzM16wz_9G.MqGsrkZvnGq4-1656509039-0-AZLiwTjdoD7u103HEhmJjEE004IFYN92Znh/XkGRGHhucg2s3AHbeNZNWtwVEpKWOx2773OPPQYpdUCIE1s+rdO6g0BSyAtS2JL0DKIpehP82pVy9KLYEZ1LXYAWCOJNGQ==
.redpacketsecurity.com/	1970-01-20 13:30:05	Name: __gads Value: ID=a36102886821a1fa-22ff3648bfcd00f1:T=1656509039:RT=1656509039:S=ALNI_Mbg4svEx75mq_BQpFeRnwqDMOo_Yg
.quantserve.com/	1970-01-20 06:18:05	Name: d Value: EAEBCQG_JoEA
.quantserve.com/	1970-01-20 13:38:43	Name: mc Value: 62bc5270-ba018-ea614-e95ab
.casalemedia.com/	1970-01-20 12:54:05	Name: CMID Value: YrxScJlrvAQ.InTecn1jUwAA
.casalemedia.com/	1970-01-20 06:18:05	Name: CMPS Value: 1184
.casalemedia.com/	1970-01-20 06:18:05	Name: CMPRO Value: 1184
.doubleclick.net/	1970-01-20 04:08:32	Name: DSID Value: NO_DATA
.agkn.com/	1970-01-20 12:54:05	Name: ab Value: 0001%3A1tmRLNmilhfbHybPRcZDHpoxqTfpvj%2Bn
.agkn.com/	1970-01-20 12:54:05	Name: u Value: C\|0CEAqTw7wKk8O8AAAAAAAAQ13AQCAAQpAAAAAAA
.e.dlx.addthis.com/	1970-01-20 13:38:43	Name: na_tc Value: Y
.addthis.com/	1970-01-20 13:38:43	Name: na_tc Value: Y
.dlx.addthis.com/	1970-01-20 04:51:41	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 04:51:41	Name: na_sr Value: 20220629
.dlx.addthis.com/	1970-01-20 04:08:29	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 04:51:41	Name: na_sc_e Value: 0
.addthis.com/	1970-01-20 13:38:43	Name: na_id Value: 2022062913240100012963076753
.addthis.com/	1970-01-20 13:38:43	Name: uid Value: 62bc5271fca74f62
.addthis.com/	1970-01-20 13:38:43	Name: ouid Value: 62bc52710001a08070d7224e19ceba56427e6b51f1b4408a3ee7
.casalemedia.com/	1970-01-20 06:18:05	Name: CMTS Value: 3174

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEM8xSP8ptmA-xZE8BccAUpw&google_cver=1&google_push=ARnp8GCQdWtf1_gKnBpKzACLbQs44_m7wtlOSzdyFtAurEoP5RxtTghnBsBVZbARwDgrIBsD_pltof-aypQqWl9XzthYKimPvuZHSQ Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEM8xSP8ptmA-xZE8BccAUpw&google_cver=1&google_push=ARnp8GA5RXMyhbUhJ6UVN7DiMM6S_fLB8Xx8UQJ87McbNqoMYUSUQ9WHHSHfXWuq12-3KtPlUHj5lwrBHx0SU6UXj3IP7eOltGyA Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
network	error	URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DARnp8GBZ_GmRHXQS6ZQwvUxX1wOQYObS0d_BcHJZeJ54r_YVbbdkL7HLtP5g0nTL4BMkpyN9QWh0UQmDPyp0IGPwyLJrGyXqaOgm&google_gid=CAESEHcSydP3haeHzKRxspy0Uns&google_cver=1 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
analytics.google.com
cm.g.doubleclick.net
cms.quantserve.com
comments.app
d.agkn.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
id.rlcdn.com
image6.pubmatic.com
oauth.tg.dev
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.rubiconproject.com
rtb.openx.net
ssum-sec.casalemedia.com
static.cloudflareinsights.com
stats.g.doubleclick.net
tg.dev
tpc.googlesyndication.com
track.seadform.net
www.google.com
www.google.de
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
www.redpacketsecurity.com
googlecm.hit.gemius.pl
104.18.19.126
104.222.176.10
104.89.42.102
142.250.185.130
149.154.164.13
172.217.18.98
185.64.190.78
2606:4700:20::ac43:4810
2606:4700:440e::6812:2fe6
2620:116:800d:21:b314:a0ef:ab7c:d546
2a00:1450:4001:803::2003
2a00:1450:4001:809::2003
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:811::200e
2a00:1450:4001:812::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:830::2001
2a00:1450:4001:830::2004
2a00:1450:400c:c08::9d
3.122.145.17
34.251.55.128
34.98.67.61
35.186.253.211
35.244.174.68
37.157.4.40
69.173.144.138
00ab36d5573ceab85b1bc2de3ff62f4a9402bdc7c8a9749ac58c7037aa4bd2b8
019dbff595e10442fcdc74c8cba3419c88100517861d3bca0ab49164a1338448
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
04aec4107954c62d888f138cac63e9fd4508ca8bfcdaf9a9e3ade5eed2333b79
07d8e06258039e45a3d2e1da8b1001e0c301135b485e85726abc4b306d473abb
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bb10a2d723e30af4234cc3dcc1a82702a390c01ebe7f3171bfb1f42be2f0d09
13ea1503dc13c1d5259d6d10430aadc0fe269a78016fa6b7e0a41d653c6a7001
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1dc4b29dd0acbed77ec2fd81036c33efd4ab5989e8182705a30615a00a0117f7
240b702419d6c39ecc4896f0132ccfc9bc517e9aef0c782d99580e0c678b47d5
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
29a74bd48fa0b500b61194468e760e8acef2f465e782e0da3eb219850bcea8fb
2c6c5fa1a182530d794b033ee34f4a2d9e0b12db9ca65d696d79c6862f63a801
333995c0787761614afd94b2c38133bcfc513b40caa1e2708e65a8ff89e707c0
342125f8b526a75dd8ed829225c6a23af06249bf360efc2962c340cacd3fe517
37e7c0401ebcaabae9bfef1b97a13f5f7c9b40e88d783a2d175f829b1e2c241d
37e87643d88538a3667dd0cf9aded067e0a52bc47e4b3a901a5c3c0a3b3a453b
3dbfd192961150faaa5762d0bf7a6fc352ae6db0e0bc505b815804a026016079
4247183ff111bcf12affd18ba0da4a7a1ff0b4e7e491db67b9562b58d6a29c88
43124dcb89fbed91eb7ab07811071065ae32e74a4f682bc11a2654c826220007
46489b4c55fb6dce029c4ebcaa74c9616a0a89dc3be3e0027d0113c698ed9968
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
482f450b7fdbac6f9304643f3e731df20bf66c51fb0599fa9a734e5d102a9e2a
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4bac530874a51f6c07f2e956b8b534c5947e13f3f6e9a15c7684cc7352051c28
4cb636b91baa2ce444767df4b186194cd84ce5740b196123d3da1e2ead84e245
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e4746fd8d4df17e1ac054b21445d7e64ac2f256dabe562f56c145b68f8e4b70
52bbb80de38a831973b2eef5325fa01354cae1a031376ded2f93b2a1de53fa94
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
54cb0643a7f536436b00df60b5bf7d1c37f71d9cca5bc05246f958a2573d0fa4
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
562026c9163e2ca1a55c623f92db7db0ecbe1d1cc5a60992f4bf43eaa48c57ab
578ece1ba13e8a1dd211785e2df101ac5f9d1f2e387f9c6557bf51637ad0b84b
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5fdfb2304fc4b4ce74cdc70e83a8d62bdd46b3bfd0a69abea17fe490faec746c
60c62e0e44a2b4a1116d28f8a69f20c108cc84b5c173060d134a6ec083e12240
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62192a35a334d4401e348cf6774b25795b248972e116befa3405d9b9128a5473
629a298422d20d6be3aad025c6ddce8681991408627b1bf76f3e88abce039d2e
6342d16a93416b5e826f6d0e0e930ef033efb682851ae46270f3c4f5b4a1c194
6c1e31700f68d1666de6b0992e89d413434707718bf729a472404029845bdbad
6d53299eeb9516dbba670ceeb55e8e5ce2186edb71518f6a1bd16553308f17c2
6e030af5390ddec7d8ce24c6fc6c650cfbc92d38037d2ac11ad9591db251e65e
6fecb89a29ee2bd397bb1bf58ecaa530a76f0654db71fadefd3cc70b0bc302bf
700fc2b4f089fb56eec6028fec52d52c2cc1d4b3186faaafb9e19c0f501c1e94
7147639902c3336843e877d3245dc6adc61ffca9b8aa61ab591b50491e13c9cc
717fbacbf26a1f7ee86c28a9dabf6abc285b324b24a11f0d3762903d8934565a
75a2067c9dff8e58ae83cdb8ee4fe896013966ac4e8f3f1d5e8a75f27c9a1ae2
76216b6c25b768e5bee4b758dacfef993b3e87cc2d7fd9bf192bd685d1ae9bfb
7688d6c0bc721a9708d4f280bfc926b6bb25e2386300a906a7fe5fa31a334bc7
798519ce47ff93dbb094e3bb3ee857bea4dfd1dfaa919bd0f3ea2a91479bec9e
7d45256c95c1c245654bf298e27d9c538dc778a2ee050ba4678ac2a07f479869
7d853f12f80f4e85343c2bc6ee4ab226f479c09a0dfd46e00808ff0e32043293
81f4e3d22360404c617b9a25ee0b9f8e0da0528e16f37e56b6a95e75d30d7036
84d1ee47df256fbcd1042850b8fd40df9ca9952a5b37608f019f2f438713fa30
878507828632957a2a0e471f1bfef8ef64ee4726f7fd03d05d77664823079fa5
898bb33c4d697683d384a3ac69acba30a8eaefb8591c54bb287a3eb445dc0278
8a3557561f3fca1c3bab36778cfeb2a9990aa86a23e50d64216f1f1a46adb571
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ba64ea38909392d4cabab89c686db48a38780d9a9efa30d8cc20980c21f7946
9691e8c38e89f0117aa9aab7dc706fa84ff4c18279a0769cfd90579c897922c1
970d08b0edc4bfc0925495d8b11564f3c2fd368f745f7b3510a7fced11848894
975fcd769077c94bff0b689fbe3ad59e461ea7c948870bd979d21ad4716ecee9
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b67a14d3266023e71ecdf6bbb6376034a486e07e1da880f536af90fb1c07711
9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134
9ddc0f6530a2a949a60ecc192689aba25551e0f9f6270b44803134b27708d883
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2625083f682f667dbd0121720f86b02cc023e7cc2c36d1fad2d1a3dbe0b8cc6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a813f571283df3b4c18c535c9f408ae4897bf5e4d46faa8adeee189d8f732672
aa441bf5f2ac8c608371513bad73ea45ad6dc8b7c50e3c6841af81147d0b96ce
ab9923ddf87ea918721ca60169271da941bbdc98c55793246a8b3c1dd4cc25cc
ace0366eab1ff253f3ccc456913f0cd991bd1ead16846297ba62c40e2f0dcd5b
ae394bf43bc39f7c6b3f439de04f6b75288d849a0ecae5000a2452546063647c
af12f7592b4d8f6b8483bd9bab081ecf35abe485d5315fb0ecf30559ac2bd9cd
af468a53ff8b21e58d333969b462d31f6d23e94d0f255e58b8c9242057d29c34
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b280d1cc19c24e39b526105b152d8458a53f9ac9a338d40daca2c7bed1c90034
b28d8e93ecf9067ff746e514c79ad5adc53cc00965630bfe0b118cf80f7bf065
b2be9c7c3f5b1cfa7055b5f64d499416c9b680b0b6030677c323164358f49a99
b30169a38c7ecd17eefc119177c0c61337b17a8f1abfd337ac37284d1a04a65b
b33ad250798eef9bd3379f3e7a9eeb55bd49bc718063bdaf568b7ed9dc3f4b9e
b5e930df6a2976d5df996e18b347e091756699ea32716dc53d0e1c0fd814c526
b80be40c3c47f8526cd90de3e7548b90660e0a869c00ae84affe5e287f0bd1dd
b97d2c98f8bac4ee72d075d577db22903f83ae9a2742b9caef94f0842b459348
b9983e0f3bd212e1f920657c96ca9b0f3ef62e4b6ebbd153abd0f1791ecac4a4
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bce29a0dfdf11c6e73b8ec94c69dfecda8c55e4052403f5605725fdfa9f6ec3a
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c1c4a5cd21da66fc405d7f029b47796497445dca00c11f9fb8eca2f90a171a5c
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c304be164d697444f4c480c7052ca7a25708686194dec476c55fbd500599f29c
c38bc4d28cb6dd5263a68b3efa74cd5b746f9083484871c54f4cd437c828b40e
c46e975fc3535ada808fc824ed124688634e1eca90f8e5fbd18a821e9e80068f
c6e098655bf365af10393cec5be569becfba92d4b3374f5f409ceaa5a3b3bad6
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
c96a3e443478227892693b5f48368af1720b31a64c703dbe7dd7acb85ae0e14d
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d2c30641eed11d27cc45ab60849aaef8d0cef92b8c75b09648ffb764bd6017c0
d678ab3b4e7dddf5615012cc1a930e50dfbc967181b8fbeb1b98d61549f5ed08
da3e511b908f924d06bcd56a2274b737f070823715600c460dc5d593b276f961
daa7570536a241579efb1eca60b9b8b3e30d171663777c0ca3011414a42cfc61
e11a59dd88d8cb969b8297e9e6e2cdd1012edaa60435e3c8330d90529af863cb
e28b35a3da8773aebff732255cd50f4693c5bc2b6906f7a0d2b9f76060d0a2e2
e348d772480f8c0e5fa546b3c531a38700ae16b5dad5defb5e67ade7f6d332e8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3fbe67fed994d974916f80939f43e83889b033b3a565f349f26255620037a4d
e450af4a7c4974ea3ff324b629876380e0ca9605333a57152a953310c4a4661a
e8dfa93e316db0c0dd5d74f51997783f3517b8db6c7fa2461898ae5109c0b429
e9d9a4ac74e536c050e8c6c9a95941e5009411ae61e9c2bcd8371f638b2ec661
eaa593bcfe485f4b5a8ac997cf9936604f9fbef91652db94a8e22b75d612bfc1
eb46d82ef6f86859f18e379660e0f45b85c6f69fa97111905f0c125a08506376
ed975bb9abdeeb1bbfdbade21b8fda090b77d786cc2fa4c6b4577ffc33530d5d
eee2832920de823a77ade71ddf71f135ef58d3d7aa14c2e48036e1faec3c2762
f1c5e16c3abc728ef3c7eb1ff66fc5b15f08232156bae6493e37becbd1b2f01d
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3
f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7ec795d6ca0df8d0083c41b1a57aed9a3500897442639a0c24999a749eed08a
f84781d3e65130fbcee9c8813916246764b2e335a6a4827009f817c3ca74c3f0
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
fd49219477a365773f010355db7e75d2430693594965a28d835d7c579536948f
fe85646af222500a866fd63beedb6ae00576c4afab4e0d28b15d9d6d92cb7da5

www.redpacketsecurity.com Open in urlscan Pro 2606:4700:20::ac43:4810 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

237 Requests

91 %HTTPS

52 %IPv6

24 Domains

33 Subdomains

24 IPs

7 Countries

2418 kBTransfer

6248 kBSize

28 Cookies

10 Outgoing links

Redirected requests

237 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.redpacketsecurity.com Open in urlscan Pro
2606:4700:20::ac43:4810 Public Scan

Screenshot
Live screenshot

Full Image

237
Requests

91 %
HTTPS

52 %
IPv6

24
Domains

33
Subdomains

24
IPs

7
Countries

2418 kB
Transfer

6248 kB
Size

28
Cookies

237 HTTP transactions
8 data transactions