www.reportdoor.com Open in urlscan Pro
2606:4700:3037::ac43:81eb Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://go.recordedfuture.com/e2t/tc/VX7T9Q85WqZFN90smMnKhZwsW5SJqyG4tkXxXN4vJDMk3hkBZV1-WJV7CgDjQW8qVK4N9bphhYVSJ-jd6TQMFyN8N...
Effective URL:
https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-lo...
Submission: On June 28 via api (June 28th 2021, 12:37:33 am UTC) from SG

Summary HTTP 228 Redirects Links 38 Behaviour Indicators

Summary

This website contacted 30 IPs in 5 countries across 22 domains to perform 228 HTTP transactions. The main IP is 2606:4700:3037::ac43:81eb, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.reportdoor.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 22nd 2021. Valid for: a year.

This is the only time www.reportdoor.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:2c40::c7... 2606:2c40::c73c:67fe	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
9	2606:4700:303... 2606:4700:3037::ac43:81eb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
3	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
24	199.232.137.44 199.232.137.44	54113 (FASTLY) (FASTLY)
7	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
45	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
2	213.202.235.8 213.202.235.8	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 2	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
12	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
2	185.106.33.48 185.106.33.48	200478 (TABOOLA-AS) (TABOOLA-AS)
47	151.101.13.44 151.101.13.44	54113 (FASTLY) (FASTLY)
4	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
5 5	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
4	3.120.52.76 3.120.52.76	16509 (AMAZON-02) (AMAZON-02)
1 1	2.19.35.65 2.19.35.65	16625 (AKAMAI-AS) (AKAMAI-AS)
2	104.109.78.125 104.109.78.125	16625 (AKAMAI-AS) (AKAMAI-AS)
3	34.198.78.234 34.198.78.234	14618 (AMAZON-AES) (AMAZON-AES)
4	185.94.180.123 185.94.180.123	35220 (SPOTX-AMS) (SPOTX-AMS)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
228	30

2 2606:2c40::c73c:67fe (United States) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

go.recordedfuture.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:3037::ac43:81eb (United States)

ASN13335 (CLOUDFLARENET, US)

www.reportdoor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 199.232.137.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
15.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imprammp.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wf.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.202.235.8 (Düsseldorf, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-vid-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
am-wf.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.106.33.48 (Israel)

ASN200478 (TABOOLA-AS, IL)

il-trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

47 151.101.13.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

vidstat.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.248.242.197 (United States)

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.94.180.126 (United States) 5 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.120.52.76 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-52-76.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.35.65 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-35-65.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.78.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.198.78.234 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-198-78-234.compute-1.amazonaws.com

ioms.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.123 (United States)

ASN35220 (SPOTX-AMS, US)

search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
85	taboola.com cdn.taboola.com trc.taboola.com 15.taboola.com trc-events.taboola.com il-trc-events.taboola.com vidstat.taboola.com images.taboola.com imprammp.taboola.com am-match.taboola.com wf.taboola.com am-vid-events.taboola.com sync-t1.taboola.com am-wf.taboola.com	1 MB
55	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	335 KB
13	ampproject.org cdn.ampproject.org	239 KB
13	doubleclick.net googleads.g.doubleclick.net	117 KB
9	spotxchange.com 5 redirects sync.search.spotxchange.com search.spotxchange.com	8 KB
9	reportdoor.com www.reportdoor.com images.reportdoor.com Failed	1012 KB
8	gstatic.com fonts.gstatic.com www.gstatic.com	315 KB
4	rubiconproject.com 1 redirects secure-assets.rubiconproject.com eus.rubiconproject.com token.rubiconproject.com	11 KB
4	bidswitch.net x.bidswitch.net	581 B
4	adsrvr.org match.adsrvr.org	1 KB
4	google.com 1 redirects adservice.google.com www.google.com	1 KB
3	bfmio.com ioms.bfmio.com	2 KB
3	googletagservices.com www.googletagservices.com	103 KB
3	google-analytics.com www.google-analytics.com	20 KB
3	twitter.com platform.twitter.com syndication.twitter.com	132 KB
2	exactag.com m.exactag.com	2 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	google.de adservice.google.de	975 B
2	recordedfuture.com 1 redirects go.recordedfuture.com	4 KB
1	gravatar.com secure.gravatar.com	2 KB
1	googleadservices.com partner.googleadservices.com	660 B
1	googletagmanager.com www.googletagmanager.com	36 KB
228	22

	Domain	Requested by
45	tpc.googlesyndication.com	googleads.g.doubleclick.net go.recordedfuture.com tpc.googlesyndication.com cdn.ampproject.org pagead2.googlesyndication.com
39	images.taboola.com	www.reportdoor.com
13	cdn.ampproject.org	googleads.g.doubleclick.net pagead2.googlesyndication.com
13	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net go.recordedfuture.com www.googletagservices.com
13	cdn.taboola.com	www.reportdoor.com cdn.taboola.com
10	pagead2.googlesyndication.com	www.reportdoor.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
9	www.reportdoor.com	go.recordedfuture.com www.reportdoor.com
8	vidstat.taboola.com	cdn.taboola.com vidstat.taboola.com
7	trc.taboola.com	cdn.taboola.com www.reportdoor.com
7	fonts.gstatic.com	www.reportdoor.com fonts.googleapis.com
5	sync.search.spotxchange.com	5 redirects
4	search.spotxchange.com	vidstat.taboola.com
4	x.bidswitch.net	am-match.taboola.com imprammp.taboola.com
4	match.adsrvr.org	am-match.taboola.com imprammp.taboola.com
3	ioms.bfmio.com	vidstat.taboola.com
3	sync-t1.taboola.com	am-match.taboola.com imprammp.taboola.com
3	am-vid-events.taboola.com	www.reportdoor.com vidstat.taboola.com
3	am-match.taboola.com	vidstat.taboola.com
3	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	am-wf.taboola.com	vidstat.taboola.com
2	eus.rubiconproject.com	am-match.taboola.com eus.rubiconproject.com
2	wf.taboola.com	vidstat.taboola.com
2	il-trc-events.taboola.com	www.reportdoor.com
2	www.google.com	1 redirects tpc.googlesyndication.com
2	m.exactag.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net tpc.googlesyndication.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	platform.twitter.com	www.reportdoor.com platform.twitter.com
2	go.recordedfuture.com	1 redirects
1	token.rubiconproject.com	eus.rubiconproject.com
1	secure-assets.rubiconproject.com	1 redirects
1	imprammp.taboola.com	vidstat.taboola.com
1	trc-events.taboola.com	www.reportdoor.com
1	15.taboola.com	cdn.taboola.com
1	www.gstatic.com	googleads.g.doubleclick.net
1	secure.gravatar.com	www.reportdoor.com
1	syndication.twitter.com	platform.twitter.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.googletagmanager.com	www.reportdoor.com
0	images.reportdoor.com Failed	www.reportdoor.com
228	42

This site contains links to these domains. Also see Links.

Domain
www.bleepingcomputer.com
msrc-blog.microsoft.com
twitter.com
popup.taboola.com
idealher.com
mortgageafterlife.com
buzzdestination.com
petball-trainer.org
track.cinderco.com
chk.livedomain.org
www.tips-and-tricks.co
rfvtgb.carnovels.com
www.manukafeed.com
1ffff1.llsdzktnxwnnr.com
7cbf15.llsdzktnxwnnr.com
dailygadgetsadvisor.com
chandy-supeemed.com
ourfashiontrends.com
beautifultrendstoday.com
e06a8d.llsdzktnxwnnr.com
hhdresearch.org
topgadgetinsider.com
track.trk51.com
newsmot.com
myhealthreads.com
rfvtgb.habittribe.com
data-sci-analytics-intl-ace.fyi
www.alwayspets.com
travelerdreams.com
lifeexact.com

Subject Issuer	Validity	Valid
go.recordedfuture.com Cloudflare Inc ECC CA-3	`2020-08-16` - `2021-08-16`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-04-22` - `2022-04-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-31` - `2021-08-23`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
*.exactag.com Sectigo ECC Domain Validation Secure Server CA	`2019-08-28` - `2021-09-13`	2 years	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-01` - `2022-04-04`	a year	crt.sh
*.bfmio.com Amazon	`2021-05-16` - `2022-06-14`	a year	crt.sh
*.spotxchange.com GeoTrust RSA CA 2018	`2021-03-10` - `2022-03-29`	a year	crt.sh

This page contains 21 frames:

Primary Page: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Frame ID: D3C3AD452D269F97F45C6AB4032CF49F
Requests: 122 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210623/r20190131/zrt_lookup.html
Frame ID: 29875D78C135764BB131AAA83D035391
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwww.reportdoor.com
Frame ID: 4C0BAC0173D842FC8515F8524CB08BEF
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&adk=1812271804&adf=3025194257&lmt=1624840622&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622185&bpp=3&bdt=219&idt=120&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5391867972087&frm=20&pv=2&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=140
Frame ID: A09F84F5E537660520E7A3298C07146A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=2241232556&adf=3132389021&pi=t.ma~as.2385331166&w=970&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=970x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622188&bpp=2&bdt=222&idt=166&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=315&ady=230&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=enIPsurCuu&p=https%3A//www.reportdoor.com&dtd=182
Frame ID: EA64462250D562FC80325740503E9C89
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199
Frame ID: D4528CBC13A8AC923204354E03E6F881
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230
Frame ID: A13D955F5A3A1EAC454DECBA0460E95F
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282
Frame ID: 997D6C61A21D04C6668B20283926FC95
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/DbygjneaO4DVyaaVGwd-ToFDSMFkJodatxAyqShhIKw.js
Frame ID: F90C9C0881DA0B3C2A35957B7BD644F0
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012106141722000/amp4ads-v0.mjs
Frame ID: F8C336C53CBAC1FF93BC4D45C9676627
Requests: 20 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html
Frame ID: E587590A43FB72C0F88172A7478B709F
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CjwfVrhnZYN_eGtWU9u8P7PKT0AWkt6O4Y7Gojq6LDsvxppj9JRABIO2C-TFglQKgAeiZ0NIDyAEJqAMByANIqgTMAU_QSAXtuuHmupsCwY5Egk6Q8NtOn4l2Rg3PwV3mlBIRKezbAfik0WEWjdAfy-QckbbRY1cWdETNX2ml6m1J4z4zY9y9qqrAV9wrXpAMVUx7ULxexRrCIP-NIQXKt-0N1wCsm4o-PBm_N6V-QUx5CGNstCne2tRDaX4H-zYIZIXV69SxcKA905qd9ZoDLn1bkj-A6AJ51vNVnjZTWbGyeuzddnKYo4LARTZtTjH4420gikpOZ283MA2-7iC-u4CgSZJkmS8z4yxrOEngDMAEzcDts8kDkgUECAQYAZIFBAgFGASgBi6AB4Dmry2oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQyqAc0ggJCIDhgBAQARgfgAoByAsB2BMK0BUBgBcBshcaChgIABIUcHViLTM1MTE0NDM3OTk0MDc0OTk&sigh=qxJl9Vy4Ups&template_id=419
Frame ID: 45219577D1855C53A999973DDB1CB0DF
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: E0992C69838C377E06C985BF8CA10669
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012106141722000/amp4ads-v0.mjs
Frame ID: A3D2BEE62B472D31AADB808BE8EF757C
Requests: 18 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66442115&crid=5999075&dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&cmcv=&pix=undefined&cb=1624840624171&uv=2991&tms=1624840624171&abt=adh5c-1_vA!insc_vA!lotc_vA!mprdctdt6_vA!nrlc_vA!smbs!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=6FDC3DCE423564382704032210&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Frame ID: 8811F910EAA64F4802EE8C7FDFFAE011
Requests: 4 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Frame ID: 41AED2E7421EC0845878070D0ABA9244
Requests: 4 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Frame ID: 76541BA2A7CBCC8DD1591455A917E782
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Frame ID: 20D58C1A64300D39C1712BF1AF9EC5D8
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 997C3D9DE7B2ACF52137D1B0CE0EE2AD
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CEC45FA544E4AEDE7BB5AB94EFCDC826
Requests: 1 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Frame ID: 2D9562E30C89E12DBE60B57E88950AB3
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://go.recordedfuture.com/e2t/tc/VX7T9Q85WqZFN90smMnKhZwsW5SJqyG4tkXxXN4vJDMk3hkBZV1-WJV7CgDjQW8qVK4N9... Page URL
https://go.recordedfuture.com/events/public/v1/track/tc/VX7T9Q85WqZFN90smMnKhZwsW5SJqyG4tkXxXN4vJDMk3hkBZV... HTTP 307
https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsof... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

228
Requests

98 %
HTTPS

52 %
IPv6

22
Domains

42
Subdomains

30
IPs

5
Countries

3773 kB
Transfer

8404 kB
Size

8
Cookies

38 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bleepingcomputer.com/news/security/microsoft-admits-to-signing-rootkit-malware-in-supply-chain-fiasco/
Title: says

Search URL Search Domain Scan URL

URL: https://msrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/
Title: confirmed

Search URL Search Domain Scan URL

URL: https://twitter.com/struppigel/status/1405483373280235520
Title: found

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=reportdoor-reportdoor&utm_medium=referral&utm_content=thumbnails-MidPage:MidPage%20Article%20Thumbnails:
Title: by Taboola

Search URL Search Domain Scan URL

URL: https://idealher.com/health/5-common-cancer-signs-pay-attention/?utm_source=taboola&utm_medium=reportdoor-reportdoor&utm_campaign=ih-cancer-signs-22-06&utm_term=5+Cancer+Symptoms&utm_content=3009800186_http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5ffec4092601f959f3c0a38824120021.jpg#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSDV60Io8oezgYja86gT
Title: IdealHer

Search URL Search Domain Scan URL

URL: http://mortgageafterlife.com/trending/celebs-gastric-sleeve-surgery/?utm_source=taboola&utm_medium=reportdoor-reportdoor&utm_campaign=4590384&utm_term=Precious+is+So+Skinny+Now+and+Looks+Gorgeous%21+%28Photos%29&utm_content=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F2a363cff6672ab7ac3333b039ce80ae6.jpg&ts=2021-06-28+00%3A37%3A03&tbv=fUSRlPE8VMZzubJLTcHwD5UrKHpAg4Jk0LXrdMFVXSc=&pcl=1
Title: Mortgage After Life

Search URL Search Domain Scan URL

URL: https://buzzdestination.com/what-really-happens-to-your-body-when-you-stop-making-love/?utm_source=taboola&utm_medium=Even+%2F+2+buzzdestination+%2F+ADV+43+%2F+Account+3+%2F+What+Really+Happens+To+Your+Body+When+You+Stop+Being+With+Someone&utm_campaign=1305601&tblci=GiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSCx-FIooIuSwZHi9PFJ#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSCx-FIooIuSwZHi9PFJ
Title: BuzzDestination

Search URL Search Domain Scan URL

URL: https://petball-trainer.org/da-n/?utm_source=taboola&utm_medium=referral#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSCf2FIotNSap5z8_6cR
Title: Pet Ball Trainer

Search URL Search Domain Scan URL

URL: https://track.cinderco.com/5f6324b3a49037000154d080?sub1=reportdoor-reportdoor&sub2=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fab0fbee6a082fac284afe4dbb512c66e.jpg&sub3=How+To+Back+Up+All+Your+Old+Photos+In+Seconds&sub4=2021-06-28+00%3A37%3A03&sub5=Desktop&sub6=7805689&sub7=2951704877&sub8=1305601&ref_id=GiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSD2nFEovOO8r-uyxaIp#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSD2nFEovOO8r-uyxaIp
Title: PhotoStick

Search URL Search Domain Scan URL

URL: https://chk.livedomain.org/205dca8e-3d1a-4979-bdad-af25e7358e19?network=taboola&ref=reportdoor-reportdoor&utm_term=Work+a+USA+job+from+home+in+Denmark&utm_content=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fbf3c4b8267859a5e3e38091a709d30e3.jpg&utm_campaign={campaign}&click_id=GiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSCTtUko8Pyj5LmNuLfhAQ&site_id=1305601&campaign_id=8292408&campaign_item_id=2965381600#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSCTtUko8Pyj5LmNuLfhAQ
Title: Work From Home | Search Ads

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=reportdoor-reportdoor&utm_medium=referral&utm_content=thumbs-feed-01:Below%20Article%20Thumbnails%20|%20Card%201:
Title: Sponsored

Search URL Search Domain Scan URL

URL: https://www.tips-and-tricks.co/cleaning/baking-soda-washing-machine/?utm_campaign=njht26qk&utm_source=Taboola&utm_medium=native&utm_term=reportdoor-reportdoor
Title: Tips and tricks

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=reportdoor-reportdoor&utm_medium=referral&utm_content=thumbs-feed-01-a:Below%20Article%20Thumbnails%20|%20Card%202:
Title: Sponsored

Search URL Search Domain Scan URL

URL: http://rfvtgb.carnovels.com/worldwide/princess-diana?utm_medium=taboola&utm_source=taboola&utm_campaign=ta-cn-diana-pics-mob-uk-27119f&utm_term=reportdoor-reportdoor
Title: Car Novels

Search URL Search Domain Scan URL

URL: https://www.manukafeed.com/4-proven-home-remedies-for-thicker-hair/?utm_source=reportdoor-reportdoor&utm_medium=taboola&utm_campaign=503_MF_ThickerHair_T3_all&utm_content=2921853657#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSDczEcoiPaN7q6q9cXjAQ
Title: Manuka Feed

Search URL Search Domain Scan URL

URL: https://1ffff1.llsdzktnxwnnr.com/?network=taboola&subid1=reportdoor-reportdoor&adtitle=Horsens%3A+Omkostningerne+ved+bilforsikring+kunne+overraske+dig&subid3=1305601&site=reportdoor-reportdoor&click_id=GiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSDW7FIoqcO_utqpm9qCAQ&subid4=el-dk-a-cari6dk-34119-c2006-tb&kw1=Billig+bilforsikring+i+Danmark&kw2=Bedste+bilforsikring+i+{City}&kw3=Bedste+bilforsikring+i+Danmark&kw4=Bedste+bilforsikring+2021&kw5=Bilforsikring+Pris+2021#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSDW7FIoqcO_utqpm9qCAQ
Title: Bilforsikring | Søgeannoncer

Search URL Search Domain Scan URL

URL: https://7cbf15.llsdzktnxwnnr.com/?network=taboola&subid1=reportdoor-reportdoor&adtitle=Prisen+p%C3%A5+tandimplantater+i+Horsens+vil+m%C3%A5ske+ovveraske+dig&subid3=1305601&site=reportdoor-reportdoor&click_id=GiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSDiyFIot6nU292Q64n_AQ&subid4=el-dk-a-deim21dk-34111-b1306-tb&kw1=S%C3%A5+Meget+B%C3%B8r+Tandimplantater+Koste+I+{City}&kw2=Tandimplantater+Priser&kw3=Tandimplantater+{City}&kw4=Billige+Tandimplantater&kw5=Bedste+Tandl%C3%A6ge+{City}#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSDiyFIot6nU292Q64n_AQ
Title: Tandimplantat | Søgeannoncer

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=reportdoor-reportdoor&utm_medium=referral&utm_content=thumbnails-sidebar:SIdeBar%20Article%20Thumbnails:
Title: Sponsored Links

Search URL Search Domain Scan URL

URL: https://dailygadgetsadvisor.com/vibes-watch-n/?utm_source=taboola&utm_medium=referral#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSCZ2FIo5-ivw6Kn7bx3
Title: Vibes SmartWatch

Search URL Search Domain Scan URL

URL: https://chandy-supeemed.com/f6cf129a-a06a-48ad-ad58-020e2654f38d?campaign=2110947&site=reportdoor-reportdoor&thumbnail=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fcb0ea9c5a99032f2b9fa3282a4bbc6fe.png&title=Revolutionerende+nye+brusehoveder+tager+Danmark+med+storm&adid=206164565#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSDSoEcoh7_jlKadmcV2
Title: ZenOasis

Search URL Search Domain Scan URL

URL: https://ourfashiontrends.com/after-avoiding-this-wedding-dx/?utm_source=taboola-dx&utm_campaign=dx-ww-a-oft-wedpren-all-230621-c11&utm_medium=tb11219457_1305601&utm_term=reportdoor-reportdoor&cpc=0.0011&click_id=GiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSC6mlAojeuKoJGM29vSAQ
Title: OurFashionTrends

Search URL Search Domain Scan URL

URL: https://beautifultrendstoday.com/man-built-an-incredible-tiny-house-dx/?utm_source=taboola-dx&utm_campaign=dx-ww-a-bts-scbusen-all-210621-c876&utm_medium=tb11139249_1305601&utm_term=reportdoor-reportdoor&click_id=GiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSCYjVAo9t_A8JiQ2JF6&cpc=0.0022
Title: BeautifulTrendsToday

Search URL Search Domain Scan URL

URL: https://e06a8d.llsdzktnxwnnr.com/?subid1=reportdoor-reportdoor&adtitle=Prisen+p%C3%A5+luksus+krydstogt+i+2021+vil+m%C3%A5ske+overraske+dig&subid3=1305601&site=reportdoor-reportdoor&network=taboola&click_id=GiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSCt61Io4YPGis6e_Zte&subid4=ed-dk-a-crui7dk-39389-b0505-tb&kw1=Cruise+I+Caribien&kw2=Krydstogt+Norge&kw3=Rejser+All+Inclusive&kw4=Krydstogt+Caribien+Norge&kw5=Bedste+Cruise+Tilbud&kw6=Krydstogter+Fra+K%C3%B8benhavn&backfill=0#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSCt61Io4YPGis6e_Zte
Title: Krydstogt | Søgeannoncer

Search URL Search Domain Scan URL

URL: http://hhdresearch.org/if-you-eat-ginger-every-day/?utm_source=reportdoor-reportdoor&utm_medium=taboola&utm_campaign=332_3_hhd_ginger_world2&utm_content=2914843309#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSCmnkcoiuHO58XlqO74AQ
Title: Health & Human Research

Search URL Search Domain Scan URL

URL: https://topgadgetinsider.com/barxstop-review-n/?utm_source=taboola&utm_medium=referral#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSCb2FIo1synj9Stm_SaAQ
Title: BarXStop

Search URL Search Domain Scan URL

URL: https://track.trk51.com/6a41c96a-e9a1-41c9-b99d-cc463cf1b951?site=reportdoor-reportdoor&thumbnail=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fc010d327bc2ded537069688382b8dedf.jpg&title=Prisen+p%C3%A5+tandimplantater+kan+overraske+dig&platform=Desktop&campaign_id=3499237&campaign_item_id=2863685310&taboolaclickid=GiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSC0sUUo3tClgZTpyJ15&utm_source=taboola&utm_medium=referral&taboolaclickid=GiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSC0sUUo3tClgZTpyJ15#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSC0sUUo3tClgZTpyJ15
Title: Tandimplantater | Søgeannoncer

Search URL Search Domain Scan URL

URL: https://newsmot.com/nar-forskere-boret-ind-i-mount-kilimanjaro-de-fandt-en-bibelsk-secret-dybt-inde-i-isen/?utm_source=google&utm_medium=organic&tblci=GiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSDrwVQo6tuzsa6KoOIC#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSDrwVQo6tuzsa6KoOIC
Title: newsmot.com

Search URL Search Domain Scan URL

URL: https://myhealthreads.com/use-these-warnings-from-nature-to-avoid-emergencies-or-disasters/?utm_source=taboola&utm_term=reportdoor-reportdoor_1305601&utm_content=2982682757&utm_medium=referral&utm_campaign=NatureWarnSB-All-DTM-MHR-TB-9375559#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSDs6koo8rz6xqCcvYadAQ
Title: MyHealthReads.com

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=reportdoor-reportdoor&utm_medium=referral&utm_content=thumbs-feed-01-y-delta:Explore%20More%20|%20Card%203:
Title: Sponsored

Search URL Search Domain Scan URL

URL: http://rfvtgb.habittribe.com/worldwide/beauty?utm_medium=taboola&utm_source=taboola&utm_campaign=ta-hb-beauty-s-des-0w-an-07021d&utm_term=reportdoor-reportdoor&utm_bid=w9KMAlNPuBfbFWZLg9Rck7oCq11B5ep09u0S2SrMscw=
Title: Habit Tribe

Search URL Search Domain Scan URL

URL: https://data-sci-analytics-intl-ace.fyi/?sub_id=taboola_37916_System1_DataScience_all_World_reportdoor-reportdoor&ref=taboola_reportdoor-reportdoor&tbid=1347214&tbclick=S1Click&rskey=Data+Science%2FAnalytics+Might+Surprise+You&tblci=GiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSD9nlIo54Llu4rbiKwP#tblciGiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSD9nlIo54Llu4rbiKwP
Title: Data Science/Analytics | Search Ads

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=reportdoor-reportdoor&utm_medium=referral&utm_content=thumbs-feed-01-y-em-delta:Explore%20More%20|%20Card%205:
Title: Sponsored

Search URL Search Domain Scan URL

URL: https://www.alwayspets.com/s/hilarious-dog-memes-a523c4c61d4e4045?utm_campaign=dogmemeslol-372721f5c2bb4734&utm_source=tab&utm_medium=cpc&utm_term=reportdoor-reportdoor
Title: Always Pets

Search URL Search Domain Scan URL

URL: https://travelerdreams.com/children-reveal-hidden-secret-to-sh/?utm_source=taboola-dx&utm_campaign=dx-ww-a-trd-secreen-all-170621-c1078&utm_medium=tb11042095_1305601&utm_term=reportdoor-reportdoor&click_id=GiDQ-ObbQn3-iX6yamvO1s8Rcpd6VczApVmbqrJEANOgGSCgjVAo1peip8ywrOwc&cpc=0.0011
Title: TravelerDreams

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=reportdoor-reportdoor&utm_medium=referral&utm_content=blend-next-up-a:Next%20Up:
Title: Sponsored

Search URL Search Domain Scan URL

URL: https://lifeexact.com/trending/brightest-stars-80s-now-grace-j?utm_source=taboola&utm_medium=reportdoor-reportdoor&utm_campaign=11257269&utm_term=Grace+Jones+Is+Now+72+Years+Old%2C+This+Is+Her+Now&utm_content=http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F509aec62cc707de45bbe0d733bca8e4a.png&ts=2021-06-28+00%3A37%3A03&tbv=N248fVdCnwMcqlv9FnOh8M3z_SjwYhhkRQq259g2bag=&pcl=1&br=1
Title: Life Exact Brazil

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://go.recordedfuture.com/e2t/tc/VX7T9Q85WqZFN90smMnKhZwsW5SJqyG4tkXxXN4vJDMk3hkBZV1-WJV7CgDjQW8qVK4N9bphhYVSJ-jd6TQMFyN8NkBcyYY8LyW8gH1Nt92GxTZW5BwBDR4Zy__GN1YPb73FFXtVW1F5q9n6G-zgtW4LWjHL4GkP0ZW5BWl123Gbr2PW1cx-fv2rk3T3VSq7pZ2F3d59W9bYjlR15QVqFW3zmRFY8CD0PQW558v1t18t_PNW15cc3p339mC1W4sY-Ns4q04t-W26hbPl7_w2M2W19Hqsq5NTdnjW6103JV3FfRQ_N8lkxHGzcJmZVqf2GF2GszSPW4lNXM89535nhW7YgXL12cmCRnW4hFhMB4LyG0TW35n9tL6Z7bJrW6rTn4w4mF0b1W3zwQ3_7bxrVTW2S1kn32VmMlXV8nXMx46qp6CW8nlhz48Rld4r33LM1 Page URL
https://go.recordedfuture.com/events/public/v1/track/tc/VX7T9Q85WqZFN90smMnKhZwsW5SJqyG4tkXxXN4vJDMk3hkBZV1-WJV7CgDjQW8qVK4N9bphhYVSJ-jd6TQMFyN8NkBcyYY8LyW8gH1Nt92GxTZW5BwBDR4Zy__GN1YPb73FFXtVW1F5q9n6G-zgtW4LWjHL4GkP0ZW5BWl123Gbr2PW1cx-fv2rk3T3VSq7pZ2F3d59W9bYjlR15QVqFW3zmRFY8CD0PQW558v1t18t_PNW15cc3p339mC1W4sY-Ns4q04t-W26hbPl7_w2M2W19Hqsq5NTdnjW6103JV3FfRQ_N8lkxHGzcJmZVqf2GF2GszSPW4lNXM89535nhW7YgXL12cmCRnW4hFhMB4LyG0TW35n9tL6Z7bJrW6rTn4w4mF0b1W3zwQ3_7bxrVTW2S1kn32VmMlXV8nXMx46qp6CW8nlhz48Rld4r33LM1?_ud=04779fee-6192-47d2-8e57-8c22d8fde7f4&_ch=p&_pr2=p&_pl=0&_lg=en-US&_dr=b&_ts=p HTTP 307
https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 118

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 184

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1--- HTTP 302
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---&__user_check__=1&sync_id=f5cca090-d7a8-11eb-ae98-10b91cd50106 HTTP 302
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=f5cca044-d7a8-11eb-ae98-10b91cd50106&orig=video&us_privacy=1---

Request Chain 187

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1--- HTTP 302
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1---&__user_check__=1&sync_id=f5cce8ea-d7a8-11eb-a604-1a3233820506 HTTP 302
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=f5cce89a-d7a8-11eb-a604-1a3233820506&orig=video&us_privacy=1---

Request Chain 202

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint= HTTP 301
https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

Request Chain 227

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3Dvideo%26us_privacy%3D1--- HTTP 302
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=fb7a909c-d7a8-11eb-8e27-169e7f670006&orig=video&us_privacy=1---

228 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 VX7T9Q85WqZFN90smMnKhZwsW5SJqyG4tkXxXN4vJDMk3hkBZV1-WJV7CgDjQW8qVK4N9bphhYVSJ-jd6TQMFyN8NkBcyYY8LyW8gH1Nt92GxTZW5BwBDR4Zy__GN1YPb73FFXtVW1F5q9n6G-zgtW4LWjHL4GkP0ZW5BWl123Gbr2PW1cx-fv2rk3T3VSq7pZ2F3...
go.recordedfuture.com/e2t/tc/ 9 KB
3 KB 68ms
42ms Document
text/html 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://go.recordedfuture.com/e2t/tc/VX7T9Q85WqZFN90smMnKhZwsW5SJqyG4tkXxXN4vJDMk3hkBZV1-WJV7CgDjQW8qVK4N9bphhYVSJ-jd6TQMFyN8NkBcyYY8LyW8gH1Nt92GxTZW5BwBDR4Zy__GN1YPb73FFXtVW1F5q9n6G-zgtW4LWjHL4GkP0ZW5BWl123Gbr2PW1cx-fv2rk3T3VSq7pZ2F3d59W9bYjlR15QVqFW3zmRFY8CD0PQW558v1t18t_PNW15cc3p339mC1W4sY-Ns4q04t-W26hbPl7_w2M2W19Hqsq5NTdnjW6103JV3FfRQ_N8lkxHGzcJmZVqf2GF2GszSPW4lNXM89535nhW7YgXL12cmCRnW4hFhMB4LyG0TW35n9tL6Z7bJrW6rTn4w4mF0b1W3zwQ3_7bxrVTW2S1kn32VmMlXV8nXMx46qp6CW8nlhz48Rld4r33LM1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: go.recordedfuture.com
:scheme: https
:path: /e2t/tc/VX7T9Q85WqZFN90smMnKhZwsW5SJqyG4tkXxXN4vJDMk3hkBZV1-WJV7CgDjQW8qVK4N9bphhYVSJ-jd6TQMFyN8NkBcyYY8LyW8gH1Nt92GxTZW5BwBDR4Zy__GN1YPb73FFXtVW1F5q9n6G-zgtW4LWjHL4GkP0ZW5BWl123Gbr2PW1cx-fv2rk3T3VSq7pZ2F3d59W9bYjlR15QVqFW3zmRFY8CD0PQW558v1t18t_PNW15cc3p339mC1W4sY-Ns4q04t-W26hbPl7_w2M2W19Hqsq5NTdnjW6103JV3FfRQ_N8lkxHGzcJmZVqf2GF2GszSPW4lNXM89535nhW7YgXL12cmCRnW4hFhMB4LyG0TW35n9tL6Z7bJrW6rTn4w4mF0b1W3zwQ3_7bxrVTW2S1kn32VmMlXV8nXMx46qp6CW8nlhz48Rld4r33LM1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:36:55 GMT
content-type: text/html;charset=utf-8
cf-ray: 6662d7f8ab314dca-FRA
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 0af1a54f6a00004dca1f2fc000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
x-hubspot-correlation-id: eac6c312-064d-4125-a8ff-a9c4d86e1400
x-robots-tag: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=BZqV0Bxcpb3I5ntecQErA2SqvGkqAYEJxalFTMF7iIlvr3DuKnCzuZHoLsZVuMVLWxhNYFYBXd%2ByHFDzWI4ByyXVT%2BtHw2bfCrY0UlK%2ByFgp%2BYeZ4CoF3ZwK79PMdZc14d%2BBjC7w6EQ1YV5BXNI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
set-cookie: __cfruid=eb75d56ab465fc19fb08a17f0c32866b4ea3128a-1624840615; path=/; domain=.go.recordedfuture.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br

GET
H2

200

Primary Request / Show response
www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/
Redirect Chain

https://go.recordedfuture.com/events/public/v1/track/tc/VX7T9Q85WqZFN90smMnKhZwsW5SJqyG4tkXxXN4vJDMk3hkBZV1-WJV7CgDjQW8qVK4N9bphhYVSJ-jd6TQMFyN8NkBcyYY8LyW8gH1Nt92GxTZW5BwBDR4Zy__GN1YPb73FFXtVW1F5q...
https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h...

58 KB
10 KB

5951ms
5924ms

Document
text/html

2606:4700:3037::ac43:81eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Requested by: Host: go.recordedfuture.com
URL: https://go.recordedfuture.com/e2t/tc/VX7T9Q85WqZFN90smMnKhZwsW5SJqyG4tkXxXN4vJDMk3hkBZV1-WJV7CgDjQW8qVK4N9bphhYVSJ-jd6TQMFyN8NkBcyYY8LyW8gH1Nt92GxTZW5BwBDR4Zy__GN1YPb73FFXtVW1F5q9n6G-zgtW4LWjHL4GkP0ZW5BWl123Gbr2PW1cx-fv2rk3T3VSq7pZ2F3d59W9bYjlR15QVqFW3zmRFY8CD0PQW558v1t18t_PNW15cc3p339mC1W4sY-Ns4q04t-W26hbPl7_w2M2W19Hqsq5NTdnjW6103JV3FfRQ_N8lkxHGzcJmZVqf2GF2GszSPW4lNXM89535nhW7YgXL12cmCRnW4hFhMB4LyG0TW35n9tL6Z7bJrW6rTn4w4mF0b1W3zwQ3_7bxrVTW2S1kn32VmMlXV8nXMx46qp6CW8nlhz48Rld4r33LM1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:81eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d24b1df799ea526a7b7f7e7c65855831ba773d802b504e5ea8758e998d454118

Request headers

:method: GET
:authority: www.reportdoor.com
:scheme: https
:path: /microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://go.recordedfuture.com/e2t/tc/VX7T9Q85WqZFN90smMnKhZwsW5SJqyG4tkXxXN4vJDMk3hkBZV1-WJV7CgDjQW8qVK4N9bphhYVSJ-jd6TQMFyN8NkBcyYY8LyW8gH1Nt92GxTZW5BwBDR4Zy__GN1YPb73FFXtVW1F5q9n6G-zgtW4LWjHL4GkP0ZW5BWl123Gbr2PW1cx-fv2rk3T3VSq7pZ2F3d59W9bYjlR15QVqFW3zmRFY8CD0PQW558v1t18t_PNW15cc3p339mC1W4sY-Ns4q04t-W26hbPl7_w2M2W19Hqsq5NTdnjW6103JV3FfRQ_N8lkxHGzcJmZVqf2GF2GszSPW4lNXM89535nhW7YgXL12cmCRnW4hFhMB4LyG0TW35n9tL6Z7bJrW6rTn4w4mF0b1W3zwQ3_7bxrVTW2S1kn32VmMlXV8nXMx46qp6CW8nlhz48Rld4r33LM1

Response headers

date: Mon, 28 Jun 2021 00:37:01 GMT
content-type: text/html; charset=UTF-8
wpo-cache-status: not cached
wpo-cache-message: In the settings, caching is disabled for matches for one of the current request's GET parameters
link: <https://www.reportdoor.com/wp-json/>; rel="https://api.w.org/", <https://www.reportdoor.com/wp-json/wp/v2/posts/393231>; rel="alternate"; type="application/json", <https://www.reportdoor.com/?p=393231>; rel=shortlink
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
cf-request-id: 0af1a55068000006012d1ab000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ZOHQrglZTvN4R7Eg62F9SymyF9ui6X1T2u3rLbb2jXAOPSxCXLNt5ICKd9sg1%2FtP80%2B%2BSz8w4AScRg0%2FC0xNnkB6LW%2FWfb4rKU1Pco4gsHQUjVwS3soXjT0RCkExol%2Bu%2By0COXAxTCpSSOS8"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6662d7fa3bca0601-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

date: Mon, 28 Jun 2021 00:36:56 GMT
location: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
cf-ray: 6662d7f90ba44dca-FRA
link: <https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss>; rel="canonical"
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 0af1a54fa000004dcab7a4d000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
x-hubspot-correlation-id: ea87084c-cef4-4084-be0e-59443d30488b
x-robots-tag: none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=u0flLXE24P%2BrfLvFoO9YkXnt87e78pF5dYGlGCdbx2Xmk0ZhowHiGalh%2FShD8BykPdxy32BWyIGXPf4Kco9gzvAkGRY548L1vJH7C26Ka4BJqdINJDPb2XLmPnnp9oodmzxrgYpayC%2FU2WVjnr0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 21ms
20ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-164811841-1

Requested by

Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a2f2549d8026075374e4142efd027243975416bf5a1d936425eb9a0e684ab05f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:01 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36365
x-xss-protection: 0
last-modified: Mon, 28 Jun 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 28 Jun 2021 00:37:01 GMT

GET
H3-29 200 wpo-minify-header-cfe92710.min.css
www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/ 272 KB
41 KB 44ms
31ms Stylesheet
text/css 2606:4700:3037::ac43:81eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-header-cfe92710.min.css
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:81eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d1b208f920331804c35ce111ba9ba0a6fbb6fc05b79c5cab88fdaad758a18be

Request headers

:path: /wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-header-cfe92710.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.reportdoor.com
referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2998
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0af1a567a000002b1e7ea2a000000001
last-modified: Fri, 25 Jun 2021 19:52:44 GMT
server: cloudflare
etag: W/"44000-5c59c7baca831-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=E1VKlMJ3W633Wd8r7WTyoa99y%2BkJbNoHwyWp12Rl2TITWyfNqanVxNdAMBBsoA%2BROfUJKnvBIJnJYoJv51ahigU%2FRAV399jr2smDZg3ZLAX%2F%2Fye25tn0CTJQ8ZmOe6sPVOBfjFEe3AKPQUJ%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 6662d81f6b2e2b1e-FRA

GET
H3-29 200 wpo-minify-header-b5121f49.min.js Show response
www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/ 108 KB
36 KB 32ms
20ms Script
application/javascript 2606:4700:3037::ac43:81eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-header-b5121f49.min.js
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:81eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ef1ed69f675387b64ca365d659c14c972a3b593199552c020017cc9e6ceacfe

Request headers

:path: /wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-header-b5121f49.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.reportdoor.com
referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:01 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5341
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0af1a567a000002b1e8f1cb000000001
last-modified: Fri, 25 Jun 2021 19:52:44 GMT
server: cloudflare
etag: W/"1b0e4-5c59c7bad1592-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=l85Q%2F6Q6L4J3X0acRUy7nbskrwfXpwVKWPhH5yqlQgQh28Vrfjozkm3gaVOSTlluNjtrcsSRRrybedTPnp1gyehwWjtJi8mjPUy%2BupbaUWKL9dD0QdyT9eDKrQdZ1JVaNH5E3mwIZTY%2BzvSF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6662d81f6b2c2b1e-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 136 KB
49 KB 42ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27ea74dfb4a30a347127033f5d7b36b3ede2dcb0a496d0b34f5043068b944006

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49104
x-xss-protection: 0
server: cafe
etag: 6451195366741806814
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 00:37:02 GMT

GET
H3-29 200 Microsoft-signed-a-driver-loaded-with-rootkit-malware-2048x1365.jpeg
www.reportdoor.com/wp-content/uploads/2021/06/ 444 KB
445 KB 118ms
115ms Image
image/jpeg 2606:4700:3037::ac43:81eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.reportdoor.com/wp-content/uploads/2021/06/Microsoft-signed-a-driver-loaded-with-rootkit-malware-2048x1365.jpeg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:81eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc45ed9f7350510b142ce360983d7465d798ff703c6670de148ef33128de2b4d

Request headers

:path: /wp-content/uploads/2021/06/Microsoft-signed-a-driver-loaded-with-rootkit-malware-2048x1365.jpeg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.reportdoor.com
referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:02 GMT
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 454510
cf-request-id: 0af1a567dd00002b1e968df000000001
last-modified: Sun, 27 Jun 2021 16:59:00 GMT
server: cloudflare
etag: "6ef6e-5c5c24a11a2b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=LjfOZZjdQiDj9PUziYMVasSvCoB5A3gfw%2Bi8dxiVaFrEXqKuzRRHTdfrg2VpmdVNZtjrUa%2B%2BRsnafBV8lxwAE%2FSkf%2BeQXMGy4ibAj6xdKppUj89rdqaEMLzkRfUBDE13JecpJJgt%2F2clV4sg"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6662d81fcb9d2b1e-FRA

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 8ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6796) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 28 Jun 2021 00:37:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/6796)
Age: 1246
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

GET
H3-29 200 Apple-lists-the-devices-you-should-keep-away-from-your-1536x1023.jpeg
www.reportdoor.com/wp-content/uploads/2021/06/ 126 KB
127 KB 108ms
107ms Image
image/jpeg 2606:4700:3037::ac43:81eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.reportdoor.com/wp-content/uploads/2021/06/Apple-lists-the-devices-you-should-keep-away-from-your-1536x1023.jpeg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:81eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2fd7bd1726f4e978bfff408bf5fc4494ba0861c4dc54a484eef637539f9e89b7

Request headers

:path: /wp-content/uploads/2021/06/Apple-lists-the-devices-you-should-keep-away-from-your-1536x1023.jpeg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.reportdoor.com
referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:02 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 129125
cf-request-id: 0af1a567dd00002b1ebd2be000000001
last-modified: Sun, 27 Jun 2021 21:30:32 GMT
server: cloudflare
etag: "1f865-5c5c61521f699"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=AeTScovvNPsdAqk39Q0ybC3yLhOjTrTSumH26d7Ldm9G2W6PqYGtnlnmNfBRm90WqImfzGQytu7McxeFdVfY3UGNKATbCdEGQR1WS7CnkeszjSDx0HloyIdvBZ3ZnMTB8sZxE70hIiTCoBQb"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6662d81fcb9f2b1e-FRA

GET
H3-29 200 Samsungs-Galaxy-Buds-2-might-sport-a-slicker-more-colorful-1536x1024.jpeg
www.reportdoor.com/wp-content/uploads/2021/06/ 108 KB
109 KB 103ms
101ms Image
image/jpeg 2606:4700:3037::ac43:81eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.reportdoor.com/wp-content/uploads/2021/06/Samsungs-Galaxy-Buds-2-might-sport-a-slicker-more-colorful-1536x1024.jpeg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:81eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 753f6ba4548243a04d1aadf37418d15e535a8159ce6a1f6a303e33f8dc940f67

Request headers

:path: /wp-content/uploads/2021/06/Samsungs-Galaxy-Buds-2-might-sport-a-slicker-more-colorful-1536x1024.jpeg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.reportdoor.com
referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:02 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 110487
cf-request-id: 0af1a567dd00002b1e5403f000000001
last-modified: Sun, 27 Jun 2021 21:05:46 GMT
server: cloudflare
etag: "1af97-5c5c5bc8c1985"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gpfMOHlBNBWWqK447iyjSmDhPc75OB%2By0VJH1YFt9epJdz6Shs2UwHEHJe05JFTaB2WNl4cDX3XROon%2BVS%2Fb152VE4%2B13%2F9AlZTwQMjxZo6OCoVkWhjR0eJNtK9e7F61cJJisMSDxFHYnSq0"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6662d81fcba12b1e-FRA

GET
H3-29 200 Venmo-will-let-you-sell-goods-through-your-personal-account-2048x1365.jpeg
www.reportdoor.com/wp-content/uploads/2021/06/ 146 KB
146 KB 140ms
138ms Image
image/jpeg 2606:4700:3037::ac43:81eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.reportdoor.com/wp-content/uploads/2021/06/Venmo-will-let-you-sell-goods-through-your-personal-account-2048x1365.jpeg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:81eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1744aa42e617eb4af823391ed6ca00f1d2684f74db5f0519116ab4d9fffa6fed

Request headers

:path: /wp-content/uploads/2021/06/Venmo-will-let-you-sell-goods-through-your-personal-account-2048x1365.jpeg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.reportdoor.com
referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:02 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 149150
cf-request-id: 0af1a567de00002b1e73bd8000000001
last-modified: Sun, 27 Jun 2021 20:08:21 GMT
server: cloudflare
etag: "2469e-5c5c4ef39a53d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2HkWKKzSuvURGniBxSFRjlGejePkXvGmFxkI9uKtnyqIKmtDwGIlr6%2FMdHEAaAGKcaeYNIaYegRHkA2DoJ2gnriF3xM8%2FNbEsrPP9iHLPDN3NcTXCkfU8H3MQW2xDvUpip%2F17Sj7kosWVjvm"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6662d81fcba22b1e-FRA

GET
H3-29 200 wpo-minify-footer-600d28e6.min.js Show response
www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/ 109 KB
33 KB 22ms
22ms Script
application/javascript 2606:4700:3037::ac43:81eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-footer-600d28e6.min.js
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:81eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02dda8e6f5f4912491f3479276a064c48e059843c101b1b75aea03e57fd75fa8

Request headers

:path: /wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-footer-600d28e6.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.reportdoor.com
referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 886
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0af1a567c500002b1eb310c000000001
last-modified: Fri, 25 Jun 2021 19:52:52 GMT
server: cloudflare
etag: W/"1b493-5c59c7c2bdaef-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=bsBvrRdwkJ7QG9xJxR50GnoUYAJexXaYNYT2zyZeWOibHdoCA3F8ApwzySGeftOVLCk%2Bb%2BYedJqG66NlPEEPNP2iaHxL2nbCjKH4EoBTGEckVH21K7uJgVPqqb2NWaYgM2EMlVAR7%2BmEROSr"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 6662d81fab6d2b1e-FRA

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-164811841-1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 3414
date: Sun, 27 Jun 2021 23:40:08 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Mon, 28 Jun 2021 01:40:08 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/reportdoor-network/ 273 KB
28 KB 103ms
33ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/reportdoor-network/loader.js
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5e3ebe8564a8a62361ece8eaf0f6b21fee39df4d2eea24ee965a476bbfe6633f

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: pdRC8BWWo6tyb3DXJn9iwcopjIzw1y8I
content-encoding: gzip
etag: "23a34ce08fa6f7ee6d5df4c2d6e2aff6"
age: 82
x-cache: HIT
content-length: 27781
x-amz-id-2: /ctRRw9/BRlOWFQ/N559xpHAWguJUUKT0po1dDkg+feSkdt03tkRh2YnzDmxXcRiiWbo8a74BsA=
x-served-by: cache-hhn11563-HHN
last-modified: Sun, 27 Jun 2021 08:52:04 GMT
server: AmazonS3
x-timer: S1624840622.130651,VS0,VE1
date: Mon, 28 Jun 2021 00:37:02 GMT
vary: Accept-Encoding
x-amz-request-id: B8109YQSEWA2SJSQ
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 63
x-cache-hits: 1

GET
H3-29 200 mem8YaGs126MiZpBA-U1UQ.woff
fonts.gstatic.com/s/opensans/v20/ 54 KB
54 KB 7ms
7ms Font
font/woff 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-U1UQ.woff

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3adc584fb0bef1fbf9b1c0ecddde5727643b4334c734db78b517ab112d92e1d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.reportdoor.com
Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 06:35:01 GMT
x-content-type-options: nosniff
age: 410521
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55324
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:20 GMT
server: sffe
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 06:35:01 GMT

GET
H3-29 200 fontawesome-webfont.woff2
www.reportdoor.com/wp-content/themes/herald/assets/fonts/ 65 KB
66 KB 14ms
13ms Font
font/woff2 2606:4700:3037::ac43:81eb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.reportdoor.com/wp-content/themes/herald/assets/fonts/fontawesome-webfont.woff2
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-header-cfe92710.min.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:81eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Request headers

:path: /wp-content/themes/herald/assets/fonts/fontawesome-webfont.woff2
pragma: no-cache
origin: https://www.reportdoor.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.reportdoor.com
referer: https://www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-header-cfe92710.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.reportdoor.com
Referer: https://www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-header-cfe92710.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:02 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 7158
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 66624
cf-request-id: 0af1a567e200002b1ebfbb9000000001
last-modified: Sun, 14 Jun 2020 04:52:25 GMT
server: cloudflare
etag: "10440-5a8041393324e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=n9XF2M2JpaLSvChBaMMmBbqeUkMHf17ZDxDy3YMu1c%2FSwqSkOOSx17tWprsvdD5I3OLgRTpXYaZwmNAD27W%2F26llaPVnBybRYqsWBojUkvzpmOLTSgSNGFwcU0hU%2FusWPm9CRphSbGSJ59Kv"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6662d81fcbaa2b1e-FRA

GET
H3-29 200 BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4OWaw.woff
fonts.gstatic.com/s/robotoslab/v13/ 72 KB
72 KB 9ms
9ms Font
font/woff 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4OWaw.woff

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14eb457f7e0dffb50280fc147d2e1ac2b7cbb5705e42484a792b7960bd4ff61e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.reportdoor.com
Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 13:49:46 GMT
x-content-type-options: nosniff
age: 384436
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 73588
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 22:35:00 GMT
server: sffe
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 13:49:46 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UNirk-Vg.woff
fonts.gstatic.com/s/opensans/v20/ 56 KB
56 KB 11ms
10ms Font
font/woff 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UNirk-Vg.woff

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9448f7c3bd336008d83d3e4730ac005be651a3a39ade1d36ebb29b5be9201235

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.reportdoor.com
Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 11:36:03 GMT
x-content-type-options: nosniff
age: 478859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57744
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:24 GMT
server: sffe
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 11:36:03 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
882 B 7ms
6ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:33:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 230
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Mon, 28 Jun 2021 01:33:12 GMT

GET
H3-29 200 BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISWaw.woff
fonts.gstatic.com/s/robotoslab/v13/ 70 KB
70 KB 7ms
7ms Font
font/woff 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISWaw.woff

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a564cbbf3c924e1085480876d59fd2d773a652f3f20eeda8dcf37603003e35c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.reportdoor.com
Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 23:33:00 GMT
x-content-type-options: nosniff
age: 435842
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71892
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 22:32:16 GMT
server: sffe
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 23:33:00 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210623/r20190131/ 240 KB
89 KB 43ms
30ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210623/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3511443799407499&plah=www.reportdoor.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45438ac938e6613185f4cec0aac33ce6946e88ece9ffd9f916859e08d6509454

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91015
x-xss-protection: 0
server: cafe
etag: 11458787442517343973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 28 Jun 2021 00:37:02 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210623/r20190131/ Frame 2987 10 KB
5 KB 25ms
5ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210623/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20b3bad1427e2212dd847357841f993f025b5061c4af1d382dcc727e102cc1e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210623/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reportdoor.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.reportdoor.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 27 Jun 2021 03:56:11 GMT
expires: Sun, 11 Jul 2021 03:56:11 GMT
content-type: text/html; charset=UTF-8
etag: 15579341980913220427
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4579
x-xss-protection: 0
age: 74451
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame 4C0B 319 KB
103 KB 6ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwww.reportdoor.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6723) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.reportdoor.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.reportdoor.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 271400
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 28 Jun 2021 00:37:02 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6723)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 13ms
13ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=1401565&t=pageview&_s=1&dl=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&ul=en-us&de=UTF-8&dt=Microsoft%20signed%20a%20driver%20loaded%20with%20rootkit%20malware%20-%20Report%20Door&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAAUIhAAAAAC~&jid=302073354&gjid=208557787&cid=906259880.1624840622&tid=UA-164811841-1&_gid=1487932846.1624840622&_r=1&gtm=2ou6n0&did=dZGIzZG&z=1098574640

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 00:37:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.reportdoor.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 impl.20210627-5-RELEASE.js Show response
cdn.taboola.com/libtrc/ 525 KB
118 KB 34ms
33ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/reportdoor-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 56b72a82f7d6ad45158f432332f75f18b7b5dca700337772ba6c520437dd7d9e

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 4NfZwv2L79Hh.B8qtpVzVPlt1xX9fiJ7
content-encoding: br
etag: "1d5a61faa6fafa766d2f0a9aeacee1f5"
age: 28523
x-cache: HIT
content-length: 119991
x-amz-id-2: 2EYzA7MQ85BJJm0D1mOaMlj8oKbU8Bs1idHT03s2Uio9NVILqsVu3b02Hwg3P9TVCWozYeds1Hs=
x-served-by: cache-hhn11563-HHN
last-modified: Sun, 27 Jun 2021 08:36:17 GMT
server: AmazonS3-br
x-timer: S1624840622.297686,VS0,VE0
date: Mon, 28 Jun 2021 00:37:02 GMT
vary: Accept-Encoding
x-amz-request-id: A2SYHJ21S7CB76NF
via: 1.1 varnish
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: application/javascript
abp: 24
x-cache-hits: 181707

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 204 B
660 B 125ms
42ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.reportdoor.com&callback=_gfp_s_&client=ca-pub-3511443799407499

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210623/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3511443799407499&plah=www.reportdoor.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

545995b05ab1947e4a3c2cca73c747b7faf2d0c397894d4adf52c13dc9738579

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 34ms
15ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.reportdoor.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Jun 2021 00:37:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 33ms
14ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.reportdoor.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Jun 2021 00:37:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A09F 0
19 B 69ms
67ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&adk=1812271804&adf=3025194257&lmt=1624840622&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622185&bpp=3&bdt=219&idt=120&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5391867972087&frm=20&pv=2&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=140

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3511443799407499&output=html&adk=1812271804&adf=3025194257&lmt=1624840622&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622185&bpp=3&bdt=219&idt=120&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5391867972087&frm=20&pv=2&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=140
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reportdoor.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.reportdoor.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 28 Jun 2021 00:37:02 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Jun-2021 00:52:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Jun 2021 00:37:02 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
28 KB 41ms
13ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92857904df325afe1f29a64b2382eb7df89626a03d79bd16be4dac1296c3aef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:02 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624469958711216"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27719
x-xss-protection: 0
expires: Mon, 28 Jun 2021 00:37:02 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 14ms
13ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=adfil-imp&wp=ca-pub-3511443799407499&c=9&e=2570847921467975139&n=0&t=0&w=517&x=6

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 00:37:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EA64 70 KB
24 KB 510ms
509ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=2241232556&adf=3132389021&pi=t.ma~as.2385331166&w=970&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=970x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622188&bpp=2&bdt=222&idt=166&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=315&ady=230&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=enIPsurCuu&p=https%3A//www.reportdoor.com&dtd=182

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4b9234f08a05464a2a693ae4ba584825cb35ddbac0a0a91c74c56eee6006f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=2241232556&adf=3132389021&pi=t.ma~as.2385331166&w=970&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=970x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622188&bpp=2&bdt=222&idt=166&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=315&ady=230&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=enIPsurCuu&p=https%3A//www.reportdoor.com&dtd=182
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reportdoor.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.reportdoor.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 28 Jun 2021 00:37:02 GMT
server: cafe
content-length: 24134
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Jun-2021 00:52:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Jun 2021 00:37:02 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D452 199 KB
24 KB 524ms
524ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7eb2a66ea4e53f8671205abc2ba3efddfdade1826260f1e016b138a600ab3aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reportdoor.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.reportdoor.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-expose-headers: x-google-amp-ad-validated-version
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 28 Jun 2021 00:37:02 GMT
server: cafe
content-length: 24690
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 28-Jun-2021 00:52:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Jun 2021 00:37:02 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A13D 124 KB
39 KB 600ms
599ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

300f248a22b396c0024c144d3ba0a975a92fb59789969ce8265bf4de96a06b04

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CN_t94CLufECFVWK_QcdbPkEWg&gqi=rhnZYMeeGtTc7_UP_pum6Ac&layout=/sadbundle/%24csp%253Der3%24/4330587781611926158/300x250/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reportdoor.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.reportdoor.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CN_t94CLufECFVWK_QcdbPkEWg&gqi=rhnZYMeeGtTc7_UP_pum6Ac&layout=/sadbundle/%24csp%253Der3%24/4330587781611926158/300x250/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 28 Jun 2021 00:37:03 GMT
server: cafe
content-length: 40309
x-xss-protection: 0
set-cookie: IDE=AHWqTUlaLLguN-u6bFCzAYEaCobgnnsqS97VGlbG3dzJ6rUN2Dh4sAVGp0q-o6dN96U; expires=Sat, 23-Jul-2022 00:37:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Jun 2021 00:37:03 GMT
cache-control: private

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 4C0B 256 B
258 B 145ms
144ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=d4f6d44592019a1e7f5da34ba64ee0f93803128b

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwww.reportdoor.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:02 GMT
content-encoding: gzip
last-modified: Mon, 28 Jun 2021 00:37:02 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: d7dfe1469996758d86c84af9af369a8a5f45f65bf65feff2841a18503949b01c
content-length: 176

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 27ms
14ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.reportdoor.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Jun 2021 00:37:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 28ms
14ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.reportdoor.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Jun 2021 00:37:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 997D 200 KB
24 KB 662ms
662ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

be80965f33e3bc21234fd633981cb83847d5671502225af1ef40bc46c1d80f02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reportdoor.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.reportdoor.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-expose-headers: x-google-amp-ad-validated-version
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 28 Jun 2021 00:37:03 GMT
server: cafe
content-length: 24793
x-xss-protection: 0
set-cookie: IDE=AHWqTUlSzrzXiy4HkDjJaF4LYmnzyZhQyopAuNpkcoxKvhE6UYJ-KdMkBl-mSrx6PiU; expires=Sat, 23-Jul-2022 00:37:02 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Jun 2021 00:37:03 GMT
cache-control: private

GET
H2 200 10a4afcf0f5723056e52289dd4477b70
secure.gravatar.com/avatar/ 2 KB
2 KB 18ms
5ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/10a4afcf0f5723056e52289dd4477b70?s=112&d=mm&r=g
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 6bd7f50eb2089e7d871cd54fb4119c74b71f94c3899a44eeda6afeeee2fac3d4

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 28 Jun 2021 00:37:02 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="10a4afcf0f5723056e52289dd4477b70.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/10a4afcf0f5723056e52289dd4477b70?s=112&d=mm&r=g>; rel="canonical"
content-length: 1768
expires: Mon, 28 Jun 2021 00:42:02 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame EA64 6 KB
669 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=2241232556&adf=3132389021&pi=t.ma~as.2385331166&w=970&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=970x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622188&bpp=2&bdt=222&idt=166&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=315&ady=230&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=enIPsurCuu&p=https%3A//www.reportdoor.com&dtd=182

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 27 Jun 2021 23:48:55 GMT
server: ESF
date: Mon, 28 Jun 2021 00:37:02 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Jun 2021 00:37:02 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame EA64 1 KB
989 B 30ms
10ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:33:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 225
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Jul 2021 00:33:17 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/ Frame EA64 17 KB
7 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:18:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1091
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7112
x-xss-protection: 0
server: cafe
etag: 12276874145846594193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Jul 2021 00:18:51 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame EA64 3 KB
1 KB 29ms
12ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:35:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Jul 2021 00:35:52 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EA64 125 KB
38 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b35a4ef06e319281153f0f4b026996a350853075e70204a388d524eab724433f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:02 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624469964731542"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38558
x-xss-protection: 0
expires: Mon, 28 Jun 2021 00:37:02 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame EA64 13 KB
6 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c969efceff108562296b3425ced4ae3921ebf7baf40958c4b500c7d075ae350a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:34:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 168
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 5108850372203985220
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Jul 2021 00:34:14 GMT

GET
H2 200 5be26e13f65761684aaaff0594247b1f.js Show response
www.gstatic.com/mysidia/ Frame EA64 25 KB
11 KB 25ms
5ms Script
text/javascript 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5be26e13f65761684aaaff0594247b1f.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e36f48120b748ca10f6efeb242a7cdbd118a72f0e40b3812a5f3dbe286de818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 27 Jun 2021 15:17:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33597
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10687
x-xss-protection: 0
last-modified: Tue, 22 Jun 2021 02:45:38 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 25 Sep 2021 15:17:05 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame EA64 0
0 17ms
16ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CZk7prhnZYNbRF-qX9u8P14Wd8AXJ4LCIY5H2sO3uDQoQASDtgvkxYJUCoAHB1MG0AcgBCakCQzZDmXsGtD6oAwHIA8sEqgS9AU_QK4FL50uX1FfaYwvISoz-xQhfro8JL5xGh0i0siW09jWB4vOeorShq8wEERaEgGcFbSb7glTUxCb21OhlKID0I8Vb01nXY5tib9qRan9CcwJLLoOqzXOUCXNKOsGHs8t_-Z2Z0-dMNiAUVY4DQEBPCuGrRJM_duqx3w7epRJaLaDSqdQt45Ah9wHREybKqxzzYuzdQW9CfSu0UOu2AWPR6xKBeai7qPcfP_xFh5nZisvaaxoSgq4SqETk_MAEoIbjrs4DoAYugAenq77LAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCHjQPSCAkIgOGAEBABGB-ACgHICwHYEwOIFAXQFQGYFgGAFwGyFxoKGAgAEhRwdWItMzUxMTQ0Mzc5OTQwNzQ5OQ&sigh=3NB4YDZDHV0&template_id=484

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=2241232556&adf=3132389021&pi=t.ma~as.2385331166&w=970&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=970x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622188&bpp=2&bdt=222&idt=166&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=315&ady=230&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=enIPsurCuu&p=https%3A//www.reportdoor.com&dtd=182
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 28 Jun 2021 00:37:02 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 28 Jun 2021 00:37:02 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/3166368289428907305/ Frame EA64 20 KB
20 KB 23ms
12ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3166368289428907305/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5016b08987573a95bf81768da90217fc6d3a0f2c13424c8b542580cd045986b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 18:04:27 GMT
x-content-type-options: nosniff
age: 455555
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
x-xss-protection: 0
last-modified: Fri, 07 May 2021 09:21:02 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 18:04:27 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/17015523385641535536/ Frame EA64 1 KB
1 KB 23ms
12ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17015523385641535536/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0300d29f5d9bc5f1a48446cab7720de0006fa2d52a18c8ac99cc9706bb120e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 08:38:25 GMT
x-content-type-options: nosniff
age: 403117
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1144
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 13:39:29 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 08:38:25 GMT

GET
DATA 200
OK truncated
/ Frame EA64 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 json Show response
trc.taboola.com/reportdoor-reportdoor/trc/3/ 65 KB
20 KB 594ms
592ms XHR
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/reportdoor-reportdoor/trc/3/json?tim=02%3A37%3A02.928&lti=deflated&data=%7B%22id%22%3A741%2C%22ii%22%3A%22%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1624783908350%2C%22vi%22%3A1624840622927%2C%22cv%22%3A%2220210627-5-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%22%2C%22bv%22%3A%220%22%2C%22ul%22%3A%5B%22en-US%22%5D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A3921%2C%22qs%22%3A%22%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss%22%2C%22nsid%22%3A%22reportdoor-network%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A5%2C%22uim%22%3A%22thumbnails-MidPage%3Apub%3Dreportdoor-network%3Aabp%3D0%22%2C%22uip%22%3A%22MidPage%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22MidPage%20Article%20Thumbnails%22%2C%22cd%22%3A2142.171875%2C%22mw%22%3A810%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-a%3Apub%3Dreportdoor-network%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A3082.171875%2C%22mw%22%3A810%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A9%2C%22uim%22%3A%22thumbnails-sidebar%3Apub%3Dreportdoor-network%3Aabp%3D0%22%2C%22uip%22%3A%22SIdeBar%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22SIdeBar%20Article%20Thumbnails%22%2C%22cd%22%3A585%2C%22mw%22%3A300%7D%5D%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a4c5293b6d3910a71056b1b381e3a68cea97df3785943308be17c214ee548fc5

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 559
date: Mon, 28 Jun 2021 00:37:03 GMT
content-encoding: gzip
server: nginx
x-timer: S1624840623.950227,VS0,VE559
x-served-by: cache-hhn11563-HHN
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.reportdoor.com
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
DATA 200
OK truncated
/ Frame EA64 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bcbd348ad69f6ad4b2441babe861fab42c1fe7689241fda05af5dd721da5d6e2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame EA64 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 07:58:29 GMT
x-content-type-options: nosniff
age: 405514
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 07:58:29 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame EA64 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 22:51:50 GMT
x-content-type-options: nosniff
age: 438313
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 22:51:50 GMT

GET
H3-29 200 DbygjneaO4DVyaaVGwd-ToFDSMFkJodatxAyqShhIKw.js Show response
pagead2.googlesyndication.com/bg/ Frame F90C 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DbygjneaO4DVyaaVGwd-ToFDSMFkJodatxAyqShhIKw.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dbca08e779a3b80d5c9a6951b077e4e814348c16426875ab71032a9286120ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 27 Jun 2021 09:15:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55322
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5767
x-xss-protection: 0
last-modified: Tue, 22 Jun 2021 16:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 27 Jun 2022 09:15:01 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012106141722000/ Frame F8C3 189 KB
54 KB 38ms
12ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106141722000/amp4ads-v0.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55b50d801b8502706ea91f90c83eb08253f16eb27bc83c6f4047af3655eed6ff

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 224781
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55217
x-xss-protection: 0
server: sffe
date: Fri, 25 Jun 2021 10:10:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6e85c2cf35b93d5b"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jun 2022 10:10:42 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012106141722000/v0/ Frame F8C3 13 KB
5 KB 47ms
20ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106141722000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73a783d2e5f778e1af41cc4126dfea9956cf43a518e2707658c0200c93765527

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 224972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4808
x-xss-protection: 0
server: sffe
date: Fri, 25 Jun 2021 10:07:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "20d5993134a00e72"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jun 2022 10:07:31 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012106141722000/v0/ Frame F8C3 85 KB
27 KB 44ms
18ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106141722000/v0/amp-analytics-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d10bfad757ebad3e5250a813741d2e98dde085d3dee974beaa2fd5b3d8c76f21

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 224971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27288
x-xss-protection: 0
server: sffe
date: Fri, 25 Jun 2021 10:07:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0e18b5d4ac760a2b"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jun 2022 10:07:32 GMT

GET
H2 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012106141722000/v0/ Frame F8C3 71 KB
17 KB 32ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106141722000/v0/amp-animation-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d0c5a0e82c987c58e86dccac7b88237fc8d70ab2e917757e48adaa08a2d6cdf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 428102
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16642
x-xss-protection: 0
server: sffe
date: Wed, 23 Jun 2021 01:42:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "89a7878de8cefb20"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 01:42:01 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012106141722000/v0/ Frame F8C3 3 KB
1 KB 34ms
9ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106141722000/v0/amp-fit-text-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b51423401412ab5d2fec98015b6892087f95d633507fb7a047e9851abb23f221

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 224972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1299
x-xss-protection: 0
server: sffe
date: Fri, 25 Jun 2021 10:07:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "da415af7878c9ead"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jun 2022 10:07:31 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012106141722000/v0/ Frame F8C3 40 KB
13 KB 45ms
21ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106141722000/v0/amp-form-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06503352984183697b7695de1d989652bc05634c474b958169e92a3b430d9d34

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 224972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12849
x-xss-protection: 0
server: sffe
date: Fri, 25 Jun 2021 10:07:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6b6ce0de783bcb6f"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jun 2022 10:07:31 GMT

GET
DATA 200
OK truncated
/ Frame F8C3 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 086ee2f424e19a38b1260c62c70f68be7d36ba8df1e0a901d034a260ec86caa8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 txt1.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame F8C3 5 KB
5 KB 28ms
11ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/txt1.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8243110d46b6e00133bc81f626801e1aaa8f1785a987bd155a58bc7e222d5d44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 08:57:48 GMT
x-content-type-options: nosniff
age: 401955
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5586
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 08:57:48 GMT

GET
H3-29 200 txt2.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame F8C3 4 KB
4 KB 28ms
11ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/txt2.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1eb4ba8b4438a9e307afa195311ce88638a3deae2da3cae568c4b4cb449365a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 10:52:01 GMT
x-content-type-options: nosniff
age: 481502
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4464
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 10:52:01 GMT

GET
H3-29 200 puls.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame F8C3 419 B
444 B 27ms
10ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/puls.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11d4d3ec878fc7b8a6ca2fb899d27ee232204e1325d1929db6baec1b96928cf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 15:07:58 GMT
x-content-type-options: nosniff
age: 466145
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 419
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 15:07:58 GMT

GET
H3-29 200 preisButt.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame F8C3 6 KB
6 KB 26ms
10ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/preisButt.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63e3365993c921267712645f738f77e722ef82460c8c47a6fcf84393c18e9f0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 10:54:34 GMT
x-content-type-options: nosniff
age: 394949
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6154
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 10:54:34 GMT

GET
H3-29 200 ll.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame F8C3 938 B
963 B 24ms
8ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ll.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c961b8fdc7dca2dc983386c8ea16b4cea72b3e8706f8698ddf4d994548d6630d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 23:34:57 GMT
x-content-type-options: nosniff
age: 435726
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 938
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 23:34:57 GMT

GET
H3-29 200 CTA.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame F8C3 929 B
954 B 25ms
9ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/CTA.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b34ae8bfda88f1dfb002a68bcf9a6bad17ead96bd1d2fe310900461a979f6971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 10:45:44 GMT
x-content-type-options: nosniff
age: 395479
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 929
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 10:45:44 GMT

GET
H3-29 200 DBx.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame F8C3 3 KB
3 KB 25ms
10ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/DBx.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bbc26192d559ed6abfb9b0bfd88369d9a5ee210d4f3aea66508bfb19a00e76e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 23:34:15 GMT
x-content-type-options: nosniff
age: 349368
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2708
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 23:34:15 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F8C3 2 KB
2 KB 24ms
8ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 27 Jun 2021 07:15:41 GMT
x-content-type-options: nosniff
server: cafe
age: 62482
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 28 Jun 2021 07:15:41 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F8C3 295 B
319 B 24ms
9ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 27 Jun 2021 10:45:56 GMT
x-content-type-options: nosniff
server: cafe
age: 49867
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 28 Jun 2021 10:45:56 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame F8C3 43 B
1 KB 143ms
43ms Image
image/gif 213.202.235.8
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=5&extPu=14058-gaw&extLi=11829094681&extCr=115065628556-527621586361&cb=1325659732

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

213.202.235.8 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Mo, 28 Jun 2021 12:37:03 GMT
Server: Microsoft-IIS/8.5
Date: Mon, 28 Jun 2021 00:37:02 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1053
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame F8C3 0
17 B 18ms
17ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CHLYLrhnZYOLqGIDM7_UPuMKOkAad-oa-Y5a5qcbsDY6u3YeODhABIO2C-TFglQKgAYuuwOQDyAEJqQJDNkOZewa0PqgDAcgDCKoEuwFP0KaiuLPBvboyFKa_q9Mib2e1TnTpQ_QJDCgPvzpf8XpEii_nGofEUT2vB-abuzBqqYHA7GLWX0WT1z6Dnx8XmgeNl1zQTcl6dGvKzqZ2nkKBTUjkJRC23Op5Mwg6NbLnMpze_BOIw9J6epc8ajqEQ14_yaTFQFb-ykx7chKnO4aq2c7CyuOmVzhgTkQ7vuYsYijUTrUTTJkNK0uTahOh9pvyJGtvr3C104QMVtszkvhCwI3PIFyI9g8_wASMz8jTrAOSBQQIBBgBkgUECAUYBKAGLoAH3dG_G6gHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBDH0hHSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItMzUxMTQ0Mzc5OTQwNzQ5OQ&sigh=hKktSeYbK2A&template_id=419

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 28 Jun 2021 00:37:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame A13D 67 B
91 B 16ms
8ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 27 Jun 2021 13:10:17 GMT
x-content-type-options: nosniff
server: cafe
age: 41206
etag: 2462972746714251406
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
expires: Mon, 28 Jun 2021 13:10:17 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/ Frame E587 176 KB
27 KB 7ms
7ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Requested by

Host: go.recordedfuture.com
URL: https://go.recordedfuture.com/e2t/tc/VX7T9Q85WqZFN90smMnKhZwsW5SJqyG4tkXxXN4vJDMk3hkBZV1-WJV7CgDjQW8qVK4N9bphhYVSJ-jd6TQMFyN8NkBcyYY8LyW8gH1Nt92GxTZW5BwBDR4Zy__GN1YPb73FFXtVW1F5q9n6G-zgtW4LWjHL4GkP0ZW5BWl123Gbr2PW1cx-fv2rk3T3VSq7pZ2F3d59W9bYjlR15QVqFW3zmRFY8CD0PQW558v1t18t_PNW15cc3p339mC1W4sY-Ns4q04t-W26hbPl7_w2M2W19Hqsq5NTdnjW6103JV3FfRQ_N8lkxHGzcJmZVqf2GF2GszSPW4lNXM89535nhW7YgXL12cmCRnW4hFhMB4LyG0TW35n9tL6Z7bJrW6rTn4w4mF0b1W3zwQ3_7bxrVTW2S1kn32VmMlXV8nXMx46qp6CW8nlhz48Rld4r33LM1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24c1f51786d4f453461eccaadf1df4f6e7443ff146666a99cc28344202088556

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Tue, 22 Jun 2021 13:04:49 GMT
expires: Wed, 22 Jun 2022 13:04:49 GMT
last-modified: Thu, 10 Jun 2021 14:43:56 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 27817
age: 473534
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4521 0
0 17ms
17ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CjwfVrhnZYN_eGtWU9u8P7PKT0AWkt6O4Y7Gojq6LDsvxppj9JRABIO2C-TFglQKgAeiZ0NIDyAEJqAMByANIqgTMAU_QSAXtuuHmupsCwY5Egk6Q8NtOn4l2Rg3PwV3mlBIRKezbAfik0WEWjdAfy-QckbbRY1cWdETNX2ml6m1J4z4zY9y9qqrAV9wrXpAMVUx7ULxexRrCIP-NIQXKt-0N1wCsm4o-PBm_N6V-QUx5CGNstCne2tRDaX4H-zYIZIXV69SxcKA905qd9ZoDLn1bkj-A6AJ51vNVnjZTWbGyeuzddnKYo4LARTZtTjH4420gikpOZ283MA2-7iC-u4CgSZJkmS8z4yxrOEngDMAEzcDts8kDkgUECAQYAZIFBAgFGASgBi6AB4Dmry2oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQyqAc0ggJCIDhgBAQARgfgAoByAsB2BMK0BUBgBcBshcaChgIABIUcHViLTM1MTE0NDM3OTk0MDc0OTk&sigh=qxJl9Vy4Ups&template_id=419

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 28 Jun 2021 00:37:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/ Frame 4521 17 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:18:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1092
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7112
x-xss-protection: 0
server: cafe
etag: 12276874145846594193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Jul 2021 00:18:51 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame 4521 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:35:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Jul 2021 00:35:52 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4521 125 KB
38 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b35a4ef06e319281153f0f4b026996a350853075e70204a388d524eab724433f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:03 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1624469964731542"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38558
x-xss-protection: 0
expires: Mon, 28 Jun 2021 00:37:03 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/ Frame 4521 13 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210623/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c969efceff108562296b3425ced4ae3921ebf7baf40958c4b500c7d075ae350a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:34:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5706
x-xss-protection: 0
server: cafe
etag: 5108850372203985220
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Jul 2021 00:34:14 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E099 143 B
163 B 6ms
5ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlSzrzXiy4HkDjJaF4LYmnzyZhQyopAuNpkcoxKvhE6UYJ-KdMkBl-mSrx6PiU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 27 Jun 2021 23:57:41 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2362
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 4521 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09c558569b7060c96d91241c587c44b3189094a82493807d78b5be049a022ddd

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 4521 0
20 B 28ms
15ms Other
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CN_t94CLufECFVWK_QcdbPkEWg&gqi=rhnZYMeeGtTc7_UP_pum6Ac&layout=/sadbundle/%24csp%253Der3%24/4330587781611926158/300x250/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 00:37:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame E587 9 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 27 Jun 2021 16:31:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29140
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 28 Jun 2021 16:31:23 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E587 26 KB
10 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 27 Jun 2021 20:19:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15425
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 28 Jun 2021 20:19:58 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame E587 5 KB
615 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google+Sans:400,500,700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

173f455d47754c1069234e9a72ea304ed3c631a68ad2b0a1148e9a4421396e9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 28 Jun 2021 00:20:56 GMT
server: ESF
date: Mon, 28 Jun 2021 00:37:03 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 28 Jun 2021 00:37:03 GMT

GET
H3-29 200 audience_grey.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/ Frame E587 462 B
493 B 6ms
6ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/audience_grey.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e4efc6223c74b0c496ade40c20a3960ed76a64cb0b329968d433837e203e3a0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 481143
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 462
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 14:43:56 GMT
server: sffe
date: Tue, 22 Jun 2021 10:58:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 10:58:00 GMT

GET
H3-29 200 audience_green.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/ Frame E587 455 B
486 B 7ms
6ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/audience_green.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

beebd35392dbf9b8d88ce3454bc536b3a6a38f71f90628c0f227354e94cbb3a9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 346101
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 455
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 14:43:56 GMT
server: sffe
date: Thu, 24 Jun 2021 00:28:42 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jun 2022 00:28:42 GMT

GET
H3-29 200 audience_yellow.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/ Frame E587 460 B
491 B 6ms
6ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/audience_yellow.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1269314eda896a7c2481e41266266733d48f95f5077d9322e11319da1dfc3ae

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 444310
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 460
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 14:43:56 GMT
server: sffe
date: Tue, 22 Jun 2021 21:11:53 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 21:11:53 GMT

GET
H3-29 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012106141722000/ 20 KB
7 KB 20ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106141722000/amp4ads-host-v0.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

249e602194d53761ebd09bfee83388909795781a86ba7734dd1ecc341064a6b3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 418289
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7361
x-xss-protection: 0
server: sffe
date: Wed, 23 Jun 2021 04:25:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b2eeb05c2e2056a6"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 04:25:34 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F8C3 2 KB
2 KB 6ms
5ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012106141722000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 27 Jun 2021 07:15:41 GMT
x-content-type-options: nosniff
server: cafe
age: 62482
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 28 Jun 2021 07:15:41 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F8C3 295 B
319 B 6ms
6ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012106141722000/amp4ads-v0.mjs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 27 Jun 2021 10:45:56 GMT
x-content-type-options: nosniff
server: cafe
age: 49867
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 28 Jun 2021 10:45:56 GMT

GET
H3-29 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012106141722000/ Frame A3D2 189 KB
54 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106141722000/amp4ads-v0.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55b50d801b8502706ea91f90c83eb08253f16eb27bc83c6f4047af3655eed6ff

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 224781
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55217
x-xss-protection: 0
server: sffe
date: Fri, 25 Jun 2021 10:10:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6e85c2cf35b93d5b"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jun 2022 10:10:42 GMT

GET
H3-29 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012106141722000/v0/ Frame A3D2 13 KB
5 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106141722000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73a783d2e5f778e1af41cc4126dfea9956cf43a518e2707658c0200c93765527

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 224972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4808
x-xss-protection: 0
server: sffe
date: Fri, 25 Jun 2021 10:07:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "20d5993134a00e72"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jun 2022 10:07:31 GMT

GET
H3-29 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012106141722000/v0/ Frame A3D2 85 KB
27 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106141722000/v0/amp-analytics-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d10bfad757ebad3e5250a813741d2e98dde085d3dee974beaa2fd5b3d8c76f21

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 224971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27288
x-xss-protection: 0
server: sffe
date: Fri, 25 Jun 2021 10:07:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0e18b5d4ac760a2b"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jun 2022 10:07:32 GMT

GET
H3-29 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012106141722000/v0/ Frame A3D2 71 KB
16 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106141722000/v0/amp-animation-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d0c5a0e82c987c58e86dccac7b88237fc8d70ab2e917757e48adaa08a2d6cdf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 428102
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16642
x-xss-protection: 0
server: sffe
date: Wed, 23 Jun 2021 01:42:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "89a7878de8cefb20"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 01:42:01 GMT

GET
H3-29 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012106141722000/v0/ Frame A3D2 3 KB
1 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106141722000/v0/amp-fit-text-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b51423401412ab5d2fec98015b6892087f95d633507fb7a047e9851abb23f221

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 224972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1299
x-xss-protection: 0
server: sffe
date: Fri, 25 Jun 2021 10:07:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "da415af7878c9ead"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jun 2022 10:07:31 GMT

GET
H3-29 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012106141722000/v0/ Frame A3D2 40 KB
13 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106141722000/v0/amp-form-0.1.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06503352984183697b7695de1d989652bc05634c474b958169e92a3b430d9d34

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 224972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12849
x-xss-protection: 0
server: sffe
date: Fri, 25 Jun 2021 10:07:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6b6ce0de783bcb6f"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jun 2022 10:07:31 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A3D2 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 27 Jun 2021 07:15:41 GMT
x-content-type-options: nosniff
server: cafe
age: 62482
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 28 Jun 2021 07:15:41 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame A3D2 295 B
319 B 7ms
7ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 27 Jun 2021 10:45:56 GMT
x-content-type-options: nosniff
server: cafe
age: 49867
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 28 Jun 2021 10:45:56 GMT

GET
DATA 200
OK truncated
/ Frame A3D2 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0fcc01c0b13c95c1a2e6e7bf789b5ba95e4ef7de3f0b8ef31ae03eb72700bf12

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 txt1.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame A3D2 5 KB
5 KB 14ms
7ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/txt1.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8243110d46b6e00133bc81f626801e1aaa8f1785a987bd155a58bc7e222d5d44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 08:57:48 GMT
x-content-type-options: nosniff
age: 401955
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5586
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 08:57:48 GMT

GET
H3-29 200 txt2.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame A3D2 4 KB
4 KB 15ms
8ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/txt2.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1eb4ba8b4438a9e307afa195311ce88638a3deae2da3cae568c4b4cb449365a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 10:52:01 GMT
x-content-type-options: nosniff
age: 481502
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4464
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 10:52:01 GMT

GET
H3-29 200 puls.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame A3D2 419 B
444 B 14ms
7ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/puls.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11d4d3ec878fc7b8a6ca2fb899d27ee232204e1325d1929db6baec1b96928cf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 15:07:58 GMT
x-content-type-options: nosniff
age: 466145
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 419
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 15:07:58 GMT

GET
H3-29 200 preisButt.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame A3D2 6 KB
6 KB 14ms
8ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/preisButt.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63e3365993c921267712645f738f77e722ef82460c8c47a6fcf84393c18e9f0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 10:54:34 GMT
x-content-type-options: nosniff
age: 394949
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6154
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 10:54:34 GMT

GET
H3-29 200 ll.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame A3D2 938 B
963 B 14ms
8ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ll.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c961b8fdc7dca2dc983386c8ea16b4cea72b3e8706f8698ddf4d994548d6630d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 22 Jun 2021 23:34:57 GMT
x-content-type-options: nosniff
age: 435726
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 938
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 23:34:57 GMT

GET
H3-29 200 CTA.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame A3D2 929 B
954 B 12ms
8ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/CTA.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b34ae8bfda88f1dfb002a68bcf9a6bad17ead96bd1d2fe310900461a979f6971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 10:45:44 GMT
x-content-type-options: nosniff
age: 395479
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 929
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 10:45:44 GMT

GET
H3-29 200 DBx.png
tpc.googlesyndication.com/sadbundle/8242159491242305743/images/ Frame A3D2 3 KB
3 KB 13ms
8ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8242159491242305743/images/DBx.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bbc26192d559ed6abfb9b0bfd88369d9a5ee210d4f3aea66508bfb19a00e76e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 23:34:15 GMT
x-content-type-options: nosniff
age: 349368
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2708
x-xss-protection: 0
last-modified: Wed, 16 Jun 2021 14:33:55 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 23:34:15 GMT

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame A3D2 43 B
910 B 143ms
42ms Image
image/gif 213.202.235.8
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=5&extPu=14058-gaw&extLi=11829094681&extCr=115065628556-527621586361&cb=1946874559

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

213.202.235.8 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Mo, 28 Jun 2021 12:37:03 GMT
Server: Microsoft-IIS/8.5
Date: Mon, 28 Jun 2021 00:37:03 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1053
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame A3D2 0
17 B 20ms
15ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CKAforhnZYPv9HdnK7_UP7-qG0A-d-oa-Y5a5qcbsDY6u3YeODhABIO2C-TFglQKgAYuuwOQDyAEJqQJDNkOZewa0PqgDAcgDCKoE1gFP0M2fAuBt6UT9DsVjqlK__oMygJjnTXX0GXiytlebQTWERFk3FBTL2mp4y7JjbIusgtQiXjmQ99e8TqW7BAB4xONq5w9ycseU90Wfb4unzeWYHe5mWBwEeBQLzcC-9-0m9G29TFEoyGHuFXy735vGjkpiLBq-qyAe0NiWpw5lJhOye9T_k4b4SbfRqEZFlg2L7wjfOm4DH_zUVZXxEBsG29JmVfKaWbZaIQFbhVgq0wkqx0KTHH1BZ1kJhrZDbLIaUQuedLpnIiUW7n-PhkGcak6eV-VOwASMz8jTrAOSBQQIBBgBkgUECAUYBKAGLoAH3dG_G6gHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBD-nhHSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItMzUxMTQ0Mzc5OTQwNzQ5OQ&sigh=cZhZrS3sBqY&template_id=419

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 28 Jun 2021 00:37:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 bg.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/ Frame E587 6 KB
6 KB 12ms
9ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/bg.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

133bd833f5e17406472a3ff91bf00f004dd61a0043a0f1971a349830b8fe6432

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 407834
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6296
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 14:43:56 GMT
server: sffe
date: Wed, 23 Jun 2021 07:19:49 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 07:19:49 GMT

GET
H3-29 200 audience_shadow.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/ Frame E587 727 B
758 B 10ms
8ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/audience_shadow.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc79659c1fc6025c80092ab2d97ff6b5cf56253645a7076aa8a3e8ed43b821ab

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 445641
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 727
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 14:43:56 GMT
server: sffe
date: Tue, 22 Jun 2021 20:49:42 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jun 2022 20:49:42 GMT

GET
H3-29 200 mobile_shadow.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/ Frame E587 616 B
647 B 9ms
7ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/mobile_shadow.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33c461af5ae3bf5418718807119a21e4c62f8c5bfbbda518f449161b92b8884c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 400273
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 616
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 14:43:56 GMT
server: sffe
date: Wed, 23 Jun 2021 09:25:50 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 09:25:50 GMT

GET
H3-29 200 mobile.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/ Frame E587 1 KB
1 KB 13ms
11ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/mobile.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

750886f5831d04d4acd8d059d5741a41f5d71f5e843a82a8acddd753385dea1e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 394949
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1062
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 14:43:56 GMT
server: sffe
date: Wed, 23 Jun 2021 10:54:34 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 10:54:34 GMT

GET
H3-29 200 app_green.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/ Frame E587 2 KB
2 KB 12ms
10ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/app_green.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

42d512369f48087bfe65d7c1c5c051c1b731e67087a4e9d1ee560cb367d5562e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 346957
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2298
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 14:43:56 GMT
server: sffe
date: Thu, 24 Jun 2021 00:14:26 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 24 Jun 2022 00:14:26 GMT

GET
H3-29 200 app_yellow.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/ Frame E587 2 KB
2 KB 11ms
10ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/app_yellow.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70c35597c9d6b9c105dd47541b0adef7f38f065e9f815dfe6ba209a16aceb34b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 413024
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2512
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 14:43:56 GMT
server: sffe
date: Wed, 23 Jun 2021 05:53:19 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 05:53:19 GMT

GET
H3-29 200 logo.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/ Frame E587 4 KB
4 KB 11ms
9ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/logo.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4330587781611926158/300x250/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36d88e845212440d76560db95ec0445b7a530069c0ccc56a1a224641897b0efd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 391859
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4541
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 14:43:56 GMT
server: sffe
date: Wed, 23 Jun 2021 11:46:04 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 11:46:04 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame E587 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans:400,500,700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 23 Jun 2021 08:25:33 GMT
x-content-type-options: nosniff
age: 403890
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 23 Jun 2022 08:25:33 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E099
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
15ms

Document
text/html

2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=3310307751&adf=215687957&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=225&idt=227&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2142&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=KwRVuUdbuU&p=https%3A//www.reportdoor.com&dtd=230

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlSzrzXiy4HkDjJaF4LYmnzyZhQyopAuNpkcoxKvhE6UYJ-KdMkBl-mSrx6PiU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 28 Jun 2021 00:37:03 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Mon, 28-Jun-2021 01:37:03 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 28 Jun 2021 00:37:03 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 28 Jun 2021 00:37:03 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cta-branding.js Show response
cdn.taboola.com/demand-formats/cta-branding/ 18 KB
6 KB 34ms
34ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5d5c1ed77b99d3f67ef7d419e1d6d78a663d8cac3668749252aa85c88cdef8fe

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: y2EUw.irPGYHWZQvvHFS16CCD7wJF5Fq
content-encoding: gzip
etag: "7f7f981d4ecb61feeff48e66441716da"
age: 27566
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 5628
x-amz-id-2: mvV6Obapu1AtkGvrEDNJEFXTiQ35Psp9hLvN+7O6Qau3nou0Qban8NkNzNinIOLGaaqDY53yXF4=
x-served-by: cache-hhn11563-HHN
last-modified: Sun, 30 May 2021 11:12:52 GMT
server: AmazonS3
x-timer: S1624840624.586598,VS0,VE0
date: Mon, 28 Jun 2021 00:37:03 GMT
vary: Accept-Encoding
x-amz-request-id: 6F32NCW4Z347WKFJ
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 24
x-cache-hits: 312793

GET
H2 200 cta-branding.css
cdn.taboola.com/demand-formats/cta-branding/ 2 KB
1 KB 34ms
33ms Stylesheet
text/css 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/demand-formats/cta-branding/cta-branding.css
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6fe77418e833f1ddfcf701ba7b6ebbd24efd2e93bce56065e0f1e711b1d829f8

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 10qGt8O9hKdbB5IigEtXn8Bn._HPfO8j
content-encoding: gzip
etag: "10c372ee2c83a7fd12df18aebc5320c6"
age: 2217
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 719
x-amz-id-2: mx4KoEdupSjNAt+jydlxWIo+jwcLoLfqsfsfzf9xlc2eaDNcUDaHkWHo8F8AVeN4ILOhs1UHeT4=
x-served-by: cache-hhn11563-HHN
last-modified: Tue, 06 Apr 2021 14:48:01 GMT
server: AmazonS3
x-timer: S1624840624.586589,VS0,VE0
date: Mon, 28 Jun 2021 00:37:03 GMT
vary: Accept-Encoding
x-amz-request-id: GZH52BA9ZE5HK19K
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: text/css
abp: 24
x-cache-hits: 3157

GET
H2 200 tfa-eid.20210627-5-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 13 KB
5 KB 34ms
33ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/tfa-eid.20210627-5-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/reportdoor-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ed919aae0e6c47f91a64377ebadfa127e0973fc2d2111fc24167621b8b2665e7

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: JEzuHkbl4AJUfCP2vggmFLK_ewkTvNna
content-encoding: gzip
etag: "f4b9c1dbb2da6c4ef520bf956da31570"
age: 18320
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 4861
x-amz-id-2: gPopOjUUlXVTr8uA44VlmNoELMxeapyr/6m967dzM6mvnTk6H3jhZiHjvQkj9qFdYVaCrzMZBAs=
x-served-by: cache-hhn11563-HHN
last-modified: Sun, 27 Jun 2021 19:31:39 GMT
server: AmazonS3
x-timer: S1624840624.588953,VS0,VE0
date: Mon, 28 Jun 2021 00:37:03 GMT
vary: Accept-Encoding
x-amz-request-id: MW38PHNXXDSETDNB
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 24
x-cache-hits: 117631

GET
H2 200 sha256.20210627-5-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 6 KB
3 KB 34ms
34ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/sha256.20210627-5-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/reportdoor-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6f1b2725a2a8bb756181e2db3f72c70560ed54473fb0bec4e0f51018b10ebb86

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: CXr4B1s04uxGjoU5vYb9KE2MD6.pSr3t
content-encoding: gzip
etag: "c72ad67a8bd5ab4ad711af7aa71134a6"
age: 18308
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 2590
x-amz-id-2: d0EoqENNnDgEm4juB2MwJZmipKchPD/DcI9on5lyNwAdIQc5W1/GqWottKXaL67zB+UtYqs+iz8=
x-served-by: cache-hhn11563-HHN
last-modified: Sun, 27 Jun 2021 19:31:52 GMT
server: AmazonS3
x-timer: S1624840624.588933,VS0,VE0
date: Mon, 28 Jun 2021 00:37:03 GMT
vary: Accept-Encoding
x-amz-request-id: EASNYQVJZ0PGMB1G
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 24
x-cache-hits: 107509

GET
H2 200 floating-unit.20210627-5-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 7 KB
2 KB 33ms
33ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/floating-unit.20210627-5-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/reportdoor-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 50cb2d58c5157144fedbc5fc3f5748d04716e0c2b77e46dd28fa8aeaa7adf011

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: l2tViL8mHttv3Xdz7CWfLm7yP3oV4H7B
content-encoding: gzip
etag: "b68d604906eeb69368ed7a19797f6638"
age: 18297
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 2286
x-amz-id-2: nw6t7SQQfRs3hh+Kym5K/8GqvhFCVslJ1w+eWm7J/BTkuvNJkgSodoQ4QekeiIVEvO3Xyrzb7g0=
x-served-by: cache-hhn11563-HHN
last-modified: Sun, 27 Jun 2021 19:32:03 GMT
server: AmazonS3
x-timer: S1624840624.591410,VS0,VE0
date: Mon, 28 Jun 2021 00:37:03 GMT
vary: Accept-Encoding
x-amz-request-id: K2QHTDJZSFWM4MMQ
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 24
x-cache-hits: 5758

GET
H2 200 tb Show response
15.taboola.com/ 37 KB
11 KB 53ms
52ms XHR
text/html 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://15.taboola.com/tb?oid=15&pubnm=reportdoor-reportdoor&unitType=244&tbloc=&pageType=text&pstn=Below%20Article%20Thumbnails&uuip=Feed%20-%20Below%20Article%20Thumbnails&cisrf=&cirf=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F&encoded=1&uid=c7d1e525-22e6-4c1a-a94f-cf806814d6b3-tuct7d29f2e&variant=-100|1&callback=TRC.videoTagCallbacks.videoCallback1&cb=1624840623574&tagid=&cntry=DK&platform=1&sesid=005254a94d894049434f55e7e0e2eba3&itemid=/microsoft-signed-a-driver-loaded-with-rootkit-malware&viewid=1624840622927&geolat=&geoing=&deviceifa=&appid=&sd=v2_005254a94d894049434f55e7e0e2eba3_c7d1e525-22e6-4c1a-a94f-cf806814d6b3-tuct7d29f2e_1624840622_1624840622_CNawjgYQgdhPGM-msYClLyABKAEwOjj5twhAnYoQSLva2ANQuNkMWABgAGixr-m1yv33zq0B&ri=26b8c0314bd521966dbcfd0c9bb04a2e&appname=&cdb=&gdprApplies=true&rid=&sii=&oee=true&tpubid=1305601&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=&region=82&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1305599&prcnt=&layer=
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3bb4796ad532e32f7a18da4e837d0165442783006590a72bec30bbbabfea1599

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 28 Jun 2021 00:37:03 GMT
content-encoding: gzip
access-control-allow-origin: https://www.reportdoor.com
machineid: 1401
x-cache: MISS
xvid-debug: mrmr - :
x-served-by: cache-hhn11563-HHN
pragma: no-cache
server: nginx
x-timer: S1624840624.594683,VS0,VE19
vary: Accept-Encoding
content-type: text/html;charset=ISO-8859-1
via: 1.1 varnish
expires: Sat, 26 Jul 1997 05:00:00 GMT
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
link: <https://am-wf.taboola.com>; rel=preconnect
x-cache-hits: 0

GET
H2 200 feed-card-placeholder.20210627-5-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 5 KB
2 KB 33ms
33ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/feed-card-placeholder.20210627-5-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/reportdoor-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fca5cec0bdc0787ce020b593c4c5ea124537c76969b5cf17c09c218ccc17fac0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: th4iogzl7zfVLndjSqia0pRt9BluR0BH
content-encoding: gzip
etag: "36dd0824987b37b8c39efcf3ef0f3b9d"
age: 18286
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1262
x-amz-id-2: ICbUf5k8k6QKcO//VITQJQY6L7p6EEqKsXnxX6KHOHr42kpm8qu8HGiLwdgoAhfYEg2hSGVd04Q=
x-served-by: cache-hhn11563-HHN
last-modified: Sun, 27 Jun 2021 19:32:13 GMT
server: AmazonS3
x-timer: S1624840624.594678,VS0,VE0
date: Mon, 28 Jun 2021 00:37:03 GMT
vary: Accept-Encoding
x-amz-request-id: 8NC3TW9J947M3Q45
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 24
x-cache-hits: 78007

GET
H2 200 userx.20210627-5-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 23 KB
8 KB 33ms
33ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20210627-5-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/reportdoor-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 647ca45d692bd1f1361c49c442dd87c7cfdea9ed5fbcb2a1ae05b7c9d12c09c6

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: OO74DRd7qN8bXQzUJA9TudCbaWi0f_2m
content-encoding: gzip
etag: "9875ac0d41141754d322687f6d071791"
age: 18323
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 7955
x-amz-id-2: vCDqgC/VM9aT6kemTO2Bs+8veVHNJ+sZaU4bxYsQD4x5ZSGHADPS11p7i0/nh5UcLKwXpjL+iTk=
x-served-by: cache-hhn11563-HHN
last-modified: Sun, 27 Jun 2021 19:31:34 GMT
server: AmazonS3
x-timer: S1624840624.606044,VS0,VE0
date: Mon, 28 Jun 2021 00:37:03 GMT
vary: Accept-Encoding
x-amz-request-id: APAH57Z0KCXYDAM2
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 24
x-cache-hits: 23175

GET
H2 200 explore-more.20210627-5-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 19 KB
7 KB 33ms
33ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/explore-more.20210627-5-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/reportdoor-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dc3f59ce5edc881b9033460496b43654c6140684b0183ad99d3ed700efbc809d

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: m4bfRtGDoXJ8FeSSlx9d7YR0GTDksznV
content-encoding: gzip
etag: "83344cea249a0ed672158e354c32ae4f"
age: 18284
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 6764
x-amz-id-2: NUFsHCHh1+sqwvdXyFCB09Nysve/+rpxtgv+m0TwIOtMhpYhpJCpsdcsam7aZujDln/A7Os0Ypo=
x-served-by: cache-hhn11563-HHN
last-modified: Sun, 27 Jun 2021 19:32:16 GMT
server: AmazonS3
x-timer: S1624840624.616853,VS0,VE0
date: Mon, 28 Jun 2021 00:37:03 GMT
vary: Accept-Encoding
x-amz-request-id: HAF2DKC81AY61VWA
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 24
x-cache-hits: 25367

GET
H2 204 debug
trc-events.taboola.com/reportdoor-reportdoor/log/2/ 0
90 B 108ms
34ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc-events.taboola.com/reportdoor-reportdoor/log/2/debug?tim=02%3A37%3A03.569&type=warn&msg=Dynamic%20Translation%20load%20is%20enabled%20but%20response%20is%20missing%20the%20map.%20Using%20embedded%20solution&id=2828&cv=20210627-5-RELEASE&lt=deflated&pct=1
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:03 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 14434

GET
H2 204 supply-feature
trc.taboola.com/reportdoor-reportdoor/log/3/ 0
246 B 92ms
91ms Image
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/reportdoor-reportdoor/log/3/supply-feature?route=AM:IL:V&lti=deflated&ri=f9accf03d5f91e6646eddffe60b3bca8&sd=v2_005254a94d894049434f55e7e0e2eba3_c7d1e525-22e6-4c1a-a94f-cf806814d6b3-tuct7d29f2e_1624840622_1624840622_CNawjgYQgdhPGM-msYClLyABKAEwOjj5twhAnYoQSLva2ANQuNkMWABgAGixr-m1yv33zq0B&ui=c7d1e525-22e6-4c1a-a94f-cf806814d6b3-tuct7d29f2e&pi=/microsoft-signed-a-driver-loaded-with-rootkit-malware&wi=4709542567805584580&pt=text&vi=1624840622927&d=%7B%22event_type%22%3A%22next_up%22%2C%22event_state%22%3A%22RENDERED%22%2C%22event_value%22%3Anull%2C%22event_msg%22%3Anull%7D&tim=02%3A37%3A03.572&id=6152&llvl=1&cv=20210627-5-RELEASE&
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 58
pragma: no-cache
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1624840624.641975,VS0,VE58
x-served-by: cache-hhn11563-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 204 debug
il-trc-events.taboola.com/reportdoor-reportdoor/log/2/ 0
90 B 313ms
99ms Image
text/plain 185.106.33.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://il-trc-events.taboola.com/reportdoor-reportdoor/log/2/debug?tim=02%3A37%3A03.579&type=error&msg=Exit%20TRCRBox.loadScriptCallback(retry%3D0)%3A%20no%20items%20in%20response%20-%20thumbs-feed-01&id=9641&cv=20210627-5-RELEASE&lt=deflated&pct=1
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.106.33.48 , Israel, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:03 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 79339

GET
H2 204 debug
il-trc-events.taboola.com/reportdoor-reportdoor/log/2/ 0
89 B 313ms
100ms Image
text/plain 185.106.33.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://il-trc-events.taboola.com/reportdoor-reportdoor/log/2/debug?tim=02%3A37%3A03.581&type=error&msg=Exit%20TRCRBox.loadScriptCallback(retry%3D0)%3A%20no%20items%20in%20response%20-%20organic-thumbs-feed-01&id=9744&cv=20210627-5-RELEASE&lt=deflated&pct=1
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.106.33.48 , Israel, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:03 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 79339

GET
H2 200 f89e1763-220d-4e09-ba69-9e040548fb7a.svg
cdn.taboola.com/static/f8/ 4 KB
2 KB 33ms
33ms Image
image/svg+xml 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: cMrDKn.emLmm9kiiOOF64ulDT4DRy6LK
content-encoding: gzip
etag: "b8b410e4b18d45aa2f3d9bc09cd335fb"
age: 23
via: 1.1 varnish
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 1758
x-amz-id-2: zpqM1x6+Tj6AaVofODjoA7xYqVZjtO4jS9CaDnOJXVJK9rL0RqaT9tOOjFwDu+ulfgnyHlkMZh8=
x-served-by: cache-hhn11563-HHN
last-modified: Wed, 07 Feb 2018 11:15:52 GMT
server: AmazonS3
x-timer: S1624840624.651978,VS0,VE0
date: Mon, 28 Jun 2021 00:37:03 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
x-amz-request-id: Y5KRPEVNPJCXYEV6
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/svg+xml
access-control-allow-headers: *
abp: 24
x-cache-hits: 8

GET
H3-29 200 DbygjneaO4DVyaaVGwd-ToFDSMFkJodatxAyqShhIKw.js Show response
pagead2.googlesyndication.com/bg/ Frame E587 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DbygjneaO4DVyaaVGwd-ToFDSMFkJodatxAyqShhIKw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dbca08e779a3b80d5c9a6951b077e4e814348c16426875ab71032a9286120ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 27 Jun 2021 09:15:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55322
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5767
x-xss-protection: 0
last-modified: Tue, 22 Jun 2021 16:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 27 Jun 2022 09:15:01 GMT

GET
H2 200 UnitFeedManagerDesktop.min.js Show response
vidstat.taboola.com/lite-unit/3.4.7/ 96 KB
28 KB 101ms
33ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/lite-unit/3.4.7/UnitFeedManagerDesktop.min.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 99e0a173ac96cd66cb5e6ade9a6a97f53262d4a883d3427e1b52062882582827

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront), 1.1 varnish
age: 747263
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 28132
x-served-by: cache-fra19123-FRA
last-modified: Sat, 19 Jun 2021 09:01:18 GMT
server: AmazonS3
x-timer: S1624840624.793065,VS0,VE0
etag: "8981cd06ff59fc3e3c16f66fb3d0cfa9"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: UvVm37BTQ63gflOUTc-nL1UhfryXreShlZUgJ1cXtHfJHYrZle39Sg==
x-cache-hits: 88721

GET
H2 204 abtests
trc.taboola.com/reportdoor-reportdoor/log/3/ 0
84 B 89ms
89ms Image
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/reportdoor-reportdoor/log/3/abtests?route=AM:IL:V&lti=deflated&ri=f9accf03d5f91e6646eddffe60b3bca8&sd=v2_005254a94d894049434f55e7e0e2eba3_c7d1e525-22e6-4c1a-a94f-cf806814d6b3-tuct7d29f2e_1624840622_1624840622_CNawjgYQgdhPGM-msYClLyABKAEwOjj5twhAnYoQSLva2ANQuNkMWABgAGixr-m1yv33zq0B&ui=c7d1e525-22e6-4c1a-a94f-cf806814d6b3-tuct7d29f2e&pi=/microsoft-signed-a-driver-loaded-with-rootkit-malware&wi=4709542567805584580&pt=text&vi=1624840622927&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22animated_story%22%2C%22type%22%3A%22available%22%2C%22eventTime%22%3A1624840623712%7D&tim=02%3A37%3A03.712&id=1532&llvl=1&cv=20210627-5-RELEASE&
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 56
pragma: no-cache
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1624840624.738069,VS0,VE56
x-served-by: cache-hhn11563-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 bf3c4b8267859a5e3e38091a709d30e3.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_490%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 39 KB
39 KB 127ms
57ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_490%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/bf3c4b8267859a5e3e38091a709d30e3.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e9d488ec59f7c479d016bc6515a84294ccb34e7a031895e6684f1d22b2e0aed8

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1602583
edge-cache-tag: 523585328270250434471806922809576795068,393666185412432663102870640261070354013,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 87
expiration: expiry-date="Sun, 13 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_490%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/bf3c4b8267859a5e3e38091a709d30e3.jpg
content-length: 39604
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb105
last-modified: Thu, 13 May 2021 12:45:10 GMT
server: nginx
x-timer: S1624840624.826140,VS0,VE1
etag: "e8f089f84d2ff2cbf715f8721f331567"
x-served-by: cache-wdc5576-WDC, cache-dca17736-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 box-of-baking-soda.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//content-cdn.tips-and-tricks.co/2018/12/ 11 KB
11 KB 105ms
36ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//content-cdn.tips-and-tricks.co/2018/12/box-of-baking-soda.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 681c198eade37eaf120ca67437e24c57285f771bf45c6552a56fb2708608de17

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1538438
edge-cache-tag: 583855231121092482156626099595690262322,444014603528429213436794596852223382768,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 65
expiration: expiry-date="Sun, 13 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//content-cdn.tips-and-tricks.co/2018/12/box-of-baking-soda.jpg
content-length: 10790
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Thu, 13 May 2021 15:58:37 GMT
server: nginx
x-timer: S1624840624.826149,VS0,VE1
etag: "60e0d3045698bca969def5d5f3f87ca6"
x-served-by: cache-wdc5575-WDC, cache-dca17763-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 30%2520Rare%2520Pics%2520Of%2520Diana%2520You%2527ve%2520Never%2520Seen%252C_1.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//smart-system.s3.amazonaws.com/creatives/taboola/httprfvtgb.carnovels.comworldwide... 7 KB
7 KB 124ms
54ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//smart-system.s3.amazonaws.com/creatives/taboola/httprfvtgb.carnovels.comworldwideprincess-diana/30%2520Rare%2520Pics%2520Of%2520Diana%2520You%2527ve%2520Never%2520Seen%252C_1.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f02f2887d333d03d1348188319141be7847e8fa0f9780976b9d60343f908a023

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 381384
edge-cache-tag: 390678395267928273513907125704852712781,444014603528429213436794596852223382768,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 31
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//smart-system.s3.amazonaws.com/creatives/taboola/httprfvtgb.carnovels.comworldwideprincess-diana/30%2520Rare%2520Pics%2520Of%2520Diana%2520You%2527ve%2520Never%2520Seen%252C_1.jpg
content-length: 6788
x-request-id: 81b642bb1436d0789fe84434e8f4c1e6
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb103
last-modified: Wed, 09 Jun 2021 00:05:45 GMT
server: nginx
x-timer: S1624840624.826393,VS0,VE1
etag: "3d36887dbd7b1cf7afe5a8f244a5b9b4"
x-served-by: cache-wdc5529-WDC, cache-dca17759-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 1257244416__1NJf7jwy.jpg
images.taboola.com/taboola/image/fetch/h_490,w_980,c_fill,g_xy_center,x_1557,y_652/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/ 33 KB
34 KB 201ms
132ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/h_490,w_980,c_fill,g_xy_center,x_1557,y_652/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1257244416__1NJf7jwy.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 2ef7807f50d4c45a2a9e435fac2127b8400743a3031ec2a6a36c706705f09c06

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 98
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1582720
edge-cache-tag: 573914451734998174767906941817015108351,501081298553461467044876734270482196475,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 92
expiration: expiry-date="Sun, 20 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, MISS
x-debug: /taboola/image/fetch/h_490,w_980,c_fill,g_xy_center,x_1557,y_652/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1257244416__1NJf7jwy.jpg
content-length: 34180
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb104
last-modified: Thu, 20 May 2021 05:36:10 GMT
server: nginx
x-timer: S1624840624.826382,VS0,VE98
etag: "1cf2c85e818f1610bb2476c623e27b79"
x-served-by: cache-wdc5530-WDC, cache-dca17727-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0

GET
H2 200 f4060c44acdb0c6d2abbee143ba6e93c.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 17 KB
18 KB 146ms
77ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f4060c44acdb0c6d2abbee143ba6e93c.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: dff7fed207e722efb486f633723e09e08b5fcc7892b667641339627b67360f11

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 3321090
edge-cache-tag: 398712943136418065342894021576404682548,444014603528429213436794596852223382768,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 45
expiration: expiry-date="Sun, 23 May 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f4060c44acdb0c6d2abbee143ba6e93c.jpg
content-length: 17762
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Thu, 22 Apr 2021 17:20:17 GMT
server: nginx
x-timer: S1624840624.826372,VS0,VE1
etag: "89b1139c8eb97af45e402c000ff935bf"
x-served-by: cache-wdc5540-WDC, cache-dca17773-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 330186af96bbc92706eb269d55768a6b.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 8 KB
9 KB 101ms
33ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/330186af96bbc92706eb269d55768a6b.png
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: b6d60961d9c8e0ad56dd23efd745f55f8cd3a43d2e05439df285c15d0c5995a6

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 2660076
edge-cache-tag: 300508647029141458339499852910601006749,444014603528429213436794596852223382768,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 43
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_267%2Cw_480%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/330186af96bbc92706eb269d55768a6b.png
content-length: 8124
x-request-id: 78aa4846a45e2b66aaa62885028d9914
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Wed, 12 May 2021 23:51:18 GMT
server: nginx
x-timer: S1624840624.826436,VS0,VE0
etag: "934311efc296107fd313f7140cc3e2a6"
x-served-by: cache-wdc5566-WDC, cache-dca12922-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 16

GET
H2 200 bengal_vs_karnataka_ranji_trophy_semi_final_cab_facebook.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn-images.spcafe.in/img/es3-cfill-w480-h240/articles/Cricket_1/ 51 KB
52 KB 834ms
829ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn-images.spcafe.in/img/es3-cfill-w480-h240/articles/Cricket_1/bengal_vs_karnataka_ranji_trophy_semi_final_cab_facebook.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 03b76ecad56b72ead740100f70e31447ac1cb41df1d755643d12dc95fb6fd973

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 797
date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 varnish, 1.1 varnish
age: 0
edge-cache-tag: 585069233870261852667487440098654484399,308988584250984091245729376248888710740,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 692
x-cache: MISS, MISS, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//cdn-images.spcafe.in/img/es3-cfill-w480-h240/articles/Cricket_1/bengal_vs_karnataka_ranji_trophy_semi_final_cab_facebook.jpg
content-length: 52574
x-request-id: 97df915124a561f7f5d899b94d4972e6
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb103
last-modified: Tue, 22 Jun 2021 15:04:09 GMT
server: nginx
x-timer: S1624840624.836570,VS0,VE797
etag: "dabfc753b8568ed91a779b42deb41ac9"
x-served-by: cache-wdc5534-WDC, cache-dca17775-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0

GET
H2 400 close.svg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//staticg.reportdoor.com/ 0
0 413ms
409ms Image
application/json 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//staticg.reportdoor.com/close.svg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 sddefault.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//img.youtube.com/vi/H2WebtENtc0/ 66 KB
67 KB 148ms
144ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//img.youtube.com/vi/H2WebtENtc0/sddefault.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 55b7ccc66c65c50f00e31d89611caa1a807a67156941e164410aba6645dabc5b

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 99
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 255317
edge-cache-tag: 362629665643450234393606288726272304567,308988584250984091245729376248888710740,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 994
x-cache: MISS, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//img.youtube.com/vi/H2WebtENtc0/sddefault.jpg
content-length: 67668
x-request-id: cd303c1b57cd49094d334c029e708b43
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Tue, 22 Jun 2021 20:50:54 GMT
server: nginx
x-timer: S1624840624.844610,VS0,VE99
etag: "9c195560396c951d507f3caaa512a835"
x-served-by: cache-wdc5549-WDC, cache-dca17761-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0

GET
H2 200 ben-wallace-getty-ftr-091216_hdkktlsulkbt1nu1nhc282p4x.jpg%3Ft%3D575203783
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//images.daznservices.com/di/library/sporting_news/c4/78/ 38 KB
38 KB 181ms
177ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//images.daznservices.com/di/library/sporting_news/c4/78/ben-wallace-getty-ftr-091216_hdkktlsulkbt1nu1nhc282p4x.jpg%3Ft%3D575203783
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 294068d5ec91e5bbd0b74f177d18eb12b7bcdddbcb85b701eea17ddd551e0a8d

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 137
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 200018
edge-cache-tag: 537124054261318096232604269314324524721,308988584250984091245729376248888710740,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 927
x-cache: MISS, MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//images.daznservices.com/di/library/sporting_news/c4/78/ben-wallace-getty-ftr-091216_hdkktlsulkbt1nu1nhc282p4x.jpg%3Ft%3D575203783
content-length: 38656
x-request-id: 69b661119b18ab0320b5d33e2725589c
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb105
last-modified: Wed, 23 Jun 2021 02:26:01 GMT
server: nginx
x-timer: S1624840624.844579,VS0,VE137
etag: "225df6f16235957a4fe7299e3ad55ed8"
x-served-by: cache-wdc5571-WDC, cache-dca17775-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1

GET
H2 400 59137-16245558435595-800.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//staticg.reportdoor.com/editor/2021/06/ 0
0 389ms
385ms Image
application/json 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//staticg.reportdoor.com/editor/2021/06/59137-16245558435595-800.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 im-350504%3Fwidth%3D620%26size%3D1.5
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.barrons.com/ 58 KB
59 KB 151ms
147ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.barrons.com/im-350504%3Fwidth%3D620%26size%3D1.5
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: a89d9de3ddbc5fd21795f18b54e89da31ea1a6762c3d0962ff682c30c27e5de3

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 99
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 438679
edge-cache-tag: 375608117297237996124714967892262963044,392933856032853361833841845111496461250,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 578
x-cache: MISS, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.barrons.com/im-350504%3Fwidth%3D620%26size%3D1.5
content-length: 59552
x-request-id: 6caac72f8b468932b2481fbcd21c9cb3
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb101
last-modified: Tue, 22 Jun 2021 13:00:04 GMT
server: nginx
x-timer: S1624840624.844551,VS0,VE99
etag: "bfd42b39078d571e0b9b28448670ad24"
x-served-by: cache-wdc5559-WDC, cache-dca17783-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0

GET
H2 200 im-357178%3Fwidth%3D620%26size%3D1.5
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.barrons.com/ 42 KB
43 KB 145ms
142ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.barrons.com/im-357178%3Fwidth%3D620%26size%3D1.5
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ef23bc9af65285512125db6ec7866dd22b88eb76160b765b05c2fdc80e2ea2a8

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 98
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 512325
edge-cache-tag: 347304794744963954928574768849796929971,392933856032853361833841845111496461250,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 426
x-cache: MISS, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.barrons.com/im-357178%3Fwidth%3D620%26size%3D1.5
content-length: 43062
x-request-id: f65da1bd45f3cf1ca4d35a39a9096056
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Mon, 21 Jun 2021 23:35:01 GMT
server: nginx
x-timer: S1624840624.844537,VS0,VE98
etag: "53544c231fb6b85228266016740e134e"
x-served-by: cache-wdc5547-WDC, cache-dca17763-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0

GET
H2 200 047b6b6888db4e16e167bf933c0c9b78
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s.yimg.com/ny/api/res/1.2/jWef9BjoaFZWbpHFMJGiBA--/YXBwaWQ9aGlnaGxhbmRlcjt3PTcwNT... 45 KB
46 KB 216ms
212ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s.yimg.com/ny/api/res/1.2/jWef9BjoaFZWbpHFMJGiBA--/YXBwaWQ9aGlnaGxhbmRlcjt3PTcwNTtoPTM5Ni41NjI1/https%3A//s.yimg.com/uu/api/res/1.2/FGhBkSAdTsRDp2NzdTcLOw--~B/aD01NDk7dz05NzY7YXBwaWQ9eXRhY2h5b24-/https%3A//media.zenfs.com/en/bbc_us_articles_995/047b6b6888db4e16e167bf933c0c9b78
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3742b0c9042bd5c823160c3fce69eb156b8e3f63be55dd7ab9e33a8660a18b0f

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 171
date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 varnish, 1.1 varnish
age: 559529
edge-cache-tag: 583986642326343653259912844109446948985,392933856032853361833841845111496461250,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 720
x-cache: MISS, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s.yimg.com/ny/api/res/1.2/jWef9BjoaFZWbpHFMJGiBA--/YXBwaWQ9aGlnaGxhbmRlcjt3PTcwNTtoPTM5Ni41NjI1/https%3A//s.yimg.com/uu/api/res/1.2/FGhBkSAdTsRDp2NzdTcLOw--~B/aD01NDk7dz05NzY7YXBwaWQ9eXRhY2h5b24-/https%3A//media.zenfs.com/en/bbc_us_articles_995/047b6b6888db4e16e167bf933c0c9b78
content-length: 45960
x-request-id: 96603c2ea70eb4c0190bf5dfe2969294
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb105
last-modified: Mon, 21 Jun 2021 12:09:41 GMT
server: nginx
x-timer: S1624840624.844518,VS0,VE171
etag: "41125b95563175d89cee15d99373d5c8"
x-served-by: cache-wdc5559-WDC, cache-dca17766-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0

GET
H2 200 5c10025ee45a9d9939bbdac0210db98d_1000x600_1c9ba4ab4eb1002c42b12e0ec8f72aa2.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a6cb1edf-85ae-42d3-8ce3-0c3ef2d08771/ 45 KB
45 KB 94ms
90ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a6cb1edf-85ae-42d3-8ce3-0c3ef2d08771/5c10025ee45a9d9939bbdac0210db98d_1000x600_1c9ba4ab4eb1002c42b12e0ec8f72aa2.png
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d9a8f892fbc84d6225b1233e98eedb3bca1f874cbdb28ef732f1c20b51011fa7

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1535502
edge-cache-tag: 501088070181749202834824248235861884070,475000658346574341699039966618312097677,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 86
expiration: expiry-date="Mon, 28 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//console.brax-cdn.com/creatives/a6cb1edf-85ae-42d3-8ce3-0c3ef2d08771/5c10025ee45a9d9939bbdac0210db98d_1000x600_1c9ba4ab4eb1002c42b12e0ec8f72aa2.png
content-length: 46018
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb102
last-modified: Fri, 28 May 2021 07:18:39 GMT
server: nginx
x-timer: S1624840624.846249,VS0,VE1
etag: "d9940353a0b2c687db905fd606eb1ede"
x-served-by: cache-wdc5522-WDC, cache-dca17750-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 4ba61abba588224bb6b3fc2e896b55db.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 14 KB
15 KB 112ms
108ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4ba61abba588224bb6b3fc2e896b55db.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d4438fb57a9210392c94d36ff96cbe2510eb53c2af9d62d7f980bf5088c14688

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 2
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1534879
edge-cache-tag: 444779579460461744335261395609846798406,475000658346574341699039966618312097677,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 77
x-cache: HIT, MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4ba61abba588224bb6b3fc2e896b55db.jpg
content-length: 14570
x-request-id: 75e970ba6d192d84cb5550ecfb77a377
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb105
last-modified: Mon, 07 Jun 2021 06:11:54 GMT
server: nginx
x-timer: S1624840624.846237,VS0,VE2
etag: "61b94250f61e8f3bc96e853cfd98833a"
x-served-by: cache-wdc5547-WDC, cache-dca17782-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 0, 1

GET
H2 200 mat-barzal-islanders-062121-getty-ftrjpeg_18qndkybkvo8611mhot0vz3ueb.jpg%3Ft%3D844710298
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//images.daznservices.com/di/library/sporting_news/e2/e9/ 13 KB
13 KB 685ms
681ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//images.daznservices.com/di/library/sporting_news/e2/e9/mat-barzal-islanders-062121-getty-ftrjpeg_18qndkybkvo8611mhot0vz3ueb.jpg%3Ft%3D844710298
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 4c59eab430881aa1a70b824e19e8b913f4e2e1206b107fdbc75703587a90f6cf

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 639
date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 varnish, 1.1 varnish
age: 0
edge-cache-tag: 488216362567679058270485292754119680473,491862125603500554501118228743896000770,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 533
x-cache: MISS, MISS, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//images.daznservices.com/di/library/sporting_news/e2/e9/mat-barzal-islanders-062121-getty-ftrjpeg_18qndkybkvo8611mhot0vz3ueb.jpg%3Ft%3D844710298
content-length: 13112
x-request-id: fb9828c8541713536388df45e4f3237f
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb104
last-modified: Tue, 22 Jun 2021 07:08:41 GMT
server: nginx
x-timer: S1624840624.846221,VS0,VE639
etag: "69727e80570312d135a14eb59d958cc6"
x-served-by: cache-wdc5538-WDC, cache-dca17772-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0

GET
H2 200 sddefault.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//img.youtube.com/vi/GGVPyC7C7U0/ 13 KB
14 KB 609ms
605ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//img.youtube.com/vi/GGVPyC7C7U0/sddefault.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 1b0be9efbe443d060022e33c9432a504923ccf16d2e834248ebf824913e220b9

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 563
date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 varnish, 1.1 varnish
age: 0
edge-cache-tag: 484771106852115076764894555678345019169,491862125603500554501118228743896000770,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 444
x-cache: MISS, MISS, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//img.youtube.com/vi/GGVPyC7C7U0/sddefault.jpg
content-length: 13788
x-request-id: 64f7fca8abef2697a117ea6eed41da9c
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Sun, 27 Jun 2021 07:26:11 GMT
server: nginx
x-timer: S1624840624.846205,VS0,VE563
etag: "eeea98fc422c111c84ac65c911fa65ed"
x-served-by: cache-wdc5583-WDC, cache-dca17779-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0

GET
H2 200 19410278be0a4dcfb48d75ba5dc08163.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 16 KB
17 KB 89ms
85ms Image
image/jpeg 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/19410278be0a4dcfb48d75ba5dc08163.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: cloudinary /
Resource Hash: f0671afc074a69219c31a43b75690d16ccef151aff84fdbd8f404e7136670321

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
age: 1530600
edge-cache-tag: 455565595666334868714783799894532816029,491862125603500554501118228743896000770,29ecf9b93bbf306179626feeda1fab70
expiration: expiry-date="Mon, 28 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/19410278be0a4dcfb48d75ba5dc08163.jpg
content-length: 16803
x-served-by: cache-dca17767-DCA, cache-dca17763-DCA, cache-fra19182-FRA
x-backend-name: CLOUDINARY-FALLBACK:3FP7YNX3LMizprTZsG7BSW--F_addr_taboola_res_cloudinary_com
last-modified: Fri, 28 May 2021 06:54:30 GMT
server: cloudinary
x-timer: S1624840624.846197,VS0,VE1
etag: "95e2991460c23e2fb8bc4ccd61ef71a4"
vary: ImageFormat
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

GET
H2 200 bb2ff75762014b899cdb5582dfad52f0.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//media.workandmoney.com/bb/2f/ 16 KB
17 KB 94ms
90ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//media.workandmoney.com/bb/2f/bb2ff75762014b899cdb5582dfad52f0.jpeg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 6287b8c51fffc3aad351010997bb0a69e52173df88b7d61971b104658d6dfc3d

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1507951
edge-cache-tag: 482613503905707056059541416150159281478,491862125603500554501118228743896000770,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 146
expiration: expiry-date="Mon, 28 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, MISS, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_272%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//media.workandmoney.com/bb/2f/bb2ff75762014b899cdb5582dfad52f0.jpeg
content-length: 16778
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Fri, 28 May 2021 06:49:36 GMT
server: nginx
x-timer: S1624840624.846184,VS0,VE1
etag: "e3875bcbf8fadf750f3322afc831aee3"
x-served-by: cache-wdc5547-WDC, cache-dca17744-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 0, 1

GET
H2 400 99c7f9ac6c2c5d3aa6f0e868c1c42b16_xs.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.reportdoor.com/image/99/5by4/2018/11/02/ 0
0 369ms
365ms Image
application/json 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.reportdoor.com/image/99/5by4/2018/11/02/99c7f9ac6c2c5d3aa6f0e868c1c42b16_xs.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 c5777bc0-ce11-11eb-bbff-ef3e0a6f7068
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s.yimg.com/ny/api/res/1.2/4GHiHs23x2NmYjxd38PTkA--/YXBwaWQ9aGlnaGxhbmRlcjt3PTk2MD... 49 KB
50 KB 815ms
812ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s.yimg.com/ny/api/res/1.2/4GHiHs23x2NmYjxd38PTkA--/YXBwaWQ9aGlnaGxhbmRlcjt3PTk2MDtoPTU0MA--/https%3A//s.yimg.com/os/creatr-uploaded-images/2021-06/c5777bc0-ce11-11eb-bbff-ef3e0a6f7068
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 01db466a6f01e93bdecee5b15eb5d6cb650ebc03a0109d4c2feece4cbdc1b745

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 769
date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 varnish, 1.1 varnish
age: 0
edge-cache-tag: 576156838437054818859233061887517887093,475000658346574341699039966618312097677,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 668
x-cache: MISS, MISS, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s.yimg.com/ny/api/res/1.2/4GHiHs23x2NmYjxd38PTkA--/YXBwaWQ9aGlnaGxhbmRlcjt3PTk2MDtoPTU0MA--/https%3A//s.yimg.com/os/creatr-uploaded-images/2021-06/c5777bc0-ce11-11eb-bbff-ef3e0a6f7068
content-length: 50262
x-request-id: e1eb73d8a7a26e40e33f1d353a953373
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb101
last-modified: Tue, 22 Jun 2021 11:32:16 GMT
server: nginx
x-timer: S1624840624.846156,VS0,VE769
etag: "7b706dc177c74009688df23a1dec1286"
x-served-by: cache-wdc5583-WDC, cache-dca17724-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0

GET
H2 200 02beacdc2b6b29bd0e81db08af93a834.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 8 KB
8 KB 139ms
136ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/02beacdc2b6b29bd0e81db08af93a834.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3ad03ae4c99808477308cea2f49c653489bda6a1c354559d7df4b3dfe512a407

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 93
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1089297
edge-cache-tag: 496108243084567347399365108835628762073,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 29
expiration: expiry-date="Sat, 10 Jul 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/02beacdc2b6b29bd0e81db08af93a834.jpg
content-length: 7830
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb105
last-modified: Wed, 09 Jun 2021 08:20:04 GMT
server: nginx
x-timer: S1624840624.846145,VS0,VE93
etag: "8685d6646d2aef31ef5da35141bdc90f"
x-served-by: cache-wdc5570-WDC, cache-dca17783-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0

GET
H2 200 cb0ea9c5a99032f2b9fa3282a4bbc6fe.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 10 KB
10 KB 86ms
82ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cb0ea9c5a99032f2b9fa3282a4bbc6fe.png
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3ede392f58143e254f9b4c60c6226c553d378332d3f2076d80e0b7cb295c1b82

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1686921
x-cache: HIT, HIT
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 247
expiration: expiry-date="Thu, 10 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/cb0ea9c5a99032f2b9fa3282a4bbc6fe.png
content-length: 10002
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb101
last-modified: Mon, 10 May 2021 06:25:38 GMT
server: nginx
x-timer: S1624840624.846130,VS0,VE1
etag: "b5d6a387e98891a45448a781c74738f6"
x-served-by: cache-dca17771-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1

GET
H2 200 1586245334889aec58c8f3a76368328d092e922eef06d.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3.amazonaws.com/shinez-pictures/ 13 KB
13 KB 82ms
79ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3.amazonaws.com/shinez-pictures/1586245334889aec58c8f3a76368328d092e922eef06d.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ffb4bad80228d02f74cd9a36e1298e9346831800ae59c168371d4ed5ef087615

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1594435
edge-cache-tag: 318784936357710401190584530198686424018,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 25
expiration: expiry-date="Sun, 13 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3.amazonaws.com/shinez-pictures/1586245334889aec58c8f3a76368328d092e922eef06d.jpg
content-length: 12990
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb101
last-modified: Thu, 13 May 2021 13:50:56 GMT
server: nginx
x-timer: S1624840624.846120,VS0,VE1
etag: "0e030bbf8dc853ed7a504da22f615ff8"
x-served-by: cache-wdc5577-WDC, cache-dca17779-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 1617177826938a14141d3bca4cb41620f72354f58c4ff.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3.amazonaws.com/shinez-pictures/ 16 KB
16 KB 77ms
73ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3.amazonaws.com/shinez-pictures/1617177826938a14141d3bca4cb41620f72354f58c4ff.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 7848f54620ef0569b6e3a0769e23ce0462496073e0bad06be8ebd9ed1d19815f

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 4263822
edge-cache-tag: 406382820122033804965516428113552605837,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 40
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3.amazonaws.com/shinez-pictures/1617177826938a14141d3bca4cb41620f72354f58c4ff.jpg
content-length: 16340
x-request-id: fc78ed3e9297f729add635e7c35b3f74
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Sat, 01 May 2021 23:37:44 GMT
server: nginx
x-timer: S1624840624.846104,VS0,VE0
etag: "cfb81d1c25d5df13d4eb7419bb7d685a"
x-served-by: cache-wdc5564-WDC, cache-dca12928-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 2

GET
H2 200 6327fc833cee6fefaab640592e62733e.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 14 KB
15 KB 111ms
108ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6327fc833cee6fefaab640592e62733e.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 8475c7fe1f246af800a01160b65007c6e1d3be8443750d12620769b95f93cafd

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 2
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1624426
edge-cache-tag: 378793886282804067441738928725402798551,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 24
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6327fc833cee6fefaab640592e62733e.jpg
content-length: 14514
x-request-id: 27fde3164406ddddc20ffcc12a9b40eb
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb102
last-modified: Tue, 11 May 2021 22:52:25 GMT
server: nginx
x-timer: S1624840624.846091,VS0,VE2
etag: "f2b02542ae767cee38d244de60b593b0"
x-served-by: cache-wdc5568-WDC, cache-dca17738-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 186278979__bVsgo6bX.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/ 8 KB
9 KB 144ms
141ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/186278979__bVsgo6bX.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 6ab7998fc117e222538bd1b982bc8bb4f3fcdd777874669f9d846f675e98bc0e

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 96
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1506921
edge-cache-tag: 452541439048918191344062956147944155167,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 57
expiration: expiry-date="Sun, 20 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/186278979__bVsgo6bX.jpg
content-length: 8578
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
last-modified: Thu, 20 May 2021 09:16:28 GMT
server: nginx
x-timer: S1624840624.846078,VS0,VE96
etag: "166f1c38afde0cf39c1c0bd4378632b4"
x-served-by: cache-wdc5520-WDC, cache-dca17741-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0

GET
H2 200 36b4bafb7ba52815435b1eebc5d9f11c.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 4 KB
5 KB 88ms
84ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/36b4bafb7ba52815435b1eebc5d9f11c.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ddb904dd34fad2b04d556eb4e0d993e6c4866a627b16ccafcb9b2df0742bf5fc

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1573740
edge-cache-tag: 492831347513445394849443642188083908490,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 46
expiration: expiry-date="Sun, 13 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/36b4bafb7ba52815435b1eebc5d9f11c.jpg
content-length: 4114
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
last-modified: Thu, 13 May 2021 06:44:00 GMT
server: nginx
x-timer: S1624840624.846547,VS0,VE1
etag: "902fe430cab368d8e6fbecb6756b9222"
x-served-by: cache-wdc5583-WDC, cache-dca17738-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 c010d327bc2ded537069688382b8dedf.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 9 KB
10 KB 92ms
89ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c010d327bc2ded537069688382b8dedf.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: aa2955d5dd4ce4ef2924082a05a9a5e3651f57847c291d0b39106be6c72ff911

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 3976116
edge-cache-tag: 489493689438044085796774639205101185344,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 33
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c010d327bc2ded537069688382b8dedf.jpg
content-length: 9128
x-request-id: 72152a1bbd097d2ce73416bba98884b6
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb106
last-modified: Sat, 08 May 2021 15:43:36 GMT
server: nginx
x-timer: S1624840624.846530,VS0,VE1
etag: "6272426fcb033b0eec54775b624bcf9e"
x-served-by: cache-wdc5526-WDC, cache-dca17767-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 6f55ab7913b49d76d3572a8168767957.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 21 KB
22 KB 138ms
135ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6f55ab7913b49d76d3572a8168767957.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 62e20cbfd29f2ccf2ebeecbcd5d8a7121e92e63b60d5dcd09de41780aba5b38a

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 92
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 234415
edge-cache-tag: 363093356998562154820721497868521257427,409727528766170011329604497963433340809,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 104
expiration: expiry-date="Fri, 09 Jul 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_200%2Cw_360%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6f55ab7913b49d76d3572a8168767957.jpg
content-length: 21828
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb105
last-modified: Tue, 08 Jun 2021 09:41:26 GMT
server: nginx
x-timer: S1624840624.846521,VS0,VE92
etag: "2cdfd02074bdd700ceba270556a78a87"
x-served-by: cache-wdc5555-WDC, cache-dca17743-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 0

GET
H2 204 abtests
trc.taboola.com/reportdoor-reportdoor/log/3/ 0
63 B 94ms
90ms Image
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/reportdoor-reportdoor/log/3/abtests?route=AM:IL:V&lti=deflated&ri=f9accf03d5f91e6646eddffe60b3bca8&sd=v2_005254a94d894049434f55e7e0e2eba3_c7d1e525-22e6-4c1a-a94f-cf806814d6b3-tuct7d29f2e_1624840622_1624840622_CNawjgYQgdhPGM-msYClLyABKAEwOjj5twhAnYoQSLva2ANQuNkMWABgAGixr-m1yv33zq0B&ui=c7d1e525-22e6-4c1a-a94f-cf806814d6b3-tuct7d29f2e&pi=/microsoft-signed-a-driver-loaded-with-rootkit-malware&wi=4709542567805584580&pt=text&vi=1624840622927&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22animated_story%22%2C%22type%22%3A%22available%22%2C%22eventTime%22%3A1624840623756%7D&tim=02%3A37%3A03.757&id=1835&llvl=1&cv=20210627-5-RELEASE&
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 57
pragma: no-cache
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish
server: nginx
x-timer: S1624840624.831418,VS0,VE57
x-served-by: cache-hhn11563-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 5ffec4092601f959f3c0a38824120021.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_545%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 20 KB
20 KB 105ms
102ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_545%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5ffec4092601f959f3c0a38824120021.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ef8c5caef430107e5e8c11836f244e6eed112a40452684727b0759ae10cb66fe

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1624118
edge-cache-tag: 409756542051007476421227728169281916845,349069093747406351833686533697612050307,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 73
expiration: expiry-date="Thu, 17 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_545%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/5ffec4092601f959f3c0a38824120021.jpg
content-length: 20010
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb103
last-modified: Mon, 17 May 2021 06:54:51 GMT
server: nginx
x-timer: S1624840624.846512,VS0,VE1
etag: "877ac52221b5acea6f3bcbc83459c6f6"
x-served-by: cache-wdc5577-WDC, cache-dca17735-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 1

GET
H2 200 2a363cff6672ab7ac3333b039ce80ae6.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_545%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 66 KB
66 KB 141ms
138ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_545%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2a363cff6672ab7ac3333b039ce80ae6.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 658e2863570da76a06509e48a6f6465d4038d3d344283ed6f80a2dbb55026e96

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 95
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 586797
edge-cache-tag: 543688235252542574304186355776877182059,349069093747406351833686533697612050307,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 123
expiration: expiry-date="Thu, 24 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_545%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2a363cff6672ab7ac3333b039ce80ae6.jpg
content-length: 67348
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Mon, 24 May 2021 16:48:06 GMT
server: nginx
x-timer: S1624840624.846496,VS0,VE95
etag: "4f5c546e72243da9d4a0fc0bf1cddd63"
x-served-by: cache-wdc5560-WDC, cache-dca17779-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0

GET
H2 200 sex.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_545%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//buzzdestination.com/wp-content/uploads/2021/04/ 33 KB
33 KB 104ms
101ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_545%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//buzzdestination.com/wp-content/uploads/2021/04/sex.jpeg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 01a3e95cb9a4970783a229ca81f11858b17e10dc3331b5bcb1c7d60811b82df8

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1515965
edge-cache-tag: 500050963276738115884016640740911842539,349069093747406351833686533697612050307,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 197
expiration: expiry-date="Mon, 14 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_545%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//buzzdestination.com/wp-content/uploads/2021/04/sex.jpeg
content-length: 33354
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb104
last-modified: Fri, 14 May 2021 04:11:15 GMT
server: nginx
x-timer: S1624840624.846480,VS0,VE1
etag: "891c0c70152d4fd76162841dec83b1c6"
x-served-by: cache-wdc5559-WDC, cache-dca17757-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

GET
H2 200 e014f5af679a325b538624c3ca158160.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_545%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 40 KB
40 KB 140ms
136ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_545%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e014f5af679a325b538624c3ca158160.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e0688c1695f53db5945da223ae206cc8c7c1810c432492876c69fcd150212b41

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 93
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1530729
edge-cache-tag: 412121695352483815730425332908529671073,349069093747406351833686533697612050307,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 99
x-envoy-upstream-service-time: 105
expiration: expiry-date="Sun, 20 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, MISS
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_545%2Cw_980%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e014f5af679a325b538624c3ca158160.jpg
content-length: 40544
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb103
last-modified: Thu, 20 May 2021 16:35:53 GMT
server: nginx
x-timer: S1624840624.846463,VS0,VE93
etag: "6c5cf1007cda903df9d7bcf62405dfd2"
x-served-by: cache-wdc5551-WDC, cache-dca17723-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0

GET
H2 200 ab0fbee6a082fac284afe4dbb512c66e.jpg
images.taboola.com/taboola/image/fetch/h_545,w_980,c_fill,g_xy_center,x_1290,y_1082/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 22 KB
22 KB 330ms
327ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/h_545,w_980,c_fill,g_xy_center,x_1290,y_1082/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ab0fbee6a082fac284afe4dbb512c66e.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 39e61cbb0dfe7a9968b88026e29d8a44949167934a0074498ad5dc18529bbe76

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 285
date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 varnish, 1.1 varnish
age: 323838
edge-cache-tag: 303830741549662904794229870219781838933,479826023471491545924014611364723704429,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 121
expiration: expiry-date="Sun, 11 Jul 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, MISS
x-debug: /taboola/image/fetch/h_545,w_980,c_fill,g_xy_center,x_1290,y_1082/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ab0fbee6a082fac284afe4dbb512c66e.jpg
content-length: 22088
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
last-modified: Thu, 10 Jun 2021 07:30:16 GMT
server: nginx
x-timer: S1624840624.846451,VS0,VE285
etag: "6afc55b641fc17405353ca1d1230ca77"
x-served-by: cache-wdc5578-WDC, cache-dca17727-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 0

GET
H2 200 next-up-widget.20210627-5-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 14 KB
5 KB 34ms
34ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/next-up-widget.20210627-5-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/reportdoor-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8f603faf967f72584b8facd94d742aca30712b21f7ef57ec3b867e3b8302361b

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: jJ1mhdfq95tQy2yj_7JGWvtd8588wx7D
content-encoding: gzip
etag: "b17db44261910587d60b5e22437a28ba"
age: 18299
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 4419
x-amz-id-2: qHMBfNE1U9JlixxdaOhnAG1zNOP+q0qffcchkPOQPOi3Axs8crkb5jeE6SUKIUQxmHEBOHK7SUk=
x-served-by: cache-hhn11563-HHN
last-modified: Sun, 27 Jun 2021 19:32:00 GMT
server: AmazonS3
x-timer: S1624840624.806515,VS0,VE0
date: Mon, 28 Jun 2021 00:37:03 GMT
vary: Accept-Encoding
x-amz-request-id: YT8M7FT9DDKEDH36
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 24
x-cache-hits: 5467

GET
H2 400 99c7f9ac6c2c5d3aa6f0e868c1c42b16_xs.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.reportdoor.com/image/99/5by4/2018/11/02/ 0
0 425ms
424ms Image
application/json 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.reportdoor.com/image/99/5by4/2018/11/02/99c7f9ac6c2c5d3aa6f0e868c1c42b16_xs.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 1606145034646ef4be4236722bcfa372696c2dd0790d7.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3.amazonaws.com/shinez-pictures/ 4 KB
5 KB 34ms
34ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3.amazonaws.com/shinez-pictures/1606145034646ef4be4236722bcfa372696c2dd0790d7.jpg
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 94b79cad4e07f66d8ea6c328e5f877f7619a1e64417bb63a6e98031fad40ebf3

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 1619564
edge-cache-tag: 390041286483076045029295878356100687686,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 100
x-envoy-upstream-service-time: 82
expiration: expiry-date="Mon, 14 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: MISS, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//s3.amazonaws.com/shinez-pictures/1606145034646ef4be4236722bcfa372696c2dd0790d7.jpg
content-length: 4104
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
last-modified: Fri, 14 May 2021 08:30:24 GMT
server: nginx
x-timer: S1624840624.957523,VS0,VE1
etag: "686b2f89dfc29b5884992170eaf22a54"
x-served-by: cache-wdc5575-WDC, cache-dca12922-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1

GET
H2 200 509aec62cc707de45bbe0d733bca8e4a.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 3 KB
4 KB 33ms
33ms Image
image/webp 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/509aec62cc707de45bbe0d733bca8e4a.png
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 8dd97efc387502e004e4b57aef50efed41f06e3ab1b11026367c2043406aebbb

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Mon, 28 Jun 2021 00:37:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 2129266
edge-cache-tag: 611593712896976824034525124939221346344,484438202950987515417932874384580560546,29ecf9b93bbf306179626feeda1fab70
x-ratelimit-remaining: 98
x-envoy-upstream-service-time: 14
expiration: expiry-date="Thu, 03 Jun 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
x-cache: HIT, HIT, HIT
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/509aec62cc707de45bbe0d733bca8e4a.png
content-length: 3418
x-backend-name: US_DIR:3FP7YNX3LMizprTZsG7BSW--F_US_nlb105
last-modified: Mon, 03 May 2021 00:31:54 GMT
server: nginx
x-timer: S1624840624.957518,VS0,VE0
etag: "cc36208991a8e0e9fda8d5c033b140fc"
x-served-by: cache-wdc5528-WDC, cache-dca12921-DCA, cache-fra19182-FRA
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 1, 2

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame EA64 0
0 16ms
16ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C-l1erhnZYNbRF-qX9u8P14Wd8AXJ4LCIY5H2sO3uDQoQASDtgvkxYJUCoAHB1MG0AcgBCakCQzZDmXsGtD6oAwGqBL0BT9ArgUvnS5fUV9pjC8hKjP7FCF-ujwkvnEaHSLSyJbT2NYHi856itKGrzAQRFoSAZwVtJvuCVNTEJvbU6GUogPQjxVvTWddjm2Jv2pFqf0JzAksug6rNc5QJc0o6wYezy3_5nZnT50w2IBRVjgNAQE8K4atEkz926rHfDt6lElotoNKp1C3jkCH3AdETJsqrHPNi7N1Bb0J9K7RQ67YBY9HrEoF5qLuo9x8__EWHmdmKy9prGhKCrhKoROT8wASghuOuzgOgBi6AB6ervssCqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEIeNA9IICQiA4YAQEAEYH4AKAcgLAdgTA4gUBdAVAZgWAYAXAbIXGgoYCAASFHB1Yi0zNTExNDQzNzk5NDA3NDk5&sigh=h55gT8Dv8RY&vt=1&template_id=484&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=2241232556&adf=3132389021&pi=t.ma~as.2385331166&w=970&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=970x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622188&bpp=2&bdt=222&idt=166&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=315&ady=230&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=enIPsurCuu&p=https%3A//www.reportdoor.com&dtd=182
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 28 Jun 2021 00:37:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EA64 42 B
64 B 15ms
15ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuG86W08mX3Z7132B7tAaWF9HhadoToOmmIU6ilN9Xi9-XxJWxQWqrjcDHL7yYRqI3u0fopgCFeh7eRN0Kze3rz6b3EFLxcifpc4tyF6KX8mDeWoBheZcpBejBUPg&sai=AMfl-YREhQTRQ16mEEySlXr5PPkiACePSdFh3sn_4y-6zc7wPkbxeY4pjZ7O_xG7Sz18Ab7PvZeAjG3Xb5JL&sig=Cg0ArKJSzAODb08oeQTbEAE&id=lidar2&mcvt=1000&p=230,315,510,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210623&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2241232556&rs=2&met=mue&la=1&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1624840622373&dlt=512&rpt=87&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 00:37:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 st Show response
imprammp.taboola.com/ Frame 8811 540 B
453 B 44ms
42ms Document
text/html 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66442115&crid=5999075&dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&cmcv=&pix=undefined&cb=1624840624171&uv=2991&tms=1624840624171&abt=adh5c-1_vA!insc_vA!lotc_vA!mprdctdt6_vA!nrlc_vA!smbs!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=6FDC3DCE423564382704032210&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.4.7/UnitFeedManagerDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9deed26ee0dfda69edfc3ad20c367e086cec39853b5a13e6312279be70757da3

Request headers

:method: GET
:authority: imprammp.taboola.com
:scheme: https
:path: /st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66442115&crid=5999075&dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&cmcv=&pix=undefined&cb=1624840624171&uv=2991&tms=1624840624171&abt=adh5c-1_vA!insc_vA!lotc_vA!mprdctdt6_vA!nrlc_vA!smbs!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=6FDC3DCE423564382704032210&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reportdoor.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.reportdoor.com/

Response headers

server: nginx
content-type: text/html;charset=ISO-8859-1
content-encoding: gzip
accept-ranges: bytes
date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 varnish
x-served-by: cache-hhn11563-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1624840624.193669,VS0,VE10
vary: Accept-Encoding

GET
H2 200 sync Show response
am-match.taboola.com/ Frame 41AE 540 B
634 B 37ms
35ms Document
text/html 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.4.7/UnitFeedManagerDesktop.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: 9deed26ee0dfda69edfc3ad20c367e086cec39853b5a13e6312279be70757da3

Request headers

:method: GET
:authority: am-match.taboola.com
:scheme: https
:path: /sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reportdoor.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.reportdoor.com/

Response headers

server: nginx
date: Mon, 28 Jun 2021 00:37:04 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3403

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 7 KB
5 KB 92ms
90ms XHR
application/json 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=5999075&noaop=5&sortOrderType=0&cb=1624840624177&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=1241&pt=-1954979196&tz=120&viewable=true&ddast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&dtagid=2415085&dpubid=445025&abtst=adh5c-1_vA!insc_vA!lotc_vA!mprdctdt6_vA!nrlc_vA!smbs!ufm_vD&mPre=0.025&cirf=https%3A%2F%2Fwww.reportdoor.com&en=1&subu=3
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.4.7/UnitFeedManagerDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: b030b56b5b07381ddd0bf9930da8789c111785afa70fc3cebff0f2705548502a

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

date: Mon, 28 Jun 2021 00:37:04 GMT
content-encoding: gzip
access-control-allow-origin: https://www.reportdoor.com
machineid: 1433
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-hhn11563-HHN
pragma: no-cache
server: nginx
x-timer: S1624840624.198314,VS0,VE57
vary: Accept-Encoding
content-type: application/json;charset=utf-8
via: 1.1 varnish
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
link: <https://ioms.bfmio.com>; rel=preconnect,<https://search.spotxchange.com>; rel=preconnect
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 st
am-vid-events.taboola.com/ 0
43 B 38ms
35ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66442115&crid=5999075&dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&cmcv=&pix=31589837&cb=1624840624171&uv=2991&tms=1624840624171&abt=adh5c-1_vA!insc_vA!lotc_vA!mprdctdt6_vA!nrlc_vA!smbs!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&debug=pn:!sqg:!torgn:1624840615838.3!ts:1624840624171&mntl=1
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:04 GMT
content-length: 0
server: nginx

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 41AE 70 B
264 B 256ms
86ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 00:37:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

rtb-h Show response
sync-t1.taboola.com/sg/spotx-rtb-network/1/ Frame 41AE
Redirect Chain

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=f5cca044-d7a8-11eb-ae98-10b91cd50106&orig=video&us_privacy=1---

0
255 B

36ms
35ms

Script
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=f5cca044-d7a8-11eb-ae98-10b91cd50106&orig=video&us_privacy=1---
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.40.0.134:10213
date: Mon, 28 Jun 2021 00:37:04 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 14390

Redirect headers

Date: Mon, 28 Jun 2021 00:37:04 GMT
Server: nginx
Location: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=f5cca044-d7a8-11eb-ae98-10b91cd50106&orig=video&us_privacy=1---
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 85
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 41AE 43 B
146 B 108ms
34ms Image
image/gif 3.120.52.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.52.76 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-52-76.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 8811 70 B
265 B 246ms
81ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66442115&crid=5999075&dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&cmcv=&pix=undefined&cb=1624840624171&uv=2991&tms=1624840624171&abt=adh5c-1_vA!insc_vA!lotc_vA!mprdctdt6_vA!nrlc_vA!smbs!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=6FDC3DCE423564382704032210&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 00:37:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

rtb-h Show response
sync-t1.taboola.com/sg/spotx-rtb-network/1/ Frame 8811
Redirect Chain

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=f5cce89a-d7a8-11eb-a604-1a3233820506&orig=video&us_privacy=1---

0
255 B

36ms
35ms

Script
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=f5cce89a-d7a8-11eb-a604-1a3233820506&orig=video&us_privacy=1---
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66442115&crid=5999075&dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&cmcv=&pix=undefined&cb=1624840624171&uv=2991&tms=1624840624171&abt=adh5c-1_vA!insc_vA!lotc_vA!mprdctdt6_vA!nrlc_vA!smbs!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=6FDC3DCE423564382704032210&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.14.95:10213
date: Mon, 28 Jun 2021 00:37:04 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 14390

Redirect headers

Date: Mon, 28 Jun 2021 00:37:04 GMT
Server: nginx
Location: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=f5cce89a-d7a8-11eb-a604-1a3233820506&orig=video&us_privacy=1---
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 66
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 8811 43 B
145 B 103ms
35ms Image
image/gif 3.120.52.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
Requested by: Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66442115&crid=5999075&dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&cmcv=&pix=undefined&cb=1624840624171&uv=2991&tms=1624840624171&abt=adh5c-1_vA!insc_vA!lotc_vA!mprdctdt6_vA!nrlc_vA!smbs!ufm_vD&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=6FDC3DCE423564382704032210&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.52.76 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-52-76.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://imprammp.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2 200 cmTagFEED_MANAGER.js Show response
vidstat.taboola.com/vpaid/units/29_9_1/infra/ 723 KB
120 KB 99ms
32ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/29_9_1/infra/cmTagFEED_MANAGER.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.4.7/UnitFeedManagerDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 26c5d858bb753718f28cbf31527c7af12cc9a290e0943a6a4ce58d02507c3711

Request headers

Origin: https://www.reportdoor.com
Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:05 GMT
via: 1.1 varnish
age: 55811
x-amz-meta-mtime: 1624784714
x-cache: HIT
x-amz-meta-ctime: 1624784714
x-amz-meta-mode: 33188
content-encoding: br
content-length: 122312
x-amz-id-2: 8NKKus2ceNPFQwuLC3S0KMo9MzU5i6IUysUaxekBBnZ9iJ+w1m9X/1OUL9unjSKTMr6mrCppJy4=
x-served-by: cache-fra19152-FRA
accept-ranges: bytes
last-modified: Sun, 27 Jun 2021 09:05:15 GMT
server: AmazonS3-br
x-timer: S1624840625.333321,VS0,VE0
etag: "6d54c234c8201001b8b87b806d4ad682"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: 5GS6ZA6GB42E143X
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: application/javascript
access-control-allow-headers: *
x-cache-hits: 8709

GET
H2 200 cmOsUnit.css
vidstat.taboola.com/vpaid/units/29_9_1/assets/css/ 60 KB
8 KB 33ms
33ms Stylesheet
text/css 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/units/29_9_1/assets/css/cmOsUnit.css
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/3.4.7/UnitFeedManagerDesktop.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 6b514da2aed798bb9c409b346194c0e2b38edfd554f412e4af2717892f5300ff

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 varnish
age: 55810
x-amz-meta-mtime: 1624784732
x-cache: HIT
x-amz-meta-ctime: 1624784733
x-amz-meta-mode: 33188
content-encoding: br
content-length: 7948
x-amz-id-2: hbF2Li6yAhGRb9CWgdCciRF//uJ9nhh4OAFvaCYFUNQm3CNj/ngiQ/t2FEaYzoum43lVjLhtbX0=
x-served-by: cache-fra19123-FRA
accept-ranges: bytes
last-modified: Sun, 27 Jun 2021 09:05:34 GMT
server: AmazonS3-br
x-timer: S1624840624.307635,VS0,VE0
etag: "ab667f7a75f0ca28449b3d4701aa479a"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: 5GS9TGWCBDYKFBQK
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: text/css
access-control-allow-headers: *
x-cache-hits: 12103

GET 99c7f9ac6c2c5d3aa6f0e868c1c42b16_xs.jpg
images.reportdoor.com/image/99/5by4/2018/11/02/ 0
0

GET
H2 200 PMS.js Show response
vidstat.taboola.com/PMS/3.2.2/ 59 KB
18 KB 33ms
33ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/PMS/3.2.2/PMS.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_9_1/infra/cmTagFEED_MANAGER.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 82fba5f2a3814f5a06b59a3a4a84d9edc1145d1ca57d54ccf321ce03af57bb9a

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 96ab38d99b79d57e5c7e9b8a07c0fad3.cloudfront.net (CloudFront), 1.1 varnish
age: 1643884
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 17509
x-served-by: cache-fra19123-FRA
last-modified: Thu, 21 Jan 2021 11:30:56 GMT
server: AmazonS3
x-timer: S1624840625.522706,VS0,VE0
etag: "f237b8d35060f133ac8c595fd1234e1c"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: JVAUVHZomFBOTYSmiRyONx061K0r8J89HAeMC4sUhok9f7gqiMDPAg==
x-cache-hits: 1173243

GET
H2 200 content14_10_18m.js Show response
vidstat.taboola.com/ 37 KB
8 KB 33ms
33ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/content14_10_18m.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_9_1/infra/cmTagFEED_MANAGER.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ab8bbbaf028510d8b119cce741f0c2cc94816dcc113d83cac81a6aade6a76fa9

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 09f4ecc806a7e34780fd19a93b984724.cloudfront.net (CloudFront), 1.1 varnish
age: 4250888
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 7638
x-served-by: cache-fra19123-FRA
last-modified: Sun, 14 Oct 2018 13:31:31 GMT
server: AmazonS3
x-timer: S1624840625.612908,VS0,VE0
etag: "d8d81221ec6e604811ce469d899c9c8b"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA54
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: -TROi2rJAwAJZGjvQ1UUl45pz7OKYS6cCd8hK2LTON4-GEHuquvUjw==
x-cache-hits: 2505337

GET
H2 200 oppsula.js Show response
vidstat.taboola.com/oppsula/1.3.8/ 15 KB
5 KB 34ms
33ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/oppsula/1.3.8/oppsula.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_9_1/infra/cmTagFEED_MANAGER.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f60c4600705d04f5c55db54f646fec728f9458c4fbba35adb4ac114077cb2391

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 f7bf326347bdd7f275a38a22b5b83724.cloudfront.net (CloudFront), 1.1 varnish
age: 1552894
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 5164
x-served-by: cache-fra19123-FRA
last-modified: Tue, 14 Apr 2020 06:07:12 GMT
server: AmazonS3
x-timer: S1624840625.616923,VS0,VE0
etag: "328b70146f77a19d2bc0172c656d921e"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: dn5T0GNP1aO-b_P8C7pna3QaAbZXC_OUv0ztGQCxzCA8nHgZMgo10Q==
x-cache-hits: 1206230

GET
H2 200 video-autoplay-detector.js Show response
vidstat.taboola.com/video-autoplay-detector/1.0.0/ 8 KB
2 KB 33ms
33ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/video-autoplay-detector/1.0.0/video-autoplay-detector.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_9_1/infra/cmTagFEED_MANAGER.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5b497b3dea8511b361da644850f9a576c982e26ce7b18754c5c82f50f4049024

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront), 1.1 varnish
age: 1644099
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 2210
x-served-by: cache-fra19123-FRA
last-modified: Mon, 10 Jun 2019 11:55:53 GMT
server: AmazonS3
x-timer: S1624840625.616929,VS0,VE0
etag: "2fac39530c1c168282a35d1ab56450ed"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
access-control-allow-headers: *
x-amz-cf-id: Yo6KR3_XnOUi3NWD_VhTvYGGRyYggaAaoexq4W1dbbw3whiXkm5P2g==
x-cache-hits: 1118474

GET
H2 200 OvaMediaPlayer.js Show response
vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/ 549 KB
113 KB 33ms
33ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/OvaMediaPlayer.js
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_9_1/infra/cmTagFEED_MANAGER.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 93c3caa42ac8ebcf19a38b8865d1d0eb33a782f9e952b15368b2f0f584d068e3

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 varnish
age: 55979
x-amz-meta-mtime: 1624784553
x-cache: HIT
x-amz-meta-ctime: 1624784567
x-amz-meta-mode: 33188
content-encoding: br
content-length: 114879
x-amz-id-2: 4G2ZoT9AHFeh29ZvneABMOL6h0iw3G52oUtu1vNFnV+rTES0YWcdgftdqnxlXGal2reU8oX0auw=
x-served-by: cache-fra19123-FRA
accept-ranges: bytes
last-modified: Sun, 27 Jun 2021 09:02:48 GMT
server: AmazonS3-br
x-timer: S1624840625.629199,VS0,VE0
etag: "5a16314dfe21c320516fb6b700796f04"
x-amz-meta-uid: 0
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
x-amz-request-id: 3M6VR20WQ1GNXJR0
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-meta-gid: 0
content-type: application/javascript
access-control-allow-headers: *
x-cache-hits: 12187

GET
H2 200 sync Show response
am-match.taboola.com/ Frame 7654 547 B
632 B 37ms
36ms Document
text/html 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_9_1/infra/cmTagFEED_MANAGER.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: f6bae4ca156e482e18674459dea607744f46e2dece6a47d3b3672f1814596ff7

Request headers

:method: GET
:authority: am-match.taboola.com
:scheme: https
:path: /sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reportdoor.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=be2b6fcf-73bf-47fa-bec2-ea51c85020b6-tuct7d29f30
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.reportdoor.com/

Response headers

server: nginx
date: Mon, 28 Jun 2021 00:37:04 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3402

GET
BLOB 206
Partial Content eb088e72-c0e3-4ed8-a9bd-9657eb5abb2a
https://www.reportdoor.com/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.reportdoor.com/eb088e72-c0e3-4ed8-a9bd-9657eb5abb2a
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
BLOB 206
Partial Content bed6b030-05ea-4bae-b885-66e0cc5091f6
https://www.reportdoor.com/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.reportdoor.com/bed6b030-05ea-4bae-b885-66e0cc5091f6
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 7654 70 B
264 B 82ms
81ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 00:37:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 sync
x.bidswitch.net/ Frame 7654 43 B
145 B 34ms
34ms Image
image/gif 3.120.52.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.52.76 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-52-76.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 20D5
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=

281 B
554 B

106ms
35ms

Document
text/html

104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://am-match.taboola.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://am-match.taboola.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 28 Jun 2021 00:37:04 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Date: Mon, 28 Jun 2021 00:37:04 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK getmu Show response
ioms.bfmio.com/ 49 B
628 B 466ms
116ms XHR
application/xml 34.198.78.234
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ioms.bfmio.com/getmu?aid=84e8e789-616d-47d7-c714-4c50c98f0387&output=html5&width=700&height=393&v=1&pageurl=https%3A%2F%2Fwww.reportdoor.com&i_type=out&stream=out&playback=2&cb=R0.1624840624733&us_privacy=1---

Requested by

Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/OvaMediaPlayer.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.198.78.234 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-198-78-234.compute-1.amazonaws.com

Software

Resource Hash

ed8a3320b85003e4acda56beba20a58f9d931cbabc95024476a99be054813fe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding, User-Agent
Content-Type: application/xml
Access-Control-Allow-Origin: https://www.reportdoor.com
Access-Control-Expose-Headers: location
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 57
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 212394 Show response
search.spotxchange.com/vast/2.00/ 67 B
1 KB 143ms
50ms XHR
text/xml 185.94.180.123
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/vast/2.00/212394?VPAID=js&content_page_url=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F&player_width=700&player_height=393&cb=R0.1624840624735&content_id=main&playtime=60&custom[content][]=IAB1&custom[pub_lang]=en&schain[schainobject]=1.0,1!taboola.com,1305601,1,-1401699314&gdpr=1&gdpr_consent=&us_privacy=1---
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/OvaMediaPlayer.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.123 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: 78e958d620d6e40a19e424eee3a9b23932cd9bfa4d7f736442048777d203052d

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

Date: Mon, 28 Jun 2021 00:37:04 GMT
Content-Encoding: gzip
X-SpotX-Timing-Transform: 0.000335
X-SpotX-Timing-SpotMarket: 0.011187
X-SpotX-Timing-Page-Mux: 0.000212
X-SpotX-Timing-Page-Require: 0.000344
X-fe: 108
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000020
Content-Length: 77
X-SpotX-Timing-Page: 0.018044
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.003214
Last-Modified: Mon, 28 Jun 2021 00:37:04 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Vary: Accept-Encoding
X-SpotX-Timing-SpotMarket-Primary: 0.011187
Content-Type: text/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.reportdoor.com
X-SpotX-Timing-Page-Misc: 0.002721
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000010
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 204 bulk Show response
trc.taboola.com/reportdoor-reportdoor/log/3/ 0
74 B 153ms
153ms XHR
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/reportdoor-reportdoor/log/3/bulk?route=AM%3AIL%3AV&lti=deflated&bulkSize=14
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 100
pragma: no-cache
date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 varnish
server: nginx
x-timer: S1624840625.800237,VS0,VE100
x-served-by: cache-hhn11563-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.reportdoor.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

POST
H2 204 visible Show response
trc.taboola.com/reportdoor-reportdoor/log/3/ 0
220 B 114ms
114ms XHR
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/reportdoor-reportdoor/log/3/visible?route=AM%3AIL%3AV&lti=deflated
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 60
pragma: no-cache
date: Mon, 28 Jun 2021 00:37:04 GMT
via: 1.1 varnish
server: nginx
x-timer: S1624840625.822136,VS0,VE60
x-served-by: cache-hhn11563-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.reportdoor.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 254 B
741 B 39ms
39ms Image
image/png 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Requested by: Host: www.reportdoor.com
URL: https://www.reportdoor.com/microsoft-signed-a-driver-loaded-with-rootkit-malware/?utm_campaign=microsoft-signed-a-driver-loaded-with-rootkit-malware&utm_medium=rss&_hsmi=136668604&_hsenc=p2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ&utm_source=rss
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
via: 1.1 varnish
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
age: 38
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: Olb+YyDQBKGh7cwueQ5LeIGsXnGNg1fxi90sFl9BDpDVxzFbv82yCyTcgo7/5nBaVt7MgHnSa+E=
x-served-by: cache-hhn11563-HHN
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1624840625.822114,VS0,VE0
date: Mon, 28 Jun 2021 00:37:04 GMT
x-amz-request-id: 5QBDV5MFESKPZMG3
cache-control: private,max-age=31536000
accept-ranges: bytes
content-type: image/png
abp: 59
x-cache-hits: 19

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 20D5 31 KB
9 KB 38ms
37ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 3f60136ad6dc07aee0847a93e1f3697243c8ff5492b43b31696a7744d3666269

Request headers

Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 28 Jun 2021 00:37:04 GMT
Content-Encoding: gzip
Last-Modified: Mon, 14 Jun 2021 16:13:39 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=44171
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9274
Expires: Mon, 28 Jun 2021 12:53:15 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 20D5 284 B
536 B 141ms
35ms Image
image/jpg 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?gdpr=1&us_privacy=1---
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&p=15414&us_privacy=1---&endpoint=
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/jpg

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 18ms
18ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210623&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

579e8134ab0848b50abdfea59f756a2593e82c62f047e959f0adf89447f3bfd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 28 Jun 2021 00:37:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8403
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Mon, 28 Jun 2021 00:37:05 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 997C 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reportdoor.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.reportdoor.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Sun, 27 Jun 2021 22:01:06 GMT
expires: Mon, 27 Jun 2022 22:01:06 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 9359
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CEC4 783 B
531 B 15ms
15ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c61183850271506a3cdac7a0d710f763deaefeeb07f5f777d8526ecbd0c6f11d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-nct9fPKawu9QdrVzzKVQYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reportdoor.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.reportdoor.com/

Response headers

expires: Mon, 28 Jun 2021 00:37:05 GMT
date: Mon, 28 Jun 2021 00:37:05 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-nct9fPKawu9QdrVzzKVQYQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 DbygjneaO4DVyaaVGwd-ToFDSMFkJodatxAyqShhIKw.js Show response
pagead2.googlesyndication.com/bg/ Frame 997C 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DbygjneaO4DVyaaVGwd-ToFDSMFkJodatxAyqShhIKw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dbca08e779a3b80d5c9a6951b077e4e814348c16426875ab71032a9286120ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 27 Jun 2021 09:15:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55324
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5767
x-xss-protection: 0
last-modified: Tue, 22 Jun 2021 16:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 27 Jun 2022 09:15:01 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 16ms
15ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210623&jk=2295971237957141&bg=!2dql2p7NAAYo4NJEKOA7ACkAdvg8WmcbSXjWKLctMT0EsB2g-xxGVUiwJOXRMm-iz1LKvFmwkQlCPQIAAABvUgAAAA1oAQeZAnaPc3-gInVnH3ANklcGrGa12SMk0gB-gcAuidIQBHwnrBtySA0GDdF1sgkVNub1b9tTJ7XngAU3ej6tOmuG-9k8sMFLUDMQxBDJXfxRzFZwwM3vh_RcG6AsrYyxnoIw82j_CFXoH6WoAA-QBAQ64btiRjKG6RMqDS02as71OW1GqruBwo7LX6zOsljyV3FzU1BK4cnQvnB7RaUfBKjENhJ3TlfzkQ1txaImnfZaJz1ooAqM9nuhNvQgdF33HcOp1rT6CfBsfDX2GTcTrCjdL3WwQwHxd7niME5_7WaOJ6tGfZmvhnqJBtgQktaomRrj4P3XBGLeDboqKVtNX7fs5Rq2HmyWrncCHhwPxdv6R3G4EO0fHT1qlttW1Mer_V2XRCOWG4UUOWUPM6MHHluTycAO5QifxpUCy0SoSDeyUQe-TpIgQs_nQjsY6esLYwX_KYNw64pe35FPwwCcj-OZB0D0H-JrW1tcmZ7ruYPXWMuSC5PncrGaFX7x6_s_ouHIJ6lNkNmGkPOFpj-FfHX6CJH3BpGih8f_UxwpzxdYYd2flg5C0J0b-aSZ1ltzx9rxIztVfidAmJLcy5w3L4-cDN7_EkQ8NBKH8LXKSFacXiDE3mjQr4efHn8bD4r1iZ9XB0aQFHe_gnyXCer5_a7aDLwye45YeiNT9Q1k2wC6kjnMY8LE2jihX52mVhhdo-lZHTMyzweRoMDhQJRrVYLLE6-mGfQhZyDNFydltrLOczzNUKpH44qNrkH4QBRk9FVYv6zY38fMEaZiZT-4QRWhXSSLkIy2wul33J21Uqy6MIhzW3fzsWrCe0sedWMxoIw3qtIpLrz1m68

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 00:37:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 VideoBidRequestHandlerServlet Show response
wf.taboola.com/ 7 KB
5 KB 190ms
190ms XHR
application/json 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=5999075&noaop=5&sortOrderType=0&cb=1624840626918&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=1241&pt=309343038&tz=120&viewable=true&ddast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&dtagid=2415085&dpubid=445025&abtst=adh5c-1_vA!insc_vA!lotc_vA!mprdctdt6_vA!nrlc_vA!smbs!ufm_vG&mPre=0.025&cirf=https%3A%2F%2Fwww.reportdoor.com&en=1&subu=3
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 53615efdd0cc2ae037ffa752ead3ee52d43ef45101dca0ccfaf0cca138ac847d

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

date: Mon, 28 Jun 2021 00:37:07 GMT
content-encoding: gzip
access-control-allow-origin: https://www.reportdoor.com
machineid: 1455
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-hhn11563-HHN
pragma: no-cache
server: nginx
x-timer: S1624840627.938760,VS0,VE155
vary: Accept-Encoding
content-type: application/json;charset=utf-8
via: 1.1 varnish
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
accept-ranges: bytes
link: <https://ioms.bfmio.com>; rel=preconnect,<https://search.spotxchange.com>; rel=preconnect
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK getmu Show response
ioms.bfmio.com/ 49 B
647 B 116ms
116ms XHR
application/xml 34.198.78.234
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/OvaMediaPlayer.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.198.78.234 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-198-78-234.compute-1.amazonaws.com

Software

Resource Hash

ed8a3320b85003e4acda56beba20a58f9d931cbabc95024476a99be054813fe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding, User-Agent
Content-Type: application/xml
Access-Control-Allow-Origin: https://www.reportdoor.com
Access-Control-Expose-Headers: location
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
transfer-encoding: chunked
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 212394 Show response
search.spotxchange.com/vast/2.00/ 67 B
1 KB 48ms
48ms XHR
text/xml 185.94.180.123
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/vast/2.00/212394?VPAID=js&content_page_url=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F&player_width=700&player_height=393&cb=R0.1624840627125&content_id=main&playtime=60&custom[content][]=IAB1&custom[pub_lang]=en&schain[schainobject]=1.0,1!taboola.com,1305601,1,-1401699283&gdpr=1&gdpr_consent=&us_privacy=1---
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/OvaMediaPlayer.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.123 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: 78e958d620d6e40a19e424eee3a9b23932cd9bfa4d7f736442048777d203052d

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

Date: Mon, 28 Jun 2021 00:37:07 GMT
Content-Encoding: gzip
X-SpotX-Timing-Transform: 0.000274
X-SpotX-Timing-SpotMarket: 0.009541
X-SpotX-Timing-Page-Mux: 0.000246
X-SpotX-Timing-Page-Require: 0.000330
X-fe: 041
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000025
Content-Length: 77
X-SpotX-Timing-Page: 0.016963
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.003712
Last-Modified: Mon, 28 Jun 2021 00:37:07 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Vary: Accept-Encoding
X-SpotX-Timing-SpotMarket-Primary: 0.009541
Content-Type: text/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.reportdoor.com
X-SpotX-Timing-Page-Misc: 0.002824
X-SpotX-Timing-Page-Exception: 0.000000
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000011
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 OpportunityServlet Show response
am-vid-events.taboola.com/ 1 B
123 B 136ms
65ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-vid-events.taboola.com/OpportunityServlet
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

access-control-allow-origin: https://www.reportdoor.com
date: Mon, 28 Jun 2021 00:37:09 GMT
access-control-allow-credentials: true
server: nginx
content-length: 1

POST
H2 204 visible Show response
trc.taboola.com/reportdoor-reportdoor/log/3/ 0
84 B 98ms
98ms XHR
image/gif 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/reportdoor-reportdoor/log/3/visible?route=AM%3AIL%3AV&lti=deflated
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 65
pragma: no-cache
date: Mon, 28 Jun 2021 00:37:10 GMT
via: 1.1 varnish
server: nginx
x-timer: S1624840631.585541,VS0,VE65
x-served-by: cache-hhn11563-HHN
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://www.reportdoor.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: image/gif
x-cache-hits: 0

POST
H2 200 VideoBidRequestHandlerServlet Show response
am-wf.taboola.com/ 7 KB
5 KB 88ms
87ms XHR
application/json 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=5999075&noaop=5&sortOrderType=0&cb=1624840633716&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=3&pv=1241&pt=309343038&tz=120&viewable=true&ddast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&dtagid=2415085&dpubid=445025&abtst=adh5c-1_vA!insc_vA!lotc_vA!mprdctdt6_vA!nrlc_vA!smbs!ufm_vG&mPre=0.025&cirf=https%3A%2F%2Fwww.reportdoor.com&en=1&subu=3
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: b204c120b7d9bd9c9f017724a6f40f44fb3b54af120cfc66d77cb66c6295904a

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 00:37:13 GMT
content-encoding: gzip
server: nginx
machineid: 1469
vary: Accept-Encoding
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reportdoor.com
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
link: <https://ioms.bfmio.com>; rel=preconnect,<https://search.spotxchange.com>; rel=preconnect
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK getmu Show response
ioms.bfmio.com/ 49 B
652 B 117ms
116ms XHR
application/xml 34.198.78.234
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/OvaMediaPlayer.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.198.78.234 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-198-78-234.compute-1.amazonaws.com

Software

Resource Hash

ed8a3320b85003e4acda56beba20a58f9d931cbabc95024476a99be054813fe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding, User-Agent
Content-Type: application/xml
Access-Control-Allow-Origin: https://www.reportdoor.com
Access-Control-Expose-Headers: location
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
transfer-encoding: chunked
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 212394 Show response
search.spotxchange.com/vast/2.00/ 67 B
1 KB 51ms
50ms XHR
text/xml 185.94.180.123
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/vast/2.00/212394?VPAID=js&content_page_url=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F&player_width=700&player_height=393&cb=R0.1624840633826&content_id=main&playtime=60&custom[content][]=IAB1&custom[pub_lang]=en&schain[schainobject]=1.0,1!taboola.com,1305601,1,-1401699252&gdpr=1&gdpr_consent=&us_privacy=1---
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/OvaMediaPlayer.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.123 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: 78e958d620d6e40a19e424eee3a9b23932cd9bfa4d7f736442048777d203052d

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

Date: Mon, 28 Jun 2021 00:37:13 GMT
Content-Encoding: gzip
X-SpotX-Timing-Transform: 0.000259
X-SpotX-Timing-SpotMarket: 0.011162
X-SpotX-Timing-Page-Mux: 0.000275
X-SpotX-Timing-Page-Require: 0.000360
X-fe: 038
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000028
Content-Length: 77
X-SpotX-Timing-Page: 0.018837
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.003964
Last-Modified: Mon, 28 Jun 2021 00:37:13 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Vary: Accept-Encoding
X-SpotX-Timing-SpotMarket-Primary: 0.011162
Content-Type: text/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.reportdoor.com
X-SpotX-Timing-Page-Misc: 0.002778
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000010
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 OpportunityServlet Show response
am-vid-events.taboola.com/ 1 B
122 B 40ms
40ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-vid-events.taboola.com/OpportunityServlet
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

access-control-allow-origin: https://www.reportdoor.com
date: Mon, 28 Jun 2021 00:37:14 GMT
access-control-allow-credentials: true
server: nginx
content-length: 1

GET
H2 200 sync Show response
am-match.taboola.com/ Frame 2D95 540 B
625 B 37ms
36ms Document
text/html 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/29_9_1/infra/cmTagFEED_MANAGER.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: 9deed26ee0dfda69edfc3ad20c367e086cec39853b5a13e6312279be70757da3

Request headers

:method: GET
:authority: am-match.taboola.com
:scheme: https
:path: /sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.reportdoor.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.reportdoor.com/

Response headers

server: nginx
date: Mon, 28 Jun 2021 00:37:24 GMT
content-type: text/html;charset=ISO-8859-1
machineid: 3401

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 2D95 70 B
264 B 83ms
82ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 00:37:24 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

rtb-h Show response
sync-t1.taboola.com/sg/spotx-rtb-network/1/ Frame 2D95
Redirect Chain

https://sync.search.spotxchange.com/partner?gdpr=1&adv_id=8532&us_privacy=1---&redir=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fspotx-rtb-network%2F1%2Frtb-h%3Ftaboola_hm%3D%24SPOTX_USER_ID%26orig%3D...
https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=fb7a909c-d7a8-11eb-8e27-169e7f670006&orig=video&us_privacy=1---

0
255 B

35ms
35ms

Script
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=fb7a909c-d7a8-11eb-8e27-169e7f670006&orig=video&us_privacy=1---
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.40.0.134:10213
date: Mon, 28 Jun 2021 00:37:24 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 14409

Redirect headers

Date: Mon, 28 Jun 2021 00:37:24 GMT
Server: nginx
Location: https://sync-t1.taboola.com/sg/spotx-rtb-network/1/rtb-h?taboola_hm=fb7a909c-d7a8-11eb-8e27-169e7f670006&orig=video&us_privacy=1---
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 142
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 2D95 43 B
145 B 35ms
34ms Image
image/gif 3.120.52.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
Requested by: Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&excid=22&docw=0&cijs=1&nlb=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.52.76 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-52-76.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://am-match.taboola.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 00:37:24 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

POST
H2 200 VideoBidRequestHandlerServlet Show response
am-wf.taboola.com/ 4 KB
3 KB 76ms
76ms XHR
application/json 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://am-wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=5999075&noaop=5&sortOrderType=0&cb=1624840644930&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=4&pv=1241&pt=309343038&tz=120&viewable=true&ddast=V7x7sCFgNlUvkYp03YOwRlUvkYp03YOwUAAAAGBvQHGjYjcTgjDos02axmo81wshuMBpvJZDEYgobNSBzOiMMiTTar2WgzXIxGy-VgMBwOpvBhLJfJoBZIWGa_76CgnJ4es8sgKrreFrvDafa8IQpNp8Pnutfrfr-75GX4W04nv99y1_jdfrXTY_l7_jbTW_P02V0mt8ItsjxtL8tb7HeYXCa37mk6uiV_v-nrNL3VDrPvYXn55QAAAADwALCVOA7xAwgAEAEAAAAgAQAAAEARUPFvIXABAAAAgAGQwHmtAaDDcYB-y-dl9_wDAOChAAQAQACDBMBAOawEgCS7_QQAAAAAAAAAgOX___8_ZqB-elBmAF94swfgwQfggaggr4gRAAAAgJQZxfrRpE6oLKoAAAjSrQCuAAAC9KAYquDDAAAAAsYW6GHx-80Ou8bvdhkAAAAAAAAAgNn_2T-a0BccaVpQh_Cj2i8gAMDaLyAAAJu6AQC8CcAFHUErBoPVBcTsAAAAAO7-____9UBgsJqsRgvnaGRcjgaj5WgzmrlWK9_KsLKsLA7P9vjEKzmV6W6K-0KEZfb7DgrK6ekxuwyiouttsTucZs9BfNAwLCeDYH4TthitJpPNcjhbLiaD4Wg4Gu1PAJcDnIjBcjmZLCa71Wg12gx3o9lggQIxmOCEDEebyWq0W-0my-FkNJptJhukaNVqNtoMhqvZZLbbrYaD4XI0QorWLGaTyWI2Wu42g-VkNBhOhkOEGd_IsXJNVmvJZGVbizaOhVvhHM3cGptxMBsuRiPbxLMWvT6m38iynFlWXhQMUNqL4CKdSF6Gv-V08vstb8nL8LecTn6_5SKWaE4W6UR22RcGq8lqtHCORsblaDBajjajmWu18q0MK8vK4vDsO76RY-WarNaSycq2Fm0cC7fCOZq5NTbjYDZcjEa2iWcten1Mv5FlObOs_I3ZZDQcDWaTyb4xm4yGo8FsMtl36Azf1eds9ExGQ4_NVnueHbKZ-aBwGSzen2p1jX5HB93Zd3TKtIdlQWe07lw3r0HhOXhM4-Wtdixvn830cZhQxBLB6SKdiF7G00UskTwt0olkNjFuDJvFaGJyTRbL2Wxk8dhMho1zYjGMFpaVRSxRmi7SiV7t9Fj-nr_N9NY8fXaXya1wiyxP28vyFvsdJpfJrXuajm7J32_6Ok1vtcPse1heFvUfG3AyVwwmc8lgLtmsVgkAAAAAAAAAYAlz5k0AAAAATgMarQaT1XIBJtgDdIFBAAAAAAAAihs_rpCX4W85nfx-y1vyMvwtp5Pfb7kywMT6P_NmzwSxVqtlDQAAIIANAAAQwK2btwBORg4!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=7&ft=0&pb=0&pagg=1&sd=undefined&dtagid=2415085&dpubid=445025&abtst=adh5c-1_vA!insc_vA!lotc_vA!mprdctdt6_vA!nrlc_vA!smbs!ufm_vG&mPre=0.025&cirf=https%3A%2F%2Fwww.reportdoor.com&en=1&subu=3
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/OvaMediaPlayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: 1bec84f19bc8af34d67b4c681ec91477a31de850b956cc6a27fc28e1d581bdfb

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 28 Jun 2021 00:37:24 GMT
content-encoding: gzip
server: nginx
machineid: 1480
vary: Accept-Encoding
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.reportdoor.com
cache-control: no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
link: <https://search.spotxchange.com>; rel=preconnect
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK 212394 Show response
search.spotxchange.com/vast/2.00/ 67 B
1 KB 45ms
45ms XHR
text/xml 185.94.180.123
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/vast/2.00/212394?VPAID=js&content_page_url=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F&player_width=700&player_height=393&cb=R0.1624840645011&content_id=main&playtime=60&custom[content][]=IAB1&custom[pub_lang]=en&schain[schainobject]=1.0,1!taboola.com,1305601,1,-1401699221&gdpr=1&gdpr_consent=&us_privacy=1---
Requested by: Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/vPlayer/player/v12.4.1/OvaMediaPlayer.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.123 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: 78e958d620d6e40a19e424eee3a9b23932cd9bfa4d7f736442048777d203052d

Request headers

Referer: https://www.reportdoor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: text/plain

Response headers

Date: Mon, 28 Jun 2021 00:37:25 GMT
Content-Encoding: gzip
X-SpotX-Timing-Transform: 0.000294
X-SpotX-Timing-SpotMarket: 0.007210
X-SpotX-Timing-Page-Mux: 0.000213
X-SpotX-Timing-Page-Require: 0.000359
X-fe: 082
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000023
Content-Length: 77
X-SpotX-Timing-Page: 0.013671
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.003115
Last-Modified: Mon, 28 Jun 2021 00:37:25 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Vary: Accept-Encoding
X-SpotX-Timing-SpotMarket-Primary: 0.007210
Content-Type: text/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.reportdoor.com
X-SpotX-Timing-Page-Misc: 0.002448
X-SpotX-Timing-Page-Exception: 0.000000
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000009
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: images.reportdoor.com
URL: https://images.reportdoor.com/image/99/5by4/2018/11/02/99c7f9ac6c2c5d3aa6f0e868c1c42b16_xs.jpg

Verdicts & Comments Add Verdict or Comment

269 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.taboola.com/	1970-01-20 04:06:16	Name: t_gid Value: be2b6fcf-73bf-47fa-bec2-ea51c85020b6-tuct7d29f30
.doubleclick.net/	1970-01-20 04:42:16	Name: IDE Value: AHWqTUlSzrzXiy4HkDjJaF4LYmnzyZhQyopAuNpkcoxKvhE6UYJ-KdMkBl-mSrx6PiU
.reportdoor.com/	1970-01-19 19:20:40	Name: _gat_gtag_UA_164811841_1 Value: 1
.reportdoor.com/	1970-01-20 04:42:16	Name: __gads Value: ID=1fe5c9f4679fd437-227f69fd6cc8001a:T=1624840622:RT=1624840622:S=ALNI_MZTGGP7i0ZvLG_YY9KEFJFO16Phxw
.reportdoor.com/	1970-01-19 19:22:07	Name: _gid Value: GA1.2.1487932846.1624840622
www.reportdoor.com/	1970-01-20 04:06:16	Name: trc_cookie_storage Value: reportdoor-reportdoor%253Asession-data%3Dv2_005254a94d894049434f55e7e0e2eba3_c7d1e525-22e6-4c1a-a94f-cf806814d6b3-tuct7d29f2e_1624840622_1624840622_CNawjgYQgdhPGM-msYClLyABKAEwOjj5twhAnYoQSLva2ANQuNkMWABgAGixr-m1yv33zq0B%7Ctaboola%2520global%253Alocal-storage-keys%3D%255B%2522reportdoor-reportdoor%253Asession-data%2522%252C%2522taboola%2520global%253Auser-id%2522%255D%7Ctaboola%2520global%253Auser-id%3Dc7d1e525-22e6-4c1a-a94f-cf806814d6b3-tuct7d29f2e
.doubleclick.net/	1970-01-19 19:20:44	Name: DSID Value: NO_DATA
.reportdoor.com/	1970-01-20 12:51:52	Name: _ga Value: GA1.2.906259880.1624840622

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	debug	URL: https://go.recordedfuture.com/e2t/tc/VX7T9Q85WqZFN90smMnKhZwsW5SJqyG4tkXxXN4vJDMk3hkBZV1-WJV7CgDjQW8qVK4N9bphhYVSJ-jd6TQMFyN8NkBcyYY8LyW8gH1Nt92GxTZW5BwBDR4Zy__GN1YPb73FFXtVW1F5q9n6G-zgtW4LWjHL4GkP0ZW5BWl123Gbr2PW1cx-fv2rk3T3VSq7pZ2F3d59W9bYjlR15QVqFW3zmRFY8CD0PQW558v1t18t_PNW15cc3p339mC1W4sY-Ns4q04t-W26hbPl7_w2M2W19Hqsq5NTdnjW6103JV3FfRQ_N8lkxHGzcJmZVqf2GF2GszSPW4lNXM89535nhW7YgXL12cmCRnW4hFhMB4LyG0TW35n9tL6Z7bJrW6rTn4w4mF0b1W3zwQ3_7bxrVTW2S1kn32VmMlXV8nXMx46qp6CW8nlhz48Rld4r33LM1(Line 13) Message: toS
console-api	log	URL: https://www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-header-b5121f49.min.js(Line 51) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	warning	URL: https://www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-header-b5121f49.min.js(Line 48) Message: jQuery.Deferred exception: Cannot read property 'getItem' of null TypeError: Cannot read property 'getItem' of null at HTMLDocument.<anonymous> (https://www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-footer-600d28e6.min.js:1:6000) at e (https://www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-header-b5121f49.min.js:48:30005) at t (https://www.reportdoor.com/wp-content/cache/wpo-minify/1624650763/assets/wpo-minify-header-b5121f49.min.js:48:30307) undefined
console-api	info	URL: https://cdn.ampproject.org/rtv/012106141722000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2106141722000 https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3693039101&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622191&bpp=1&bdt=226&idt=189&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=1434&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=OFXIePGboS&p=https%3A//www.reportdoor.com&dtd=199
console-api	info	URL: https://cdn.ampproject.org/rtv/012106141722000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2106141722000 https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3511443799407499&output=html&h=280&slotname=2385331166&adk=1560419018&adf=3062132285&pi=t.ma~as.2385331166&w=810&fwrn=4&fwrnh=100&rafmt=1&psa=0&format=810x280&url=https%3A%2F%2Fwww.reportdoor.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1624840622192&bpp=1&bdt=226&idt=279&shv=r20210623&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C970x280%2C810x280%2C810x280&nras=1&correlator=5391867972087&frm=20&pv=1&ga_vid=906259880.1624840622&ga_sid=1624840622&ga_hid=1401565&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=310&ady=2772&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=3&pvsid=2295971237957141&loc=https%3A%2F%2Fwww.reportdoor.com%2Fmicrosoft-signed-a-driver-loaded-with-rootkit-malware%2F%3Futm_campaign%3Dmicrosoft-signed-a-driver-loaded-with-rootkit-malware%26utm_medium%3Drss%26_hsmi%3D136668604%26_hsenc%3Dp2ANqtz-_h96L5jK60dnTvlGQ5hkxNjvfZGxS_vncGmDk-FWwTcFzNSxFOKhvSiV6MIoAEKcgDqED0NHaFSelc7RGKeyF5cLgBtQ%26utm_source%3Drss&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=5mtL2pqyhx&p=https%3A//www.reportdoor.com&dtd=282
console-api	log	URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js(Line 3) Message: Dynamic Translation load is enabled but response is missing the map. Using embedded solution
console-api	log	URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js(Line 3) Message: Exit TRCRBox.loadScriptCallback(retry=0): no items in response - thumbs-feed-01
console-api	log	URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js(Line 3) Message: Exit TRCRBox.loadScriptCallback(retry=0): no items in response - organic-thumbs-feed-01
console-api	log	URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js(Line 3) Message: Failed to load thumbnail https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.reportdoor.com/image/99/5by4/2018/11/02/99c7f9ac6c2c5d3aa6f0e868c1c42b16_xs.jpg for item=-3111115507775707914, loading https://images.reportdoor.com/image/99/5by4/2018/11/02/99c7f9ac6c2c5d3aa6f0e868c1c42b16_xs.jpg thumbnail instead
console-api	log	URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js(Line 3) Message: Failed to load thumbnail https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//staticg.reportdoor.com/editor/2021/06/59137-16245558435595-800.jpg for item=-6653143710865009642, loading https://staticg.reportdoor.com/editor/2021/06/59137-16245558435595-800.jpg thumbnail instead
console-api	log	URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js(Line 3) Message: Failed to load thumbnail https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//staticg.reportdoor.com/close.svg for item=4409964196092034292, loading https://staticg.reportdoor.com/close.svg thumbnail instead
console-api	log	URL: https://cdn.taboola.com/libtrc/impl.20210627-5-RELEASE.js(Line 3) Message: Failed to load thumbnail https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_160%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.reportdoor.com/image/99/5by4/2018/11/02/99c7f9ac6c2c5d3aa6f0e868c1c42b16_xs.jpg for item=-3111115507775707914, loading https://images.reportdoor.com/image/99/5by4/2018/11/02/99c7f9ac6c2c5d3aa6f0e868c1c42b16_xs.jpg thumbnail instead

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

15.taboola.com
adservice.google.com
adservice.google.de
am-match.taboola.com
am-vid-events.taboola.com
am-wf.taboola.com
cdn.ampproject.org
cdn.taboola.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
go.recordedfuture.com
googleads.g.doubleclick.net
il-trc-events.taboola.com
images.reportdoor.com
images.taboola.com
imprammp.taboola.com
ioms.bfmio.com
m.exactag.com
match.adsrvr.org
pagead2.googlesyndication.com
partner.googleadservices.com
platform.twitter.com
search.spotxchange.com
secure-assets.rubiconproject.com
secure.gravatar.com
sync-t1.taboola.com
sync.search.spotxchange.com
syndication.twitter.com
token.rubiconproject.com
tpc.googlesyndication.com
trc-events.taboola.com
trc.taboola.com
vidstat.taboola.com
wf.taboola.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.reportdoor.com
x.bidswitch.net
images.reportdoor.com
104.109.78.125
104.244.42.136
13.248.242.197
141.226.228.48
142.250.185.98
151.101.13.44
185.106.33.48
185.94.180.123
185.94.180.126
199.232.137.44
2.19.35.65
213.202.235.8
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:67fe
2606:4700:3037::ac43:81eb
2a00:1450:4001:800::2003
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2004
2a00:1450:4001:811::2002
2a00:1450:4001:827::2002
2a00:1450:4001:828::2001
2a00:1450:4001:828::200a
2a00:1450:4001:829::2001
2a00:1450:4001:829::2003
2a00:1450:4001:82f::2008
2a00:1450:4001:830::200e
2a04:fa87:fffe::c000:4902
3.120.52.76
34.198.78.234
69.173.144.138
013bec3910ad3d4838f46d1a0095d9e6f0ea3e676e786daf0147dce032b651b6
01a3e95cb9a4970783a229ca81f11858b17e10dc3331b5bcb1c7d60811b82df8
01db466a6f01e93bdecee5b15eb5d6cb650ebc03a0109d4c2feece4cbdc1b745
02dda8e6f5f4912491f3479276a064c48e059843c101b1b75aea03e57fd75fa8
03b76ecad56b72ead740100f70e31447ac1cb41df1d755643d12dc95fb6fd973
06503352984183697b7695de1d989652bc05634c474b958169e92a3b430d9d34
086ee2f424e19a38b1260c62c70f68be7d36ba8df1e0a901d034a260ec86caa8
09c558569b7060c96d91241c587c44b3189094a82493807d78b5be049a022ddd
0d0c5a0e82c987c58e86dccac7b88237fc8d70ab2e917757e48adaa08a2d6cdf
0dbca08e779a3b80d5c9a6951b077e4e814348c16426875ab71032a9286120ac
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0fcc01c0b13c95c1a2e6e7bf789b5ba95e4ef7de3f0b8ef31ae03eb72700bf12
11d4d3ec878fc7b8a6ca2fb899d27ee232204e1325d1929db6baec1b96928cf8
133bd833f5e17406472a3ff91bf00f004dd61a0043a0f1971a349830b8fe6432
14eb457f7e0dffb50280fc147d2e1ac2b7cbb5705e42484a792b7960bd4ff61e
173f455d47754c1069234e9a72ea304ed3c631a68ad2b0a1148e9a4421396e9f
1744aa42e617eb4af823391ed6ca00f1d2684f74db5f0519116ab4d9fffa6fed
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1b0be9efbe443d060022e33c9432a504923ccf16d2e834248ebf824913e220b9
1bec84f19bc8af34d67b4c681ec91477a31de850b956cc6a27fc28e1d581bdfb
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1d1b208f920331804c35ce111ba9ba0a6fbb6fc05b79c5cab88fdaad758a18be
1eb4ba8b4438a9e307afa195311ce88638a3deae2da3cae568c4b4cb449365a0
20b3bad1427e2212dd847357841f993f025b5061c4af1d382dcc727e102cc1e4
249e602194d53761ebd09bfee83388909795781a86ba7734dd1ecc341064a6b3
24c1f51786d4f453461eccaadf1df4f6e7443ff146666a99cc28344202088556
26c5d858bb753718f28cbf31527c7af12cc9a290e0943a6a4ce58d02507c3711
27ea74dfb4a30a347127033f5d7b36b3ede2dcb0a496d0b34f5043068b944006
294068d5ec91e5bbd0b74f177d18eb12b7bcdddbcb85b701eea17ddd551e0a8d
2b4b9234f08a05464a2a693ae4ba584825cb35ddbac0a0a91c74c56eee6006f3
2ef7807f50d4c45a2a9e435fac2127b8400743a3031ec2a6a36c706705f09c06
2fd7bd1726f4e978bfff408bf5fc4494ba0861c4dc54a484eef637539f9e89b7
300f248a22b396c0024c144d3ba0a975a92fb59789969ce8265bf4de96a06b04
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
33c461af5ae3bf5418718807119a21e4c62f8c5bfbbda518f449161b92b8884c
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36d88e845212440d76560db95ec0445b7a530069c0ccc56a1a224641897b0efd
3742b0c9042bd5c823160c3fce69eb156b8e3f63be55dd7ab9e33a8660a18b0f
39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618
39e61cbb0dfe7a9968b88026e29d8a44949167934a0074498ad5dc18529bbe76
3a564cbbf3c924e1085480876d59fd2d773a652f3f20eeda8dcf37603003e35c
3ad03ae4c99808477308cea2f49c653489bda6a1c354559d7df4b3dfe512a407
3adc584fb0bef1fbf9b1c0ecddde5727643b4334c734db78b517ab112d92e1d8
3bb4796ad532e32f7a18da4e837d0165442783006590a72bec30bbbabfea1599
3ede392f58143e254f9b4c60c6226c553d378332d3f2076d80e0b7cb295c1b82
3f60136ad6dc07aee0847a93e1f3697243c8ff5492b43b31696a7744d3666269
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
42d512369f48087bfe65d7c1c5c051c1b731e67087a4e9d1ee560cb367d5562e
45438ac938e6613185f4cec0aac33ce6946e88ece9ffd9f916859e08d6509454
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
4c59eab430881aa1a70b824e19e8b913f4e2e1206b107fdbc75703587a90f6cf
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
50cb2d58c5157144fedbc5fc3f5748d04716e0c2b77e46dd28fa8aeaa7adf011
53615efdd0cc2ae037ffa752ead3ee52d43ef45101dca0ccfaf0cca138ac847d
545995b05ab1947e4a3c2cca73c747b7faf2d0c397894d4adf52c13dc9738579
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55b50d801b8502706ea91f90c83eb08253f16eb27bc83c6f4047af3655eed6ff
55b7ccc66c65c50f00e31d89611caa1a807a67156941e164410aba6645dabc5b
56b72a82f7d6ad45158f432332f75f18b7b5dca700337772ba6c520437dd7d9e
579e8134ab0848b50abdfea59f756a2593e82c62f047e959f0adf89447f3bfd1
5b497b3dea8511b361da644850f9a576c982e26ce7b18754c5c82f50f4049024
5bbc26192d559ed6abfb9b0bfd88369d9a5ee210d4f3aea66508bfb19a00e76e
5d5c1ed77b99d3f67ef7d419e1d6d78a663d8cac3668749252aa85c88cdef8fe
5e3ebe8564a8a62361ece8eaf0f6b21fee39df4d2eea24ee965a476bbfe6633f
5e4efc6223c74b0c496ade40c20a3960ed76a64cb0b329968d433837e203e3a0
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
6287b8c51fffc3aad351010997bb0a69e52173df88b7d61971b104658d6dfc3d
62e20cbfd29f2ccf2ebeecbcd5d8a7121e92e63b60d5dcd09de41780aba5b38a
63e3365993c921267712645f738f77e722ef82460c8c47a6fcf84393c18e9f0a
647ca45d692bd1f1361c49c442dd87c7cfdea9ed5fbcb2a1ae05b7c9d12c09c6
658e2863570da76a06509e48a6f6465d4038d3d344283ed6f80a2dbb55026e96
681c198eade37eaf120ca67437e24c57285f771bf45c6552a56fb2708608de17
6ab7998fc117e222538bd1b982bc8bb4f3fcdd777874669f9d846f675e98bc0e
6b514da2aed798bb9c409b346194c0e2b38edfd554f412e4af2717892f5300ff
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bd7f50eb2089e7d871cd54fb4119c74b71f94c3899a44eeda6afeeee2fac3d4
6f1b2725a2a8bb756181e2db3f72c70560ed54473fb0bec4e0f51018b10ebb86
6fe77418e833f1ddfcf701ba7b6ebbd24efd2e93bce56065e0f1e711b1d829f8
70c35597c9d6b9c105dd47541b0adef7f38f065e9f815dfe6ba209a16aceb34b
73a783d2e5f778e1af41cc4126dfea9956cf43a518e2707658c0200c93765527
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
750886f5831d04d4acd8d059d5741a41f5d71f5e843a82a8acddd753385dea1e
753f6ba4548243a04d1aadf37418d15e535a8159ce6a1f6a303e33f8dc940f67
7848f54620ef0569b6e3a0769e23ce0462496073e0bad06be8ebd9ed1d19815f
78e958d620d6e40a19e424eee3a9b23932cd9bfa4d7f736442048777d203052d
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8243110d46b6e00133bc81f626801e1aaa8f1785a987bd155a58bc7e222d5d44
82fba5f2a3814f5a06b59a3a4a84d9edc1145d1ca57d54ccf321ce03af57bb9a
8475c7fe1f246af800a01160b65007c6e1d3be8443750d12620769b95f93cafd
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dd97efc387502e004e4b57aef50efed41f06e3ab1b11026367c2043406aebbb
8ef1ed69f675387b64ca365d659c14c972a3b593199552c020017cc9e6ceacfe
8f603faf967f72584b8facd94d742aca30712b21f7ef57ec3b867e3b8302361b
92857904df325afe1f29a64b2382eb7df89626a03d79bd16be4dac1296c3aef1
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93c3caa42ac8ebcf19a38b8865d1d0eb33a782f9e952b15368b2f0f584d068e3
9448f7c3bd336008d83d3e4730ac005be651a3a39ade1d36ebb29b5be9201235
94b79cad4e07f66d8ea6c328e5f877f7619a1e64417bb63a6e98031fad40ebf3
99e0a173ac96cd66cb5e6ade9a6a97f53262d4a883d3427e1b52062882582827
9deed26ee0dfda69edfc3ad20c367e086cec39853b5a13e6312279be70757da3
9e36f48120b748ca10f6efeb242a7cdbd118a72f0e40b3812a5f3dbe286de818
a1269314eda896a7c2481e41266266733d48f95f5077d9322e11319da1dfc3ae
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a2f2549d8026075374e4142efd027243975416bf5a1d936425eb9a0e684ab05f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4c5293b6d3910a71056b1b381e3a68cea97df3785943308be17c214ee548fc5
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a7eb2a66ea4e53f8671205abc2ba3efddfdade1826260f1e016b138a600ab3aa
a89d9de3ddbc5fd21795f18b54e89da31ea1a6762c3d0962ff682c30c27e5de3
aa2955d5dd4ce4ef2924082a05a9a5e3651f57847c291d0b39106be6c72ff911
ab8bbbaf028510d8b119cce741f0c2cc94816dcc113d83cac81a6aade6a76fa9
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b030b56b5b07381ddd0bf9930da8789c111785afa70fc3cebff0f2705548502a
b204c120b7d9bd9c9f017724a6f40f44fb3b54af120cfc66d77cb66c6295904a
b34ae8bfda88f1dfb002a68bcf9a6bad17ead96bd1d2fe310900461a979f6971
b35a4ef06e319281153f0f4b026996a350853075e70204a388d524eab724433f
b51423401412ab5d2fec98015b6892087f95d633507fb7a047e9851abb23f221
b6d60961d9c8e0ad56dd23efd745f55f8cd3a43d2e05439df285c15d0c5995a6
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bcbd348ad69f6ad4b2441babe861fab42c1fe7689241fda05af5dd721da5d6e2
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
be80965f33e3bc21234fd633981cb83847d5671502225af1ef40bc46c1d80f02
beebd35392dbf9b8d88ce3454bc536b3a6a38f71f90628c0f227354e94cbb3a9
c61183850271506a3cdac7a0d710f763deaefeeb07f5f777d8526ecbd0c6f11d
c961b8fdc7dca2dc983386c8ea16b4cea72b3e8706f8698ddf4d994548d6630d
c969efceff108562296b3425ced4ae3921ebf7baf40958c4b500c7d075ae350a
c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916
d10bfad757ebad3e5250a813741d2e98dde085d3dee974beaa2fd5b3d8c76f21
d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa
d24b1df799ea526a7b7f7e7c65855831ba773d802b504e5ea8758e998d454118
d4438fb57a9210392c94d36ff96cbe2510eb53c2af9d62d7f980bf5088c14688
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d9a8f892fbc84d6225b1233e98eedb3bca1f874cbdb28ef732f1c20b51011fa7
dc3f59ce5edc881b9033460496b43654c6140684b0183ad99d3ed700efbc809d
dc45ed9f7350510b142ce360983d7465d798ff703c6670de148ef33128de2b4d
ddb904dd34fad2b04d556eb4e0d993e6c4866a627b16ccafcb9b2df0742bf5fc
dff7fed207e722efb486f633723e09e08b5fcc7892b667641339627b67360f11
e0688c1695f53db5945da223ae206cc8c7c1810c432492876c69fcd150212b41
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5016b08987573a95bf81768da90217fc6d3a0f2c13424c8b542580cd045986b
e9d488ec59f7c479d016bc6515a84294ccb34e7a031895e6684f1d22b2e0aed8
ed8a3320b85003e4acda56beba20a58f9d931cbabc95024476a99be054813fe5
ed919aae0e6c47f91a64377ebadfa127e0973fc2d2111fc24167621b8b2665e7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef23bc9af65285512125db6ec7866dd22b88eb76160b765b05c2fdc80e2ea2a8
ef8c5caef430107e5e8c11836f244e6eed112a40452684727b0759ae10cb66fe
f02f2887d333d03d1348188319141be7847e8fa0f9780976b9d60343f908a023
f0300d29f5d9bc5f1a48446cab7720de0006fa2d52a18c8ac99cc9706bb120e8
f0671afc074a69219c31a43b75690d16ccef151aff84fdbd8f404e7136670321
f60c4600705d04f5c55db54f646fec728f9458c4fbba35adb4ac114077cb2391
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f6bae4ca156e482e18674459dea607744f46e2dece6a47d3b3672f1814596ff7
fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549
fc79659c1fc6025c80092ab2d97ff6b5cf56253645a7076aa8a3e8ed43b821ab
fca5cec0bdc0787ce020b593c4c5ea124537c76969b5cf17c09c218ccc17fac0
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995
ffb4bad80228d02f74cd9a36e1298e9346831800ae59c168371d4ed5ef087615

www.reportdoor.com Open in urlscan Pro 2606:4700:3037::ac43:81eb Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

228 Requests

98 %HTTPS

52 %IPv6

22 Domains

42 Subdomains

30 IPs

5 Countries

3773 kBTransfer

8404 kBSize

8 Cookies

38 Outgoing links

Page URL History

Redirected requests

228 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.reportdoor.com Open in urlscan Pro
2606:4700:3037::ac43:81eb Public Scan

Screenshot
Live screenshot

Full Image

228
Requests

98 %
HTTPS

52 %
IPv6

22
Domains

42
Subdomains

30
IPs

5
Countries

3773 kB
Transfer

8404 kB
Size

8
Cookies

228 HTTP transactions
4 data transactions