thehackernews.com Open in urlscan Pro
2606:4700:20::ac43:4615 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ejyazl.clicks.mlsend2.com/te/cl/eyJ2Ijoie1wiYVwiOjEwOTEyMSxcImxcIjo2ODY4NDIyNjY5ODkzNzM5MyxcInJcIjo2ODg1OTc0NjY5NDcyNzE3OX...
Effective URL:
https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2...
Submission: On October 13 via manual (October 13th 2022, 2:51:11 pm UTC) from US — Scanned from NL

Summary HTTP 74 Redirects Links 39 Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 11 domains to perform 74 HTTP transactions. The main IP is 2606:4700:20::ac43:4615, located in United States and belongs to CLOUDFLARENET, US. The main domain is thehackernews.com. The Cisco Umbrella rank of the primary domain is 165444.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 1st 2022. Valid for: a year.

This is the only time thehackernews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.91.152.151 34.91.152.151	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
16	2606:4700:20:... 2606:4700:20::ac43:4615	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
2 3	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
74	12

1 34.91.152.151 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 151.152.91.34.bc.googleusercontent.com

ejyazl.clicks.mlsend2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2606:4700:20::ac43:4615 (United States)

ASN13335 (CLOUDFLARENET, US)

thehackernews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 147	370 KB
16	thehackernews.com thehackernews.com — Cisco Umbrella Rank: 165444	303 KB
11	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43	95 KB
7	gstatic.com www.gstatic.com fonts.gstatic.com	114 KB
5	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 78 www.google.com — Cisco Umbrella Rank: 2	2 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 44	4 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 193	140 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 8724	914 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 888	649 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 216	28 KB
1	mlsend2.com 1 redirects ejyazl.clicks.mlsend2.com	325 B
74	11

	Domain	Requested by
17	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
16	thehackernews.com	thehackernews.com
11	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
9	pagead2.googlesyndication.com	thehackernews.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
5	www.gstatic.com	googleads.g.doubleclick.net
4	fonts.googleapis.com	googleads.g.doubleclick.net
3	www.googletagservices.com	googleads.g.doubleclick.net
3	www.google.com	2 redirects tpc.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	cdnjs.cloudflare.com	thehackernews.com
1	ejyazl.clicks.mlsend2.com	1 redirects
74	14

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feeds.feedburner.com
deals.thehackernews.com
thehackernews.tradepub.com
www.instagram.com
t.me
go.thn.li
www.virustotal.com
www.comm100.com
www.crowdstrike.com
www.trendmicro.com
www.reddit.com
news.ycombinator.com
api.whatsapp.com
telegram.me

Subject Issuer	Validity	Valid
thehackernews.com Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh

This page contains 12 frames:

Primary Page: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
Frame ID: B753FB737CF42A7CD0862475D240F36D
Requests: 37 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20190131/zrt_lookup.html
Frame ID: 6E48F4C4604C24BE47AC448A04E8BBF7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246
Frame ID: E3DA0F19ACE7A1FF996167F74481BA18
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1665666994&rafmt=12&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667938&bpp=1&bdt=1286&idt=260&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5389031455779&frm=20&pv=1&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3223&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=cqv85P2nR6&p=https%3A//thehackernews.com&dtd=266
Frame ID: B3240379B68CA5B809A0866C9E3B8DE0
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&adk=1812271804&adf=3025194257&lmt=1665666994&plat=9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&ea=0&pra=7&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667950&bpp=2&bdt=1298&idt=259&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C970x250&nras=1&correlator=5389031455779&frm=20&pv=1&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=268
Frame ID: C38D3075622612286630991C8DA86521
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0C2B8144D0692DBB5830EFB29111A48D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CB8350999B660A18F7AF29ECA4F4F520
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1
Frame ID: 6B2BF9A7E4CED755117794DCECEB81F7
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 97EA74BC8C4327DB03BCDF551106B417
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 62D0A8089A8A89CBF305BE30A9EFDB2A
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/YGBXjHGFrvOS8X60wpRSOm_fLYxf6hdhmLaY3J7KaRQ.js
Frame ID: E47F7304188C493112049E4BFF73103A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 04E2282ABA7ABE164A599502582BB575
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Comm100 Chat Provider Hijacked to Spread Malware in Supply Chain Attack

Page URL History Show full URLs

https://ejyazl.clicks.mlsend2.com/te/cl/eyJ2Ijoie1wiYVwiOjEwOTEyMSxcImxcIjo2ODY4NDIyNjY5ODkzNzM5MyxcInJcIjo2OD... HTTP 302
https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_med... Page URL

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

74
Requests

100 %
HTTPS

92 %
IPv6

11
Domains

14
Subdomains

12
IPs

3
Countries

1064 kB
Transfer

2487 kB
Size

6
Cookies

39 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/thehackernews
Title: 

Search URL Search Domain Scan URL

URL: https://twitter.com/thehackersnews
Title: 

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/thehackernews/
Title: 

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/thehackernews?sub_confirmation=1
Title: 

Search URL Search Domain Scan URL

URL: https://feeds.feedburner.com/TheHackersNews
Title: 

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/
Title:  Offers

Search URL Search Domain Scan URL

URL: https://thehackernews.tradepub.com/
Title: Free eBooks

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/free
Title: Freebies

Search URL Search Domain Scan URL

URL: https://www.instagram.com/thehackernews/
Title: 

Search URL Search Domain Scan URL

URL: https://t.me/joinchat/AAAAADwuDObFWF60CiR-HQ
Title:  Telegram Channel

Search URL Search Domain Scan URL

URL: https://go.thn.li/crowd-h-d

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/6f0fae95f5637710d1464b42ba49f9533443181262f78805d3ff13bea3b8fd45

Search URL Search Domain Scan URL

URL: https://www.comm100.com/customers/
Title: claims

Search URL Search Domain Scan URL

URL: https://go.thn.li/strike-d

Search URL Search Domain Scan URL

URL: https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
Title: noted

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/ac5c0823d623a7999f0db345611084e0a494770c3d6dd5feeba4199deee82b86
Title: flag the installers

Search URL Search Domain Scan URL

URL: https://www.comm100.com/platform/livechat/agent-experience/desktopchat/
Title: updated installer

Search URL Search Domain Scan URL

URL: https://go.thn.li/crowd-mid-d

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html
Title: Earth Berberoka

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html
Title: 

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html&text=Comm100%20Chat%20Provider%20Hijacked%20to%20Spread%20Malware%20in%20Supply%20Chain%20Attack&via=TheHackersNews
Title: 

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html
Title: 

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html
Title: Share on Reddit

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/submitlink?u=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html&t=Comm100%20Chat%20Provider%20Hijacked%20to%20Spread%20Malware%20in%20Supply%20Chain%20Attack
Title: Share on Hacker News

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=Comm100%20Chat%20Provider%20Hijacked%20to%20Spread%20Malware%20in%20Supply%20Chain%20Attack%20%E2%80%94%20https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html
Title: Share on WhatsApp

Search URL Search Domain Scan URL

URL: https://telegram.me/share/url?url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html&text=Comm100%20Chat%20Provider%20Hijacked%20to%20Spread%20Malware%20in%20Supply%20Chain%20Attack
Title: Share on Telegram

Search URL Search Domain Scan URL

URL: https://go.thn.li/IANS-s

Search URL Search Domain Scan URL

URL: https://go.thn.li/devlympics-main

Search URL Search Domain Scan URL

URL: https://go.thn.li/devlympics-native
Title: Invite your developers to the Devlympics secure coding tournamentChallenge their skills in identifying, locating, and fixing vulnerabilities in code, with epic prizes to offer!

Search URL Search Domain Scan URL

URL: https://go.thn.li/webinar-scw
Title: Learn methods for driving reduction in code-level vulnerabilitieswith CEO and Co-Founder, Pieter Danhieux on October 12th, 10AM AEST (Sydney), 2PM BST (London), 3PM ET (New York)

Search URL Search Domain Scan URL

URL: https://go.thn.li/native-intruder
Title: A Step-By-Step Guide to Vulnerability AssessmentLearn how to perform vulnerability assessments and keep your company protected against cyber attacks.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/the-a-to-z-cyber-security-it-certification-training-bundle
Title: <img alt='Learn Ethical Hacking Online' class='deal-link' src='https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiI35PZGxaHZD68Ea5xegPuLeSWEhyoS4eYqzEECWzt64wQRQ7MCPbeGR4qIhBAGbt1XdJ6USs2yeFxr0bqF3mtE9Is_pMyL9cSPtiJtbRAxj3lLfSGBcNqegKYr63rMaD8uJtLT8mHEk4EAaq-AUAxDkfdf42CZfEHUtv_M928jHKaXI2EpWSb-0ti9A/s260-e100/hack.jpg'/> A to Z Cybersecurity Certification Training Get Paid to Hack Computer Networks When You Become a Certified Ethical Hacker.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/comptia-campus-premium-1-year-subscription
Title: <img alt='CompTIA Campus Premium' class='deal-link' src='https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgCP8LsHMCGJ66Sw30XA6l8p0tga-FYZWWXB8yocCCp12NHG1f0ovIFBY5RjuRuiExwLNq8RrXKHLyL5bFXjBb8QUPfLlRKO5bGWKYBcmNM1qUYVAik8mXDEw5gW3jc8tkV8z18vbKFDWb9hnXuPnQINmyfPCn_TAp9v_KHdzVwjfgzTBy-sPkglYelYg/s260-e100/comptia.jpg'/> CompTIA Campus Premium One-Stop-Shop for All CompTIA Certifications! Get 1-Yr Access to Courses, Live Hands-On Labs, Practice Exams and Updated Content

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/ultimate-network-and-security-course-bundle
Title: <img alt='Ethical Hacking' class='deal-link' src='https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEimmKZ26nPjNl2ZjmIlqVtP9X1SaF-1z_fMwY1oRIFZVKV8k9SXIxpo5tWyLQkQ79I4hXOhE3fe5H5SgoANx2zIC6PeOeh-wFumVXXq8GtMF-AhCLTI8TlQ5MEBV9UZAs4mfxcgKn_ZaynBDg3JwJK3dCFewhjYJx3Hd2TK_w8r-lirYQj8yeTWnPyYIA/s260-e100/hacking.jpg'/> Network, Security and Ethical Hacking Your 28-Hour Roadmap as an Ultimate Security Professional — Master Network Monitoring, PenTesting, and Routing Techniques and Vulnerabilities

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/the-complete-2022-linux-certification-training-bundle
Title: <img alt='Linux Certification Courses' class='deal-link' src='https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhtIq4lKc2RybeE8fg8x1hvFqh2nr1cx6Hy0sQaXshQQ1CjwhceehW_AWliIuIzdpv8niYskXwOh4SmHiT5n_eE-ngP90BcTwZMzJClByVrQdc1ZhfQREek1l4sx7_bFDZgEqc1gFjYKxSOVD5KToTX8UMTyVH9_CPQejpwEzizqO4MUisPIS76OsJnxA/s260-e100/linux.jpg'/> Complete Linux Certification Training Know Your Way Around Networks and Client-Server Linux Systems — Techniques, Command Line, Shell Scripting, and More

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/citizengoods-exclusives
Title: Exclusives

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/hacking
Title: Hacking

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/shop-by-specialization-developer
Title: Development

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/shop-by-interest-android
Title: Android

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ejyazl.clicks.mlsend2.com/te/cl/eyJ2Ijoie1wiYVwiOjEwOTEyMSxcImxcIjo2ODY4NDIyNjY5ODkzNzM5MyxcInJcIjo2ODg1OTc0NjY5NDcyNzE3OX0iLCJzIjoiMzNlMjI5NWFmYmFkZDNhMiJ9 HTTP 302
https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 70

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 84

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

74 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request comm100-chat-provider-hijacked-to.html Show response
thehackernews.com/2022/10/
Redirect Chain

https://ejyazl.clicks.mlsend2.com/te/cl/eyJ2Ijoie1wiYVwiOjEwOTEyMSxcImxcIjo2ODY4NDIyNjY5ODkzNzM5MyxcInJcIjo2ODg1OTc0NjY5NDcyNzE3OX0iLCJzIjoiMzNlMjI5NWFmYmFkZDNhMiJ9
https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by...

155 KB
71 KB

743ms
680ms

Document
text/html

2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordPress VIP

Resource Hash

00a2773f339dc1f5ba7dbacf3514d6b1e1e04969dca687fb5b1f81aa7d2a6cd4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, s-maxage=604800, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 7598e432580c9253-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Thu, 13 Oct 2022 14:51:06 GMT
expires: Thu, 13 Oct 2022 14:51:06 GMT
last-modified: Thu, 13 Oct 2022 13:16:34 GMT
link: </css/roboto.css>; as=style; rel=preload;crossorigin=anonymous
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tRvYmz6AN95jRiVm27YwPVnUyka520BIb6DbO8htxPETaPKX%2BpfNW2dy%2BqhGmCZgJy9M68QWXCQM3KFsbOsizKaNbGqopvuQhDy2EJbQAReHlTkJuxxvnM5F3NoJJ7%2BuVmIIN3%2BDlurwWYJFRXCJ"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-forwarded-for: 2001:1af8:5000:a026:5::6
x-frame-options: DENY
x-powered-by: WordPress VIP
x-xss-protection: 1; mode=block

Redirect headers

cache-control: no-cache, private
content-type: text/html; charset=UTF-8
date: Thu, 13 Oct 2022 14:51:05 GMT
location: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2 200 roboto.css
thehackernews.com/css/ 77 KB
57 KB 47ms
47ms Stylesheet
text/css 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/css/roboto.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d8ab8467b889847c12c542bee765afc54acbaff1cc91ce3197ab4f2be8f08ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
Origin: https://thehackernews.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xAZi7Rhn9iK6mqYC6yRlrReW4AXUadsBX9JNSdHBO3WNB5WsoijQM7iz1t6t98KnfnbhgqJOxnNHhCkDO%2F%2BFeBaNdTqcaeUhI1H3z4NWUup3f3%2F0UEZ6DfXgbWYY7uXLugoRSJ2aX0y9qawvJXxS"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, immutable, s-maxage=8640000
cf-ray: 7598e43698af9253-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 chat.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi8cDm09yfBe-cPKNmyKPoIXvb_U-ZTqG_Dbg0dIO0GmlMU8vQPc7DnRUCgBrX7lMiQ0GC38rFQwu-tiXiiFx5QpDOreBUNm47EtayEzVumTE0IhX5n6GChvPnmRabYmGulLdD4duo59kVdy3KUr... 23 KB
24 KB 47ms
47ms Image
image/webp 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi8cDm09yfBe-cPKNmyKPoIXvb_U-ZTqG_Dbg0dIO0GmlMU8vQPc7DnRUCgBrX7lMiQ0GC38rFQwu-tiXiiFx5QpDOreBUNm47EtayEzVumTE0IhX5n6GChvPnmRabYmGulLdD4duo59kVdy3KUr1U0NxstDZiBoBd5kRiS7J1CEAzhCILG6D9iJtCq/s728-e1000/chat.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc66f1fec2b60f562de0ae3a4f1a620eb5da24580991ab7735b0aa76dc32c206

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 247641
cf-polished: origFmt=jpeg, origSize=30953
x-forwarded-for: 35.157.159.145
content-disposition: inline; filename="chat.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23774
x-xss-protection: 0
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v2092"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KH%2By7MA2bhccSuw0Ktr4upcAWvGg9BQSsaKn0FjLCvkJdHF1FYervh7X2j9E0EXpcsNeV3iszT8x6cJBb0LqrYga643nls5m1Dkx9FTvqiRQt6FSLRNSnXFAKS9mCNmsfPV5oyIaw0C8Dq6vIG4x"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-expose-headers: Content-Length
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 7598e43698b89253-FRA
expires: Sun, 06 Jul 2025 18:03:45 GMT

GET
H3 200 code.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhiZ2jLq8lTRwlc3TysILZMHcEBkjdSt970cnQadibfX6yqjWZjfWkrJTPMb9cxavsVsL-LgX4MtFQ1GmhqPAuakygezt0fWaXeakv6mTKmMe9SX3rBT5sumnv996Fns1xupYTC4Gd6xaroLcW1I... 34 KB
34 KB 994ms
994ms Image
image/jpeg 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhiZ2jLq8lTRwlc3TysILZMHcEBkjdSt970cnQadibfX6yqjWZjfWkrJTPMb9cxavsVsL-LgX4MtFQ1GmhqPAuakygezt0fWaXeakv6mTKmMe9SX3rBT5sumnv996Fns1xupYTC4Gd6xaroLcW1IsWH3CnJrbeGn4AArJLFp2uTAbEftChj8BbL8aGo/s728-e1000/code.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9698322e0b5e9cd92215de22cf0edaa65e7f5a1c96d2e3c459f65b8dfb7800f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-forwarded-for: 2001:1af8:5000:a026:5::6
content-disposition: inline;filename="code.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 34569
x-xss-protection: 0
server: cloudflare
etag: "v2090"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZFzvPgGpvOBJlIOY9vT%2BQbHPGu24%2BERcGqBkm3wOXYH1plT96EI4udl2lzcO6u8krmrtQfsKFjvbRyOnWUGwFhPt%2BOGtm0ukRwc2ktwfVFMKzp%2FZIeLhx1C6QyReFnLM4CB1Boy34MrkWS2erzb1"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-expose-headers: Content-Length
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 7598e4370fe991ed-FRA
expires: Wed, 09 Jul 2025 14:51:07 GMT

GET
H2 200 roboto.css
thehackernews.com/css/ 77 KB
57 KB 30ms
30ms Stylesheet
text/css 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/css/roboto.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d8ab8467b889847c12c542bee765afc54acbaff1cc91ce3197ab4f2be8f08ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OR%2FQaWwPUbkGo2DI4rlQnZpjpcXqcVO4dEDXxNaRAErMsrMsgV%2B8osZeEtvAnlh2%2FOFQuD9SZe%2BrDPpp8cnuxW1%2FVwE1C%2BasZwmBjEtSSFuwWiHQWdG%2BMUkNi2HSAdgnhRcInYd2cxUehcTDS%2F5w"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=2592000, immutable, s-maxage=8640000
cf-ray: 7598e436b8f49253-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 rocket-loader.min.js Show response
thehackernews.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 24ms
24ms Script
application/javascript 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Tue, 11 Oct 2022 13:38:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
etag: W/"634571bd-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xVKny6S4Vq77jCIkTptz%2FZtBT%2FbshTENGZGtHbt7G6fqcvX8TZl%2FM2LHnN1hbH9uXtLQDJ1UiCDTPU6trAYdpZQXN1Aq5kzsbHofrKpGPLpGTSeW%2B2BALMBFu%2FjF64zzyo8%2BseBgW9X4RefNf5Jn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7598e4370fed91ed-FRA
expires: Sat, 15 Oct 2022 14:51:06 GMT

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a

Request headers

Referer
Origin: https://thehackernews.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 27 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2361c2c1d43c614215b67d2e3d8bd4123b42442355dac9e1bd8e65cc5822e97c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 103 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 688a1e2444a1171a4cfbc8674c62d53bc663bf35a7825eb3563851e79694411c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 442 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6795c5c8b9b0aeb87d6663ccd7a71fb9d2f2817fe9b5c2e67bce0d5a5e1309a1

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 296 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a25dfb089fa8d0dfe14c6bc6efdb8b7731f89e13e50a57a3d15fdf575375e95c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 290 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 172c87b54b5acb8f1971d2d40a56e6cedeaaeac19075dff492ce399916acd5ae

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 296 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c6c51dafc8bdf4ef6841da2faf4d5d7555393739fd7577d931b0268fe3060a9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 194 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 IANS-sidebar.png
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiMt5DjMT-7QbdJ6rASxjJZCGEVF8iYyxlV4OLf2M_ik3q1g6Yh2tI5fFMSdH8hP4l6vYFxvNNmvfpt_C_5BId0VZZPtiqGliNdXFgqc3IEMYGEVxqcEBF0sRpFZPLV-pX_dL-nYGdOWZdznWYMo... 10 KB
10 KB 91ms
91ms Image
image/webp 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiMt5DjMT-7QbdJ6rASxjJZCGEVF8iYyxlV4OLf2M_ik3q1g6Yh2tI5fFMSdH8hP4l6vYFxvNNmvfpt_C_5BId0VZZPtiqGliNdXFgqc3IEMYGEVxqcEBF0sRpFZPLV-pX_dL-nYGdOWZdznWYMoWZjMKbh9c1QGXVsD-qVL09_ih4p-w9qd-hGrtJ4Dw/s728-e100/IANS-sidebar.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3f81dc01311980bdaf0b2a7fedb64ab72a049c2940b70c2092bb6587795c8a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 58508
cf-polished: origFmt=png, origSize=12147
x-forwarded-for: 147.135.244.201
content-disposition: inline; filename="IANS-sidebar.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9864
x-xss-protection: 0
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "ve486"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v1%2BPlCL3Xf5qVIcJOQbeu5Knv1zELwCQMri5H5KH7Tq5a4L3yLk7u%2BrzOvfQyuNagvHrMONe%2FxdfoqiQROE4B9DNE%2FjHIX%2F1dIGxHoQnNcklSW1%2Bp7kRsZ6g%2BzyAd%2BjRTqWJQOa0D1z3%2BNnAKNKY"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-expose-headers: Content-Length
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 7598e43768bf91ed-FRA
expires: Fri, 20 Jan 2023 22:35:58 GMT

GET
H3 200 phishing.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj3-KQ8w7ei_n-LAkeCEFswG7Woixxv4soLns0au6Hzm7B78vQZF-OMHycmeHbqkDUwmwVPRAU4iQCxjWBU9Tc_6B2IWxIrKc2Ul4E4j9wodZF6AgDufjF6egP2KnK23z_GiG3F691ZFzELl5xc8... 2 KB
3 KB 64ms
63ms Image
image/webp 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj3-KQ8w7ei_n-LAkeCEFswG7Woixxv4soLns0au6Hzm7B78vQZF-OMHycmeHbqkDUwmwVPRAU4iQCxjWBU9Tc_6B2IWxIrKc2Ul4E4j9wodZF6AgDufjF6egP2KnK23z_GiG3F691ZFzELl5xc8GED504Lh8DFKfCKR8gaysQvMztkqYEHt138-LYM/w72-h72-p-k-no-nu/phishing.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6c4fd3872c1c183a8219cbc9f0aaa449548afac5aa828b3bc5f4c2b738b2fd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 251326
cf-polished: origFmt=jpeg, origSize=2169
x-forwarded-for: 91.238.82.113
content-disposition: inline; filename="phishing.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2010
x-xss-protection: 0
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v20c3"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YNRPy8Jqb0Gm6wKP9%2FM6O%2FBziBJ2t%2BrXAFi8Dyu9p2zqamHZyqB2w0nbu%2BTA5M00lEJwp7WrYlidNyjmHtcFSmf1FYnOTqg6dkxr4E3haToD04%2FkmCW7d59OvciCQrgVmmAbbHOCs%2BlinoNACOT3"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-expose-headers: Content-Length
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 7598e43768c891ed-FRA
expires: Tue, 11 Oct 2022 17:02:20 GMT

GET
H3 200 s.js Show response
thehackernews.com/cdn-cgi/zaraz/ 5 KB
3 KB 54ms
53ms Script
text/javascript 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyQ29tbTEwMCUyMENoYXQlMjBQcm92aWRlciUyMEhpamFja2VkJTIwdG8lMjBTcHJlYWQlMjBNYWx3YXJlJTIwaW4lMjBTdXBwbHklMjBDaGFpbiUyMEF0dGFjayUyMiUyQyUyMnglMjIlM0EwLjYwODExNzI2ODcwMjEwNyUyQyUyMnclMjIlM0ExNjAwJTJDJTIyaCUyMiUzQTEyMDAlMkMlMjJqJTIyJTNBMTIwMCUyQyUyMmUlMjIlM0ExNjAwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGdGhlaGFja2VybmV3cy5jb20lMkYyMDIyJTJGMTAlMkZjb21tMTAwLWNoYXQtcHJvdmlkZXItaGlqYWNrZWQtdG8uaHRtbCUzRnV0bV9zb3VyY2UlM0RuZXdzbGV0dGVyJTI2dXRtX21lZGl1bSUzRGVtYWlsJTI2dXRtX3Rlcm0lM0QyMDIyLTEwLTEzJTI2dXRtX2NhbXBhaWduJTNERnclMkJMYXphcnVzJTJCQWJ1c2UlMkJEZWxsJTJCRHJpdmVyJTJCQnVnJTJCQ29tbW9uU3Bpcml0JTJCSGl0JTJCYnklMkJSYW5zb213YXJlJTJCQmxhY2tCeXRlJTJCUmFuc29td2FyZSUyQkRpc2FibGVzJTJCU2VjdXJpdHklMkJQcm9kdWN0cyUyMiUyQyUyMnIlMjIlM0ElMjIlMjIlMkMlMjJrJTIyJTNBMjQlMkMlMjJuJTIyJTNBJTIyVVRGLTglMjIlMkMlMjJvJTIyJTNBMCUyQyUyMnElMjIlM0ElNUIlNUQlN0Q=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da28cfea38891f64634da707be2712ab95528a36a5a0a96e046e73c3d011ee7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 600
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://thehackernews.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FO48ai9TqTIkt%2B%2FI0yuJoNgxznptQXVGTfEIgpfhMfgC%2FsfJiPDlDUDlXqVomdnzlZX6y7PhYBKCZJRvPk8EsCbKSYzVZFDs06kSG1EbIaEnR9r28CNIOB71j2jFpvZKG94Z9bPzmLzidQJ6wO8t"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
access-control-allow-credentials: true
cf-ray: 7598e43768cb91ed-FRA
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control

GET
H3 200 Fortinet-zero-day.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgUpWG06oQBFeajW6L5ubkRQaF_egVO055QAFtAnZuJhcqX-7Hp0RlTozLKtDquowAcvtMzOiQaqGJ8M9_OvPtcyOEx_nVvW6wAwhLHDCoKtZlKBccJcJNmsWBh_7Ogs3FsRTQwdrEc4S_K8-SPf... 1 KB
2 KB 70ms
68ms Image
image/webp 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgUpWG06oQBFeajW6L5ubkRQaF_egVO055QAFtAnZuJhcqX-7Hp0RlTozLKtDquowAcvtMzOiQaqGJ8M9_OvPtcyOEx_nVvW6wAwhLHDCoKtZlKBccJcJNmsWBh_7Ogs3FsRTQwdrEc4S_K8-SPfQue17uZKD35uoCXNo8er4_244-8ktu_z7bQdH0t/w72-h72-p-k-no-nu/Fortinet-zero-day.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa010a5e19ba82c4e08c8b5c9d292355f4f632c8df5c31b24d975248d7139be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 57745
cf-polished: origFmt=jpeg, origSize=1745
x-forwarded-for: 45.247.47.138
content-disposition: inline; filename="Fortinet-zero-day.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1472
x-xss-protection: 0
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v20d4"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tNNr9urUN9yMY%2B746V9mGZ%2B1h6NiUyO2JKllmvP5GuZVYNyT1CXMNnxFkhLPGoZidrIaQ3cJSl7WiLBusC1dDfREbvngCoP%2BQFmqun9bHKMuFiSMLd1bUIDNKksA8lZzQvPp544evHaz6YzA0YeC"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-expose-headers: Content-Length
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 7598e4386b1291ed-FRA
expires: Thu, 13 Oct 2022 22:48:41 GMT

GET
H3 200 ms.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjeUWuPrjVRtuLfvZ08ImJeXt0BdQpRXeQ6I0n0SAV_PvlNadxnD9aN7xs4GdR3dnw4vc_xgBx7ZMfuF4JsmZ8SVjY0DMxorkecTx87m3KMhPPwj-eMcuw7qBH0ZOWX2k0C8AUY_BQjxGr0uihjZ... 2 KB
3 KB 48ms
43ms Image
image/webp 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjeUWuPrjVRtuLfvZ08ImJeXt0BdQpRXeQ6I0n0SAV_PvlNadxnD9aN7xs4GdR3dnw4vc_xgBx7ZMfuF4JsmZ8SVjY0DMxorkecTx87m3KMhPPwj-eMcuw7qBH0ZOWX2k0C8AUY_BQjxGr0uihjZw9opxQt8RNXIK3HVcztB-5v-tFUuZFDzyfQoLAw/w72-h72-p-k-no-nu/ms.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24d5a99cd5ae315cbd65f9118f46aaba8a08dd301c7b816ef9c4db4151fc1d81

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 251224
cf-polished: origFmt=jpeg, origSize=2870
x-forwarded-for: 91.238.82.113
content-disposition: inline; filename="ms.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2432
x-xss-protection: 0
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v20d8"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BN2SEvxkzcKO28CqSJ%2FYsZdMbi%2BsMI8pxF%2FPgJ1l6Aw9R4iDYeBotfTUzmEw8dZh2I0GVH26XmrJzGFuYq2Gvvd0jD4apZ%2FYH%2FF5hfnEhvw5RkPkY7eea2bFB5RE8F78wwqUIsi7s7dzFThjwsW%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-expose-headers: Content-Length
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 7598e4386b1c91ed-FRA
expires: Tue, 11 Oct 2022 17:04:02 GMT

GET
H3 200 zimbra.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj_mSCNjeWlBLcZ9KTwy9P_b-QtDO-uH5LuoYKGw-YZcAfFgRU0st0csu44_gTgZwL4MVA9GlXLRHGoTpHTNFOSftIiRwcJsFz3v9R_soRPdNhkcQoPitDJc8WQa29QHbw65xEBWA0c3bofUYBs0... 2 KB
3 KB 62ms
58ms Image
image/webp 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj_mSCNjeWlBLcZ9KTwy9P_b-QtDO-uH5LuoYKGw-YZcAfFgRU0st0csu44_gTgZwL4MVA9GlXLRHGoTpHTNFOSftIiRwcJsFz3v9R_soRPdNhkcQoPitDJc8WQa29QHbw65xEBWA0c3bofUYBs0APomKwz9aGt00iyBYUKhzKwGdIMwB3dM-N9Gw0P/w72-h72-p-k-no-nu/zimbra.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ce0e2aff91aef6e043eff9ab030f662d66e05ea0517f97dbe17fdf814fd2a97

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 58095
cf-polished: origFmt=jpeg, origSize=2657
x-forwarded-for: 79.184.184.112
content-disposition: inline; filename="zimbra.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2132
x-xss-protection: 0
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v20da"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j6Il3j2jHLwxtMj%2BIA67YmReVcQNgrUPZL8PPLvSjUny34uD3avMTBwHV%2BkkyVq1CFJi0DsuNlb5Ot2aUox2mnt%2FbAq6myD422yxIr5J2BpkoqHdB0JiQJENJ9z%2BYnGpLNY0tjaQvkU5dewQq0mF"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-expose-headers: Content-Length
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 7598e4386b1d91ed-FRA
expires: Thu, 13 Oct 2022 22:42:51 GMT

GET
H3 200 firewall.jpg
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhe-JObfxreJe3voT0gU0S71E013xl9EJTptEvFiIYrrr0cMALdF9FZR1Rc20JN7zmeC4ZC5In7OgjeASatCBiVJAMoaOPzikA75p2359zbFIla4cniv7wHpmaLMdvm4vDQ1qBrj6xaxkI0kesF0... 3 KB
4 KB 64ms
61ms Image
image/jpeg 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhe-JObfxreJe3voT0gU0S71E013xl9EJTptEvFiIYrrr0cMALdF9FZR1Rc20JN7zmeC4ZC5In7OgjeASatCBiVJAMoaOPzikA75p2359zbFIla4cniv7wHpmaLMdvm4vDQ1qBrj6xaxkI0kesF0zlPgDbBpWlIDP7pInkBzVTb9UE9n5Gq14Dnjpq2/w72-h72-p-k-no-nu/firewall.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

372086d1210837e8ea728b14f8ed70cc2a4a19ca2e1c69a7ae62e8cdae12379c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 40595
cf-polished: origSize=3469, status=webp_bigger
x-forwarded-for: 84.131.144.45
content-disposition: inline;filename="firewall.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3446
x-xss-protection: 0
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v20e8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bd0jvCD95FNJpDLDFJ2lazHkBBwzwRmXOfK0TGCmiTqX9U%2F0SOcnXaMYH9%2B1s98flarjYfMkZRnpFgRqehi5RkD0Wh5pQG5E4DmrUTQ%2F13%2FaL%2FNH8N1%2BKUrN5QcP3%2Boc9Smtz%2Bvv7cBKGoOQmzDE"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-expose-headers: Content-Length
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 7598e4386b2191ed-FRA
expires: Fri, 14 Oct 2022 03:34:31 GMT

GET
H3 200 meta.gif
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiAe_3Avvl4sfr0P_yLVw0Nv-SQHopXOvlAH34l9rnbmfUgDFyNyAcMDkTO7xv5BJFwCi_wYktLJjNxX8wTwzRc7hQDcH8fim3UBwFsmEqWQYwJImbEFK5seXmaKacqzB3eOTESLUytcvwNX41xz... 2 KB
2 KB 41ms
38ms Image
image/webp 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiAe_3Avvl4sfr0P_yLVw0Nv-SQHopXOvlAH34l9rnbmfUgDFyNyAcMDkTO7xv5BJFwCi_wYktLJjNxX8wTwzRc7hQDcH8fim3UBwFsmEqWQYwJImbEFK5seXmaKacqzB3eOTESLUytcvwNX41xzNUHBlgouF71IhVPZk98FOhpc4GuDSk4V0WtIaHh/w72-h72-p-k-no-nu/meta.gif

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2618dd5e0244d362c48a1c8db16b25e2c81187470e63693ff8080747df307cb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:06 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 40409
cf-polished: origFmt=gif, origSize=2489
x-forwarded-for: 103.136.115.142
content-disposition: inline; filename="meta.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1718
x-xss-protection: 0
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v20d2"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e1Dt8D9gG0PXqy%2FH5%2FFd66TrnJMUwywkxT4T33ST2pB0LhZaNV%2BzV5iemk%2FuFRfxRuQOOIwVjy3ct59naBSrksQMkon0%2BnRt6YWgx5o6Yo236YuHflbkBGi9aqIT5bu%2BZuZubkmDX30IVzLG4WP9"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-expose-headers: Content-Length
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 7598e4386b2691ed-FRA
expires: Fri, 14 Oct 2022 03:37:37 GMT

GET
H3 200 strike-728.png
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgvfqow2z1XORevUpzKGWWXZ2DP4dMaNi-7cycpa3J_bSZKv0tO6MP40HLl7lvVJDIswOmb6I-YoNMLJym4v9oLZQczujsMqcttB3M_Cvm6E-zLs0XrpwaTZ_SGFjckDfi3CPfijZaii8Z88_btc... 10 KB
10 KB 80ms
79ms Image
image/webp 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgvfqow2z1XORevUpzKGWWXZ2DP4dMaNi-7cycpa3J_bSZKv0tO6MP40HLl7lvVJDIswOmb6I-YoNMLJym4v9oLZQczujsMqcttB3M_Cvm6E-zLs0XrpwaTZ_SGFjckDfi3CPfijZaii8Z88_btcKeHKKfxm7cDyF3kaVvsirGpb2JWVH0Ot3xGiC2sZg/s1600/strike-728.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2253c8d7a545ced30f289ca998d63c37294c2f2e8537871a10c55c5105ae79b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 251324
cf-polished: origFmt=png, origSize=11827
x-forwarded-for: 91.238.82.113
content-disposition: inline; filename="strike-728.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9916
x-xss-protection: 0
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "ve41c"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TZeSX8VVjhfJ953y8XfKq0Irwb89cmBzVEhOaUZqSMQJmGyMJJJLLTeWDa39kh7ZDERFSv4z4Pl50inP5mSXaYwz6V8r2xBZ2sQDp%2FDa26JC43QMG1p64SSB7uql%2FsY0rD6UP2aKLqcgk2ubXwhk"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-expose-headers: Content-Length
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 7598e4393cf291ed-FRA
expires: Tue, 11 Oct 2022 17:02:23 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 76ms
30ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1786290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mCPsjIjV6dnFcwEIcx3%2BOanm81iubApSO6SIuPOkWglSBi2lq%2BXAobH0hEdaMpCzTAwO%2FdzjBkz3M3Jo9QPNVW4lkXtugVQxpOnclLZQx3N58VL4ln5yruo8GVD5mAnX02ftSJ5xK4vUHHW84XVpjrPE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7598e43dc95e5c5c-FRA
expires: Tue, 03 Oct 2023 14:51:07 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 163 KB
54 KB 130ms
60ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93c7b4e67d25ae945e83a4e62b77feaa452f423e45e994fdd7ffe859822129e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54672
x-xss-protection: 0
server: cafe
etag: 3386971837056609316
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 13 Oct 2022 14:51:07 GMT

GET
H3 200 Devlympics.png
thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEinvSiHS2Dw4GbUPe0ROBPDJIOydRonxRmMFqUpKL3HJE06by_ICltVu8078WIkhM5_4qIOX2ZCMnWjmijEWoo2nYOWNRjAlafehOrd8bvkDd-Pt_boaz40MOOMmg7GFThLnCvNwhTzOXEA4PG1D... 15 KB
15 KB 58ms
58ms Image
image/webp 2606:4700:20::ac43:4615
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEinvSiHS2Dw4GbUPe0ROBPDJIOydRonxRmMFqUpKL3HJE06by_ICltVu8078WIkhM5_4qIOX2ZCMnWjmijEWoo2nYOWNRjAlafehOrd8bvkDd-Pt_boaz40MOOMmg7GFThLnCvNwhTzOXEA4PG1DRLlULWRobp50PeSXSba819a1bfStKdHkGK42Dwwnw/s728-e100/Devlympics.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4615 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d417a17bdb4bd071478c875e6c0b9c4a91b5a445c524fa8e9d9a2b5d57ce542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 251289
cf-polished: origFmt=png, origSize=17103
x-forwarded-for: 91.238.82.113
content-disposition: inline; filename="Devlympics.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14866
x-xss-protection: 0
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "ve4c7"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xMfLhrfXP0b5YKXIw9A7C%2ByoSDeooriGSvO10CBMMBFMFuhBN5sHt244Yqvs8s6hE44UYawpzOVSFuKXs0CymY%2F3HI1iiAsYoFIp9V3bc20rouD6uUDtvPWZrymKlob%2FJbu9%2BrQ49cySq3RAo8t9"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-expose-headers: Content-Length
cache-control: public, max-age=8640000, immutable, s-maxage=8640000
accept-ranges: bytes
cf-ray: 7598e43d9ef991ed-FRA
expires: Wed, 18 Jan 2023 17:02:58 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210050101/ 352 KB
116 KB 115ms
67ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com&bust=31070209

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3b7f01349df8e8bccaa76769be2b730d0762f3ae24408ec63c3c70479ca3102b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:07 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118403
x-xss-protection: 0
server: cafe
etag: 8530781546862593878
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 13 Oct 2022 14:51:07 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221011/r20190131/ Frame 6E48 10 KB
5 KB 68ms
19ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221011/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 71048
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Oct 2022 19:07:00 GMT
etag: 9671129459699598864
expires: Wed, 26 Oct 2022 19:07:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 221 B
649 B 85ms
29ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=thehackernews.com&callback=_gfp_s_&client=ca-pub-7983783048239650

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7983783048239650&plah=thehackernews.com&bust=31070209

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01d0995a46079e8a6d7805299a2bca11a6bd7060b31b067a7ea2dda433764118

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 86ms
36ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=thehackernews.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 108ms
30ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=thehackernews.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E3DA 64 KB
21 KB 1188ms
1123ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b287faa43424bac1e9142e0d78deb37651450e3d1d641d4bda4dc9409c0d1d69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 21332
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 14:51:09 GMT
expires: Thu, 13 Oct 2022 14:51:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 76ms
34ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221011&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f1316649282522e8d93234ce2a7300eeda5398c1c83a7ee847136b9321fac084

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11108
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B324 96 KB
32 KB 491ms
448ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1665666994&rafmt=12&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667938&bpp=1&bdt=1286&idt=260&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5389031455779&frm=20&pv=1&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3223&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=cqv85P2nR6&p=https%3A//thehackernews.com&dtd=266

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

828773897a14b4af7f5932ebf6a765fb89447af92479351d81d5906b972ea640

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 32923
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 14:51:08 GMT
expires: Thu, 13 Oct 2022 14:51:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C38D 130 KB
32 KB 464ms
433ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&adk=1812271804&adf=3025194257&lmt=1665666994&plat=9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&ea=0&pra=7&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667950&bpp=2&bdt=1298&idt=259&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250%2C970x250&nras=1&correlator=5389031455779&frm=20&pv=1&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=268

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6937f5dfd27a625ac486df6353db1185d2191b21630b8be936af7a44ad5d56f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 33088
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 14:51:08 GMT
expires: Thu, 13 Oct 2022 14:51:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 130ms
45ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 13 Oct 2022 14:51:08 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0C2B 13 KB
5 KB 64ms
20ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ranges: bytes
age: 2287
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 14:13:01 GMT
expires: Fri, 13 Oct 2023 14:13:01 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CB83 783 B
1 KB 83ms
34ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ff20cb46ed1aeee0a41e59e1c0ebc47a04e5c98a6430b5ac3b4c5e6563cadd00

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-j6tUchgbngwDkpbPKCMECA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-j6tUchgbngwDkpbPKCMECA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 14:51:08 GMT
expires: Thu, 13 Oct 2022 14:51:08 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 YGBXjHGFrvOS8X60wpRSOm_fLYxf6hdhmLaY3J7KaRQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 0C2B 36 KB
16 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YGBXjHGFrvOS8X60wpRSOm_fLYxf6hdhmLaY3J7KaRQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6060578c7185aef392f17eb4c294523a6fdf2d8c5fea176198b698dc9eca6914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2619
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16102
x-xss-protection: 0
last-modified: Mon, 03 Oct 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Oct 2023 14:07:29 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CB83 0
0 54ms
53ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221011&jk=2851906740196768&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0C2B 0
10 B 20ms
19ms Image
text/plain 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?kqQv7Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:08 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 css
fonts.googleapis.com/ Frame B324 8 KB
1 KB 80ms
31ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1665666994&rafmt=12&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667938&bpp=1&bdt=1286&idt=260&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5389031455779&frm=20&pv=1&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3223&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=cqv85P2nR6&p=https%3A//thehackernews.com&dtd=266

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 13 Oct 2022 14:51:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 13:28:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Oct 2022 14:51:08 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/ Frame B324 2 KB
902 B 24ms
24ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 03:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40379
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 03:38:09 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221011/r20110914/ Frame B324 23 KB
9 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221011/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

733b81ca611521c0c5664701f060df9d5486014c1dba79acb22269bfc9e06d0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 03:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40379
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9578
x-xss-protection: 0
server: cafe
etag: 2674910403068493586
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 03:38:09 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/ Frame B324 3 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:13:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2288
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 14:13:00 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/ Frame B324 17 KB
7 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7e54c08be2d3028420666e9aca9074537fb351e2ece4e32b925ffca1840ce12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 03:38:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40383
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 17992891929817281641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 03:38:05 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B324 152 KB
47 KB 79ms
30ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665574756386403"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 13 Oct 2022 14:51:08 GMT

GET
H2 200 1d54d8cacad5994e062108e03542c880.js Show response
www.gstatic.com/mysidia/ Frame B324 33 KB
14 KB 70ms
20ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1d54d8cacad5994e062108e03542c880.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39ea310e86ee5d4b745f48121268b8848ebbc92d2b9a1a791c36c7a03512b101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 548963
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210050101/ 151 KB
54 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210050101/reactive_library_fy2021.js?bust=31070209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

278a235264c6606855cc69f059e674d552ab11734cd918834e39404244d1df36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55073
x-xss-protection: 0
server: cafe
etag: 14528059703208322327
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Oct 2022 14:51:08 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B324 0
0 62ms
62ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CEaz03CVIY5r8EIuFtwfSjZL4Ctvzvd1szdLAybUQ2tkeEAEg5_vlG2CRBKABjoS93QPIAQmpAnP0440N8Yo-qAMByAPLBKoE_wFP0CsZkdq8kr6JQCxYtw8cN-JrJa3NbkSzZlZmGdoYC9fde4RV7bCz8dQDdULFE2Wr2Aq8nKuyqwv8-tXLCbgTmBVyUqKTla4Jw7oD6akY49FkOl1pz6mZOzUFWtLLLzrJTFpTJYKmAgmxfmiE6SB8ds0z6jE_P6ueBfm4Sr6S44yS3zxOEu0uE3FAA3lXBJAd_u8T2Tv3Het004PtPvs_4OWk0JZNFNSvI4RIQEW983Nr6HDxuCCRWKN5uiF5ofrQhbQaZZJ7B145_BnXr_hn-1qx7Ci4oJ52-JzYt-3Xg4uA7Hw_Rb3pxzzc3WvWLELP5b5n0sznxpEAGPadrALABIS7xNqQBJIFBAgEGAGSBQQIBRgEoAYugAfL_qk4qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQzcIC0ggRCIDhgHAQARgfMgLrAjoCgECACgHICwHYEw2IFAHQFQGYFgGAFwGyFxwKGggAEhRwdWItNzk4Mzc4MzA0ODIzOTY1MBgA&sigh=nlNuWh3IjcE&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=8972781702&adk=3509986032&adf=536986986&pi=t.ma~as.8972781702&w=970&lmt=1665666994&rafmt=12&format=970x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667938&bpp=1&bdt=1286&idt=260&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&prev_fmts=300x250&correlator=5389031455779&frm=20&pv=1&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=3223&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=cqv85P2nR6&p=https%3A//thehackernews.com&dtd=266
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 13 Oct 2022 14:51:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 13 Oct 2022 14:51:08 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 70ms
29ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=thehackernews.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 72ms
29ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=thehackernews.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/ Frame 6B2B 10 KB
4 KB 20ms
19ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 76296
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 12 Oct 2022 17:39:32 GMT
etag: 9671129459699598864
expires: Wed, 26 Oct 2022 17:39:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 6B2B 4 KB
636 B 70ms
28ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 13 Oct 2022 14:51:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 13:11:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Oct 2022 14:51:08 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6B2B 205 B
229 B 66ms
25ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:10:50 GMT
x-content-type-options: nosniff
age: 2418
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 13 Oct 2023 14:10:50 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6B2B 604 B
628 B 65ms
24ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 12:59:19 GMT
x-content-type-options: nosniff
age: 6709
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 13 Oct 2023 12:59:19 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221011/r20110914/elements/html/ Frame 6B2B 19 KB
8 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221011/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9232affad46b9ddd1239711acc6ff257591d759fd4197035f3fbc7bf511d036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 03:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40379
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8227
x-xss-protection: 0
server: cafe
etag: 5516984893510486959
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 03:38:09 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15931890105848831524/ Frame B324 27 KB
27 KB 29ms
29ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15931890105848831524/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16df809949569883ef5e154ff11c3dbd60f426fe26ea8401bf49c4f3dbab4d38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 04:14:18 GMT
x-content-type-options: nosniff
age: 556610
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27892
x-xss-protection: 0
last-modified: Fri, 30 Sep 2022 12:20:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Oct 2023 04:14:18 GMT

GET
DATA 200
OK truncated
/ Frame B324 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B324 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B324 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 918d8b1bdeb6fa1e736dc0f6e65a363b8d4d4f488a138fc7b8fa805843e19df9

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame B324 28 KB
28 KB 68ms
20ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 08:44:44 GMT
x-content-type-options: nosniff
age: 108384
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Oct 2023 08:44:44 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 97EA 8 KB
895 B 30ms
29ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 13 Oct 2022 14:51:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 13:23:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Oct 2022 14:51:08 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/ Frame 97EA 2 KB
902 B 21ms
21ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 03:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40379
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 03:38:09 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221011/r20110914/ Frame 97EA 23 KB
9 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221011/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

733b81ca611521c0c5664701f060df9d5486014c1dba79acb22269bfc9e06d0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 03:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40379
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9578
x-xss-protection: 0
server: cafe
etag: 2674910403068493586
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 03:38:09 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/ Frame 97EA 3 KB
1 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:13:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2288
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 14:13:00 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/ Frame 97EA 17 KB
7 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7e54c08be2d3028420666e9aca9074537fb351e2ece4e32b925ffca1840ce12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 03:38:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40383
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 17992891929817281641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 03:38:05 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 97EA 152 KB
46 KB 114ms
72ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665574756386403"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 13 Oct 2022 14:51:08 GMT

GET
H3 200 1d54d8cacad5994e062108e03542c880.js Show response
www.gstatic.com/mysidia/ Frame 97EA 33 KB
13 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1d54d8cacad5994e062108e03542c880.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39ea310e86ee5d4b745f48121268b8848ebbc92d2b9a1a791c36c7a03512b101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 548963
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 62D0 143 B
166 B 22ms
19ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 34
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 14:50:34 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 62D0
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

37ms
36ms

Document
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221011/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 14:51:09 GMT
expires: Thu, 13 Oct 2022 14:51:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 14:51:09 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 YGBXjHGFrvOS8X60wpRSOm_fLYxf6hdhmLaY3J7KaRQ.js Show response
pagead2.googlesyndication.com/bg/ Frame E47F 36 KB
16 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YGBXjHGFrvOS8X60wpRSOm_fLYxf6hdhmLaY3J7KaRQ.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6060578c7185aef392f17eb4c294523a6fdf2d8c5fea176198b698dc9eca6914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2619
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16102
x-xss-protection: 0
last-modified: Mon, 03 Oct 2022 10:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Oct 2023 14:07:29 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 57ms
56ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221011&jk=2851906740196768&bg=!aWqlai7NAAYqRg79CkY7ACkAdvg8WrRKYDJjfUPxJmVju5Tl-KDgCs-bJ7IhsBwqabqnYHzkq1-NYwIAAABDUgAAAAFoAQeZAqyLiF3WqvZO7dzQxPv_mvmr97Bc20WK3lbMwW78t34Wwi2ZUsgswksxL0ZZw_Dn13h0IyD1T56MJtwwDVxj0mmNQVAXLK368ddGhf83r557KMGUnyZVayi5s_NEqhFbYKx47HEHjxYGqf5X6qjN6FWhOs5_gwgugoPOyOFvYLZUf0zNR5DhNOXNA-UAnC3HspqmB7MBx5hW_1Ug9w7fq-4cHGW8dtNOdtS5ink0lwTU1eMpxQTSGjUvs3fhOvw3MZQYVP0XNvTbQ1yK2jwnwDU88XykLwqyOC0lgAL4pG5PQpZF4cOkS-owFaecU_5CdFeqELz2s5CAeIMdTp4lPFFkcyQ0URvX9zYnvIoQeoaWA4GeBRc0HqaV_20KvG0fTnlMaZXM0f_U-NLh95URTK3P07o2au5BTpdlPI97rKSdY3CDRwUg6hZtIt0hIEQBeh8GGSQ7hANJFmUJoCMsAqOHVEKxBFCGyzqtfSY9U5Caj9ARlCitscC9HrQj5X2jRrJGDGYtXOg7NCfJfYRbz9ecIHDyFc4JbO0x2M8f610oBBF1DZNT51jlv0vSDCkP8XSpFm0XQgLcgVg6ClQh6G9iptsbrdnMT1YrmuUEYTqSobFlA0e5Ew5uxtKJ9LZGhTO2_NNkXSR3uweOv_22eRN9r-ImBg0eP-7s1ExCHvjDm4VvN2WYeFHroR6-ERugZ-kuddu3EWpYoZMc5euEecr9dP8QAYo2YYmfe_5NnbIRy2TYGirzSIUp97LekhDPVGBWTy0KHqt0qRxPr_BJbJ1iNmrl0yhaMurXTKCA6JM0NInxDehvad4nM4FXqfJ8IXau5GR4c3DhZszMelu8H9alL1oMFdjH9xXCO0hhTF75woZtg39z61IcEpZSaQSIxs9SMkBucY_mVdq5LY0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

GET
H3 200 css
fonts.googleapis.com/ Frame E3DA 8 KB
712 B 30ms
29ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C700%7COpen%20Sans%3A300%2C400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7a695d75ed5265fb2f07d7f73e41ffe4acea9b5c5f6573294038d5ef560a0086

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 13 Oct 2022 14:51:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 13:15:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Oct 2022 14:51:09 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/ Frame E3DA 2 KB
902 B 21ms
20ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 03:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40380
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 03:38:09 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221011/r20110914/ Frame E3DA 23 KB
9 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221011/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

733b81ca611521c0c5664701f060df9d5486014c1dba79acb22269bfc9e06d0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 03:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40380
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9578
x-xss-protection: 0
server: cafe
etag: 2674910403068493586
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 03:38:09 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/ Frame E3DA 3 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:13:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2289
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 14:13:00 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/ Frame E3DA 17 KB
7 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221011/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7e54c08be2d3028420666e9aca9074537fb351e2ece4e32b925ffca1840ce12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 03:38:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40384
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 17992891929817281641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 03:38:05 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E3DA 152 KB
46 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 14:51:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665574756386403"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 13 Oct 2022 14:51:09 GMT

GET
H3 200 1d54d8cacad5994e062108e03542c880.js Show response
www.gstatic.com/mysidia/ Frame E3DA 33 KB
13 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1d54d8cacad5994e062108e03542c880.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39ea310e86ee5d4b745f48121268b8848ebbc92d2b9a1a791c36c7a03512b101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 548964
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E3DA 0
0 61ms
61ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CHL8f3CVIY-2hEcKPtwfDwb2oCZ7X-a5puezc54kNxZvtypoZEAEg5_vlG2CRBKAB4fe19APIAQGpAknkH8Ws5LI-qAMBqgSDAk_Q_-4cH8tR3C2IwHTQrAhKfG3Dh_qvn43agz4XvRw83qQmklnp4wR7-sHxCMZEqvANeKYGtGq5MdBcen7lhRs_Rk7NmaN3vgw4oLT1RCljW_aLGoysKBFUnrIzhYK5H_Uz-q1NnLgUPqG5jGqquqYbFTLY5vU8b9m0sCeycL8axQhsufHf9aFQ32daLaHxUz2timmA5f6v4Cc3goNhtTtLYKeWM8LXsKIaLPRJS0F3bilDIu0BFFSBenjo4gM7_6s1qpBibWQAZQXaCjgi4N9a7ggT9I9k-6ZWYA_BHP89U1w8pPOExOvTEqU_bRddK1bub_w21NjVj0xRvUVlw9ruepPABJKy2pqfA4AHh4jKC6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEPGsB9IIEQiA4YBwEAEYHzIC6wI6AoBAgAoByAsB2BMDiBQB0BUBmBYBgBcBshccChoIABIUcHViLTc5ODM3ODMwNDgyMzk2NTAYAA&sigh=w44ulMBfa1o&uach_m=[UACH]&template_id=5028

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 13 Oct 2022 14:51:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E3DA 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aaaf0b2c3bd11afe20e1902624db617c2131b3272fabebd1160cb2f53dfb3750

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 04E2 143 B
166 B 21ms
19ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

age: 35
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 14:50:34 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E3DA 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5cf56f28aa8ea3fe18035d600b8ceb3c1a02883b99dd8471d33d4a1d170ba40e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 04E2
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
18 B

38ms
38ms

Document
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?npa=1&client=ca-pub-7983783048239650&output=html&h=250&slotname=4149586040&adk=455978357&adf=3784364303&pi=t.ma~as.4149586040&w=300&fwrn=4&fwrnh=100&lmt=1665666994&rafmt=3&format=300x250&url=https%3A%2F%2Fthehackernews.com%2F2022%2F10%2Fcomm100-chat-provider-hijacked-to.html%3Futm_source%3Dnewsletter%26utm_medium%3Demail%26utm_term%3D2022-10-13%26utm_campaign%3DFw%2BLazarus%2BAbuse%2BDell%2BDriver%2BBug%2BCommonSpirit%2BHit%2Bby%2BRansomware%2BBlackByte%2BRansomware%2BDisables%2BSecurity%2BProducts&fwr=0&rh=250&rw=300&rpe=1&resp_fmts=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665672667934&bpp=4&bdt=1282&idt=204&shv=r20221011&mjsv=m202210050101&ptt=9&saldr=aa&abxe=1&correlator=5389031455779&frm=20&pv=2&ga_vid=709669082.1665672668&ga_sid=1665672668&ga_hid=1464727167&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1031&ady=471&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C42531705%2C31070209%2C31062931&oid=2&pvsid=2851906740196768&tmod=129783325&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nYZeLOXW2U&p=https%3A//thehackernews.com&dtd=246

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 14:51:09 GMT
expires: Thu, 13 Oct 2022 14:51:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 14:51:09 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ Frame E3DA 44 KB
44 KB 64ms
22ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans%3A400%2C700%7COpen%20Sans%3A300%2C400

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 10 Oct 2022 18:50:34 GMT
x-content-type-options: nosniff
age: 244835
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 10 Oct 2023 18:50:34 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E3DA 42 B
64 B 58ms
57ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvGSGv3nYlfJd_srEfHLRQkFo3vO229MY_B_jqRnVrLR07AQc9f1ztvABR2Oy3Pvoy3L0knOiE05ZKCNtO6jwi2eTtSU3FtkH7Q4Dt_8_YJvJVYPY9AjWonUSREbjeRxKzG7rjayDmzLJ0d-BRlgLviMae96Obo-ubrcg6EoqYiP3tFPAy1-LvN0GzVvKcuXVUH1fcY_bzi0mdwh-YnjWchxXBqGzrGk6nxehY4hxxTYFjXR7hmTdB5qBE9ZtanZHXHgDGIeupa0KyLC1aRANEFl_nAFA6kgkGEn3zOTEu24riM4A-ZwWJorDDwB3vQgE6waTVfUkruybTWOSnZ1Xr9rxHxsEdygDcQIzkG6Lo-tLgyPXIObBnQsm3QwqZE1uDn4t7wl-Dff3b14mOYqO9mJEau79ZGEfDs2LryelJS0hVd_ZgNpqclldFuT1u4ATmNjfo8mtt90ANWuBMuTpCstTd88g41M5ErM1x-_54GpuEo3XXIK_xzx8_Z9jQu6igkVn5vg_5-vCfq3pNTR3pfkpzrWXpiKxnwrN7P8ZsJpTTPsah1dg4FKtICmeGpP_a2JRIQeLWKryMlwcvn3HuYpNV6LpBcXGcHN_63YVIouloMQ70MPBulliEL8yzVVtkh9zScBU2R1tN_0IfAvHHDdsYnO8ss_blJfIaJnDSg0XCkDBM6YfAIgYykAsx5PAALDANP2pkSYmwOGijLbw_hcevXMQg7Yml-a3R4hsz6L3nVIdfBrsuXcJG3m9_QYYh3aoXVI4HltwnVJ0N6zXjoKW_NwIa-HI477r0kKh8NMYiLjQ0Ne08zZYbgJH052VbSpMKuU_ys9Hkb8KqKTOXDNEUdiZLi8Ntyz57nIeRN2xYYsAc7GLkVPQpOrpEWNxAGAKQNTi75apcPza-v_kauMP0Lqv4Od2kMKHi2MdyGY_fMOcQaBggEloXE5RSidb1jeRnqzsOAXKPfQfl-3GHSW1zJnyHcbTqVBWGluK_ioSrS0dJ2XtLkcg6SD-S76M6xl7uWqGq88v8qIWsn-A&sai=AMfl-YSPVSyG_3RkHgws9GImNJ6lH8thwf2QGtZaucyGQvNaNeciIkX1ufawX9-NJHxTZtMRK7943X5Tcj-prUlgKfSyhY20xknAQIk7&sig=Cg0ArKJSzIDcXeHvs0wtEAE&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221012&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=455978357&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1665672668183&rpt=1388&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 14:51:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
thehackernews.com/2022/10	1969-12-31 23:59:59	Name: _ga4s Value: 1
thehackernews.com/2022/10	1969-12-31 23:59:59	Name: _ga4sid Value: 596857658
.thehackernews.com/	1970-01-20 16:17:12	Name: _ga4 Value: 7a9d41a2-51d0-41b5-866a-b718ae9fe7c1
.thehackernews.com/	1970-01-20 16:02:48	Name: __gads Value: ID=41125b592e7dc3cc-229dfd3345ce0091:T=1665672668:RT=1665672668:S=ALNI_MZbHu-RW2ilvkpg00NkePcIngSjvA
.doubleclick.net/	1970-01-20 16:02:48	Name: IDE Value: AHWqTUluuATk00RZlTJ1FP_vz2_47-bIPYYbBySAQUSjawB6KgdZz7O_dAdjnQYHU6g
.doubleclick.net/	1970-01-20 06:41:16	Name: DSID Value: NO_DATA

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://thehackernews.com/2022/10/comm100-chat-provider-hijacked-to.html?utm_source=newsletter&utm_medium=email&utm_term=2022-10-13&utm_campaign=Fw+Lazarus+Abuse+Dell+Driver+Bug+CommonSpirit+Hit+by+Ransomware+BlackByte+Ransomware+Disables+Security+Products(Line 6) Message: A preload for 'https://thehackernews.com/css/roboto.css' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cdnjs.cloudflare.com
ejyazl.clicks.mlsend2.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
thehackernews.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.gstatic.com
2606:4700:20::ac43:4615
2606:4700::6811:180e
2a00:1450:4001:802::2003
2a00:1450:4001:808::2001
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:827::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:830::200a
2a00:1450:4001:831::2002
2a00:1450:4001:831::2004
34.91.152.151
00a2773f339dc1f5ba7dbacf3514d6b1e1e04969dca687fb5b1f81aa7d2a6cd4
01d0995a46079e8a6d7805299a2bca11a6bd7060b31b067a7ea2dda433764118
0c6c51dafc8bdf4ef6841da2faf4d5d7555393739fd7577d931b0268fe3060a9
16df809949569883ef5e154ff11c3dbd60f426fe26ea8401bf49c4f3dbab4d38
172c87b54b5acb8f1971d2d40a56e6cedeaaeac19075dff492ce399916acd5ae
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee
2253c8d7a545ced30f289ca998d63c37294c2f2e8537871a10c55c5105ae79b8
2361c2c1d43c614215b67d2e3d8bd4123b42442355dac9e1bd8e65cc5822e97c
24d5a99cd5ae315cbd65f9118f46aaba8a08dd301c7b816ef9c4db4151fc1d81
2618dd5e0244d362c48a1c8db16b25e2c81187470e63693ff8080747df307cb2
278a235264c6606855cc69f059e674d552ab11734cd918834e39404244d1df36
2ce0e2aff91aef6e043eff9ab030f662d66e05ea0517f97dbe17fdf814fd2a97
372086d1210837e8ea728b14f8ed70cc2a4a19ca2e1c69a7ae62e8cdae12379c
39ea310e86ee5d4b745f48121268b8848ebbc92d2b9a1a791c36c7a03512b101
3b7f01349df8e8bccaa76769be2b730d0762f3ae24408ec63c3c70479ca3102b
3d8ab8467b889847c12c542bee765afc54acbaff1cc91ce3197ab4f2be8f08ff
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5cf56f28aa8ea3fe18035d600b8ceb3c1a02883b99dd8471d33d4a1d170ba40e
5fa010a5e19ba82c4e08c8b5c9d292355f4f632c8df5c31b24d975248d7139be
6060578c7185aef392f17eb4c294523a6fdf2d8c5fea176198b698dc9eca6914
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6795c5c8b9b0aeb87d6663ccd7a71fb9d2f2817fe9b5c2e67bce0d5a5e1309a1
688a1e2444a1171a4cfbc8674c62d53bc663bf35a7825eb3563851e79694411c
6937f5dfd27a625ac486df6353db1185d2191b21630b8be936af7a44ad5d56f1
733b81ca611521c0c5664701f060df9d5486014c1dba79acb22269bfc9e06d0a
7a695d75ed5265fb2f07d7f73e41ffe4acea9b5c5f6573294038d5ef560a0086
7d417a17bdb4bd071478c875e6c0b9c4a91b5a445c524fa8e9d9a2b5d57ce542
828773897a14b4af7f5932ebf6a765fb89447af92479351d81d5906b972ea640
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
918d8b1bdeb6fa1e736dc0f6e65a363b8d4d4f488a138fc7b8fa805843e19df9
93c7b4e67d25ae945e83a4e62b77feaa452f423e45e994fdd7ffe859822129e5
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
a25dfb089fa8d0dfe14c6bc6efdb8b7731f89e13e50a57a3d15fdf575375e95c
a3f81dc01311980bdaf0b2a7fedb64ab72a049c2940b70c2092bb6587795c8a7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6c4fd3872c1c183a8219cbc9f0aaa449548afac5aa828b3bc5f4c2b738b2fd2
a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a9698322e0b5e9cd92215de22cf0edaa65e7f5a1c96d2e3c459f65b8dfb7800f
aaaf0b2c3bd11afe20e1902624db617c2131b3272fabebd1160cb2f53dfb3750
b287faa43424bac1e9142e0d78deb37651450e3d1d641d4bda4dc9409c0d1d69
b7e54c08be2d3028420666e9aca9074537fb351e2ece4e32b925ffca1840ce12
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690
c9232affad46b9ddd1239711acc6ff257591d759fd4197035f3fbc7bf511d036
cc66f1fec2b60f562de0ae3a4f1a620eb5da24580991ab7735b0aa76dc32c206
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
da28cfea38891f64634da707be2712ab95528a36a5a0a96e046e73c3d011ee7d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1316649282522e8d93234ce2a7300eeda5398c1c83a7ee847136b9321fac084
f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a
f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff20cb46ed1aeee0a41e59e1c0ebc47a04e5c98a6430b5ac3b4c5e6563cadd00

thehackernews.com Open in urlscan Pro 2606:4700:20::ac43:4615 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

74 Requests

100 %HTTPS

92 %IPv6

11 Domains

14 Subdomains

12 IPs

3 Countries

1064 kBTransfer

2487 kBSize

6 Cookies

39 Outgoing links

Page URL History

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

thehackernews.com Open in urlscan Pro
2606:4700:20::ac43:4615 Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

100 %
HTTPS

92 %
IPv6

11
Domains

14
Subdomains

12
IPs

3
Countries

1064 kB
Transfer

2487 kB
Size

6
Cookies

74 HTTP transactions
14 data transactions