gbhackers.com Open in urlscan Pro
2606:4700:3030::6815:22df Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/gMLeqraBgF
Effective URL:
https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
Submission: On May 17 via api (May 17th 2021, 12:10:17 pm UTC) from US

Summary HTTP 179 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 35 IPs in 6 countries across 29 domains to perform 179 HTTP transactions. The main IP is 2606:4700:3030::6815:22df, located in United States and belongs to CLOUDFLARENET, US. The main domain is gbhackers.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 12th 2020. Valid for: a year.

This is the only time gbhackers.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
23	2606:4700:303... 2606:4700:3030::6815:22df	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
8 9	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
2	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2606:4700::68... 2606:4700::6812:e134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
17	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	192.0.78.32 192.0.78.32	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.112.84 151.101.112.84	54113 (FASTLY) (FASTLY)
1	2a03:2880:f03... 2a03:2880:f030:f:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
16	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200e	() ()
1	2a00:1450:400... 2a00:1450:400c:c0c::9b	() ()
22	2a00:1450:400... 2a00:1450:4001:813::2001	() ()
7	192.0.77.32 192.0.77.32	() ()
2	142.250.184.195 142.250.184.195	15169 (GOOGLE) (GOOGLE)
1	192.0.78.23 192.0.78.23	() ()
1 1	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
2 5	2a00:1450:400... 2a00:1450:4001:831::2004	() ()
1	2a00:1450:400... 2a00:1450:4001:82b::2003	() ()
2	2a00:1450:400... 2a00:1450:4001:82f::2003	() ()
1 3	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	() ()
2 2	99.80.199.35 99.80.199.35	16509 (AMAZON-02) (AMAZON-02)
17	142.250.185.130 142.250.185.130	() ()
3	34.98.67.61 34.98.67.61	() ()
3 3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
5 5	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	18.195.194.125 18.195.194.125	16509 (AMAZON-02) (AMAZON-02)
1 1	217.182.200.20 217.182.200.20	16276 (OVH) (OVH)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2012	15169 (GOOGLE) (GOOGLE)
1	142.250.185.82 142.250.185.82	15169 (GOOGLE) (GOOGLE)
179	35

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2606:4700:3030::6815:22df (United States)

ASN13335 (CLOUDFLARENET, US)

gbhackers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 192.0.77.2 (United States) 8 redirects

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh5.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.32 (United States)

ASN2635 (AUTOMATTIC, US)

jetpack.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.84 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

api.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f030:f:face:b00c:0:2 (France)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN- ()

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN- ()

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN- ()

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 192.0.77.32 (United States)

ASN- ()
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f3.1e100.net

p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.23 (United States)

ASN- ()

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 2 redirects

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:51e4:db4b:4436:b305 (United States) 1 redirects

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.80.199.35 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 142.250.185.130 (United States)

ASN- ()
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.67.61 (Kansas City, United States)

ASN- ()

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.189.115 (United Kingdom) 5 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.138 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.194.125 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.182.200.20 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: gcm6.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2012 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-565384-i1-v6exp3.ds.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.82 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f18.1e100.net

p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-565384-i2-v6exp3.v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	354 KB
34	doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	208 KB
24	gstatic.com fonts.gstatic.com p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com www.gstatic.com p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-565384-i1-v6exp3.ds.metric.gstatic.com p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-565384-i2-v6exp3.v4.metric.gstatic.com	321 KB
23	gbhackers.com gbhackers.com	313 KB
20	wp.com 8 redirects i0.wp.com i1.wp.com i2.wp.com stats.wp.com pixel.wp.com s0.wp.com	81 KB
11	blogspot.com 1.bp.blogspot.com	1 MB
8	google.com 3 redirects adservice.google.com www.google.com	567 B
6	googletagservices.com www.googletagservices.com	192 KB
5	pubmatic.com 5 redirects image6.pubmatic.com	2 KB
4	googleapis.com fonts.googleapis.com	3 KB
3	rubiconproject.com 3 redirects pixel.rubiconproject.com	1 KB
3	openx.net 3 redirects rtb.openx.net	998 B
3	mookie1.com odr.mookie1.com	1 KB
3	quantserve.com 1 redirects cms.quantserve.com	1007 B
2	rlcdn.com 2 redirects id.rlcdn.com	868 B
2	everesttech.net 2 redirects pixel.everesttech.net	750 B
2	google.de adservice.google.de	435 B
2	google-analytics.com www.google-analytics.com	19 KB
2	wordpress.com jetpack.wordpress.com public-api.wordpress.com	9 KB
2	gravatar.com secure.gravatar.com 1.gravatar.com	6 KB
1	gemius.pl 1 redirects googlecm.hit.gemius.pl	336 B
1	agkn.com 1 redirects d.agkn.com	761 B
1	googleadservices.com partner.googleadservices.com	407 B
1	facebook.com graph.facebook.com	661 B
1	pinterest.com api.pinterest.com	378 B
1	onesignal.com cdn.onesignal.com	3 KB
1	googleusercontent.com lh5.googleusercontent.com	162 KB
1	googletagmanager.com www.googletagmanager.com	35 KB
1	t.co t.co	443 B
179	29

	Domain	Requested by
23	gbhackers.com	t.co gbhackers.com
22	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
17	cm.g.doubleclick.net	gbhackers.com googleads.g.doubleclick.net
17	fonts.gstatic.com	fonts.googleapis.com
16	pagead2.googlesyndication.com	gbhackers.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
15	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
11	1.bp.blogspot.com	gbhackers.com
7	s0.wp.com	jetpack.wordpress.com s0.wp.com public-api.wordpress.com
6	www.google.com	3 redirects googleads.g.doubleclick.net
6	www.googletagservices.com	gbhackers.com pagead2.googlesyndication.com googleads.g.doubleclick.net
5	image6.pubmatic.com	5 redirects
4	i0.wp.com	3 redirects gbhackers.com
4	fonts.googleapis.com	gbhackers.com googleads.g.doubleclick.net
3	pixel.rubiconproject.com	3 redirects
3	rtb.openx.net	3 redirects
3	odr.mookie1.com	googleads.g.doubleclick.net
3	cms.quantserve.com	1 redirects googleads.g.doubleclick.net
3	www.gstatic.com	googleads.g.doubleclick.net
3	pixel.wp.com	gbhackers.com
3	i1.wp.com	3 redirects
2	id.rlcdn.com	2 redirects
2	pixel.everesttech.net	2 redirects
2	p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	i2.wp.com	2 redirects
1	p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-565384-i2-v6exp3.v4.metric.gstatic.com
1	p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-565384-i1-v6exp3.ds.metric.gstatic.com
1	googlecm.hit.gemius.pl	1 redirects
1	d.agkn.com	1 redirects
1	public-api.wordpress.com	jetpack.wordpress.com
1	1.gravatar.com	jetpack.wordpress.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	graph.facebook.com	gbhackers.com
1	api.pinterest.com	gbhackers.com
1	securepubads.g.doubleclick.net	www.googletagservices.com
1	jetpack.wordpress.com	gbhackers.com
1	stats.wp.com	gbhackers.com
1	cdn.onesignal.com	gbhackers.com
1	secure.gravatar.com	gbhackers.com
1	lh5.googleusercontent.com	gbhackers.com
1	www.googletagmanager.com	gbhackers.com
1	t.co
179	45

This site contains links to these domains. Also see Links.

Domain
digg.com
www.facebook.com
plus.google.com
www.linkedin.com
feeds.feedburner.com
twitter.com
techincidents.com
kalilinuxtutorials.com
ethicalhackersacademy.com
bit.ly
i0.wp.com
bi-zone.medium.com
www.gbhackers.com

Subject Issuer	Validity	Valid
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-12` - `2021-08-12`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
misc-sni.blogspot.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-12` - `2022-11-14`	2 years	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2020-07-16` - `2021-08-04`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.ds.metric.gstatic.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.v4.metric.gstatic.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh

This page contains 21 frames:

Primary Page: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
Frame ID: 6DDF100E4114348970E45EC4CCDF6EE4
Requests: 77 HTTP requests in this frame

Frame: https://jetpack.wordpress.com/jetpack-comment/?blogid=116523949&postid=49573&comment_registration=0&require_name_email=1&stc_enabled=0&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=8.4.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=9681a058ed28dc3d403d4e86940cd114e6f1ae9d
Frame ID: 083F4C87506C3552040AC40B40B5E2B2
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210511/r20190131/zrt_lookup.html
Frame ID: 9138EC165FE757BBA2B67D3E88C95A1B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8834194653550774&output=html&h=600&slotname=3739790355&adk=1157797212&adf=3742738727&pi=t.ma~as.3739790355&w=160&lmt=1621253398&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398595&bpp=15&bdt=481&idt=365&shv=r20210511&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1440&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nEFIvxzzTN&p=https%3A//gbhackers.com&dtd=397
Frame ID: 2D6340A867108ACD2DAEF77F4959E58F
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=280&slotname=8042110665&adk=772156370&adf=815780160&pi=t.ma~as.8042110665&w=696&fwrn=4&fwrnh=100&lmt=1621253399&rafmt=1&psa=0&format=696x280&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398688&bpp=29&bdt=574&idt=337&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=266&ady=480&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=doas2SqEUu&p=https%3A//gbhackers.com&dtd=350
Frame ID: 17E3CD3ACB02B44E406E95A132DCF2C2
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=1238950596&adk=1685320399&adf=172511590&pi=t.ma~as.1238950596&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398717&bpp=2&bdt=604&idt=371&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=1365&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=6NXkeUWmfA&p=https%3A//gbhackers.com&dtd=375
Frame ID: 56BEB3A3EA8291C5A4C0AB2330C4469D
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=2715683798&adk=3586715749&adf=1368364605&pi=t.ma~as.2715683798&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398719&bpp=1&bdt=606&idt=377&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280%2C300x250&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=2368&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9UpxQZ1VAq&p=https%3A//gbhackers.com&dtd=382
Frame ID: 41E6CF59EE2919AB050C6ADBACD01419
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: BFF8909DFCFFB458BC1B8A96B368E1A3
Requests: 2 HTTP requests in this frame

Frame: https://p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: B6D4214A3526C362AAA0FA953411476A
Requests: 4 HTTP requests in this frame

Frame: https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fjetpack.wordpress.com&color_scheme=light
Frame ID: B23D05A68DD0B3CF22201A8D9F566337
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js
Frame ID: DAE85AE06CA768D4645C946CB4DB6893
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 8D8B81595304148F2D323DC4D38DEF42
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B1FDE6C29E02234E2197A2210DD68F4A
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EDC844E1C805AD96FCFD52E69ADFA332
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js
Frame ID: 554722D5B1AB1B3A4CE6CFD48C0B4AFA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: E71F3807505644ED288975153AAD992A
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 45F41B1D9D3751C90566101388DE29DB
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js
Frame ID: D61C80300DF54F2C720D5986461ED5C9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8834194653550774&output=html&adk=1812271804&adf=3025194257&lmt=1621253400&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253400541&bpp=2&bdt=2427&idt=2&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1d2aa1ccf8342db3-22a2241917c80053%3AT%3D1621253399%3ART%3D1621253399%3AS%3DALNI_MbwrrZ362jiL3FSGRxfvhlGZK_D4g&prev_fmts=696x280%2C300x250%2C300x250&prev_slotnames=3739790355&nras=1&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&psts=AGkb-H89CcB4GxNZxd1gIuxBd7Jc0BoFRmlBYeNIzY2ISYvx5Qj80oK8QlpSbAsixeiys3_T0Id4nF0L0w&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&ifi=5&uci=a!5&fsb=1&dtd=12
Frame ID: DBD75F52764E2C8D389702B00BA45780
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js
Frame ID: 436FF01A8EF58CC1B6412967CDC83218
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: D3181B08B58603D5EBD34A7DDB1660EF
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/gMLeqraBgF Page URL
https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/ Page URL

Page Statistics

179
Requests

99 %
HTTPS

55 %
IPv6

29
Domains

45
Subdomains

35
IPs

6
Countries

3097 kB
Transfer

6360 kB
Size

6
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: http://digg.com/u/GBHackersOnSecurity
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/gbhackersadmin
Title:

Search URL Search Domain Scan URL

URL: https://plus.google.com/u/0/100293610970932245878
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/gbhackers
Title:

Search URL Search Domain Scan URL

URL: http://feeds.feedburner.com/gbhackers
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/gbhackers_news
Title:

Search URL Search Domain Scan URL

URL: https://techincidents.com/
Title: TECH

Search URL Search Domain Scan URL

URL: https://kalilinuxtutorials.com/
Title: TOOLS

Search URL Search Domain Scan URL

URL: https://ethicalhackersacademy.com/
Title: Courses

Search URL Search Domain Scan URL

URL: https://bit.ly/33fHxr1
Title:

Search URL Search Domain Scan URL

URL: https://i0.wp.com/1.bp.blogspot.com/-MnfduDaBgTQ/YKId_VMoaWI/AAAAAAAANIs/rynMpIFmN-M3GFEmvchBbP1PietULHHFwCLcBGAsYHQ/s16000/fin7.png?ssl=1

Search URL Search Domain Scan URL

URL: https://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319
Title: detected

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/gbhackers/
Title: Linkedin

Search URL Search Domain Scan URL

URL: http://www.gbhackers.com/
Title: http://www.gbhackers.com

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Balaji-N-1843502945937428/
Title:

Search URL Search Domain Scan URL

URL: https://plus.google.com/u/0/102334546211876805322
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/balaji-gbhackers
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/balaji_gbh
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/gMLeqraBgF Page URL
https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://i0.wp.com/1.bp.blogspot.com/-MnfduDaBgTQ/YKId_VMoaWI/AAAAAAAANIs/rynMpIFmN-M3GFEmvchBbP1PietULHHFwCLcBGAsYHQ/s16000/fin7.png?w=696&ssl=1 HTTP 302
https://1.bp.blogspot.com/-MnfduDaBgTQ/YKId_VMoaWI/AAAAAAAANIs/rynMpIFmN-M3GFEmvchBbP1PietULHHFwCLcBGAsYHQ/s16000/fin7.png

Request Chain 24

https://i1.wp.com/1.bp.blogspot.com/-oxwS6knOVFE/XvB5z8MpgYI/AAAAAAAAJYo/Necs1uQ7fmUnpAo7jCtWT_-VwAKP8FlegCLcBGAsYHQ/s1600/Certified%2BMalware%2BAnalyst.png?ssl=1 HTTP 302
https://1.bp.blogspot.com/-oxwS6knOVFE/XvB5z8MpgYI/AAAAAAAAJYo/Necs1uQ7fmUnpAo7jCtWT_-VwAKP8FlegCLcBGAsYHQ/s1600/Certified+Malware+Analyst.png

Request Chain 25

https://i2.wp.com/1.bp.blogspot.com/-_1TPDfZ9k9o/YJTZAkNPRTI/AAAAAAAAM9A/gb7YmRIT9WAlxH2v84R3OiViRfOKUHXLACLcBGAsYHQ/s16000/UNC2529%2BHacking%2BGroup.PNG?ssl=1 HTTP 302
https://1.bp.blogspot.com/-_1TPDfZ9k9o/YJTZAkNPRTI/AAAAAAAAM9A/gb7YmRIT9WAlxH2v84R3OiViRfOKUHXLACLcBGAsYHQ/s16000/UNC2529+Hacking+Group.PNG

Request Chain 26

https://i0.wp.com/1.bp.blogspot.com/-DouOOO10b8k/YI4an-qamUI/AAAAAAAAM4w/mYw0HUpa4gw8xLAxF34H11frucd2Sbs8gCLcBGAsYHQ/s16000/Hackers%2BAbuse%2BExcel%2B4.0%2Bmacros%2Bto%2BDeliver%2Bmalware%2Bsuch%2Bas%2BZLoader%2Band%2BQuakbot.png?ssl=1 HTTP 302
https://1.bp.blogspot.com/-DouOOO10b8k/YI4an-qamUI/AAAAAAAAM4w/mYw0HUpa4gw8xLAxF34H11frucd2Sbs8gCLcBGAsYHQ/s16000/Hackers+Abuse+Excel+4.0+macros+to+Deliver+malware+such+as+ZLoader+and+Quakbot.png

Request Chain 30

https://i1.wp.com/1.bp.blogspot.com/-h2qDwE6pNtI/XkhHw_4VRdI/AAAAAAAAHhY/jbJG8PxbSlMzMhll5XScn6bUL__cBJp9gCLcBGAsYHQ/s1600/10%2BBest%2BFree%2BFirewall%2BSoftware%2B2020.png?ssl=1 HTTP 302
https://1.bp.blogspot.com/-h2qDwE6pNtI/XkhHw_4VRdI/AAAAAAAAHhY/jbJG8PxbSlMzMhll5XScn6bUL__cBJp9gCLcBGAsYHQ/s1600/10+Best+Free+Firewall+Software+2020.png

Request Chain 31

https://i0.wp.com/1.bp.blogspot.com/-pP9RTrREWBM/YIGs6KxWn3I/AAAAAAAAMrU/3ciyYNJNVfkAfgopgp6eIdpb_iFVNC8twCLcBGAsYHQ/s16000/hacking-3112539_960_720.png?ssl=1 HTTP 302
https://1.bp.blogspot.com/-pP9RTrREWBM/YIGs6KxWn3I/AAAAAAAAMrU/3ciyYNJNVfkAfgopgp6eIdpb_iFVNC8twCLcBGAsYHQ/s16000/hacking-3112539_960_720.png

Request Chain 32

https://i2.wp.com/1.bp.blogspot.com/-SYKZsnTA8IU/YIGnvdkyKUI/AAAAAAAAMrM/qtnpvMsTyfYKHExCTQASnbHk6iJMkhDxQCLcBGAsYHQ/s16000/Pulse%2BSecure%2BVPN.png?ssl=1 HTTP 302
https://1.bp.blogspot.com/-SYKZsnTA8IU/YIGnvdkyKUI/AAAAAAAAMrM/qtnpvMsTyfYKHExCTQASnbHk6iJMkhDxQCLcBGAsYHQ/s16000/Pulse+Secure+VPN.png

Request Chain 33

https://i1.wp.com/1.bp.blogspot.com/-TfknOEjDMSg/XSfZbAsNEWI/AAAAAAAAC4I/qHfxlFPKxccMNfgrfkdxKFRHEsERooH-wCLcBGAs/s1600/sCuCS1562894148-compressor.jpg?ssl=1 HTTP 302
https://1.bp.blogspot.com/-TfknOEjDMSg/XSfZbAsNEWI/AAAAAAAAC4I/qHfxlFPKxccMNfgrfkdxKFRHEsERooH-wCLcBGAs/s1600/sCuCS1562894148-compressor.jpg

Request Chain 96

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 136

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUKdS6-00oJOBwsvbbendqiOHGleLByCZxSulJF7YBmhOXxMb11Voi7G17_6rCFinCFN2XVjuQxR3zrpCn0WEc0F2bPcdtSE&google_gid=CAESENq3_8z4LA1o3QxXmUOPwkI&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtKZEdBQUFCRXlQZzJhZw&google_push=AQvitUKdS6-00oJOBwsvbbendqiOHGleLByCZxSulJF7YBmhOXxMb11Voi7G17_6rCFinCFN2XVjuQxR3zrpCn0WEc0F2bPcdtSE

Request Chain 138

https://rtb.openx.net/sync/dds?google_gid=CAESEEmzXYEVFX-BIRqIG5M6Waw&google_cver=1&google_push=AQvitUJ2AO1R1UMvB1sXVJ6LFRN2QC3aPvyNjqmfiMBHASaPJ4x3MubWHzjquVf0ukBJRfOLqGaSGz378I2cZLAOB1AV8OYPP29x HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEEmzXYEVFX-BIRqIG5M6Waw&google_cver=1&google_push=AQvitUJ2AO1R1UMvB1sXVJ6LFRN2QC3aPvyNjqmfiMBHASaPJ4x3MubWHzjquVf0ukBJRfOLqGaSGz378I2cZLAOB1AV8OYPP29x&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ2AO1R1UMvB1sXVJ6LFRN2QC3aPvyNjqmfiMBHASaPJ4x3MubWHzjquVf0ukBJRfOLqGaSGz378I2cZLAOB1AV8OYPP29x&google_hm=v5fMemhVwnwdGZ1qymmGEw==

Request Chain 139

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJuMak-JZkLuIikMeJdf84I&google_cver=1&google_push=AQvitUIJ-Hu-XLYCAVDrykBi8eJo0-TTclV3o984ak0aDwuoyFUDx7JHxINOLgt2gJr2XMb4LRhTG0kfueBa7bmPsnQnYpD68kHr HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJuMak-JZkLuIikMeJdf84I&google_cver=1&google_push=AQvitUIJ-Hu-XLYCAVDrykBi8eJo0-TTclV3o984ak0aDwuoyFUDx7JHxINOLgt2gJr2XMb4LRhTG0kfueBa7bmPsnQnYpD68kHr&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=OsMrSOseThK-__SVOEJuAA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUIJ-Hu-XLYCAVDrykBi8eJo0-TTclV3o984ak0aDwuoyFUDx7JHxINOLgt2gJr2XMb4LRhTG0kfueBa7bmPsnQnYpD68kHr

Request Chain 140

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIidZanZFJg3Afp0iUImRkU&google_cver=1&google_push=AQvitULP2sCJS-T6LdvURyp7vZtuXBoW0GNdeO-hXnbRDKJZtD3W2eT0WyJaMY10Dp4tBBNmEphygHF_0RYOYC3Tv9o3zxgeSvg8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09TS0VYVjAtMTAtOVRORw==&google_push=AQvitULP2sCJS-T6LdvURyp7vZtuXBoW0GNdeO-hXnbRDKJZtD3W2eT0WyJaMY10Dp4tBBNmEphygHF_0RYOYC3Tv9o3zxgeSvg8

Request Chain 141

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_tc=

Request Chain 144

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 149

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUJBTcIdKB4e725K7-4JR2kMpeByOU5mpdw5HaC6-BcNA9YZP9k54VIsCyzQV6DPyxxI3w_OBt5yzgzKe5If1LYATdbydQ&google_gid=CAESEGMiI4S1jEOpmG88gUSfS_Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtKZEdBQUFBUGxVTDNBbA&google_push=AQvitUJBTcIdKB4e725K7-4JR2kMpeByOU5mpdw5HaC6-BcNA9YZP9k54VIsCyzQV6DPyxxI3w_OBt5yzgzKe5If1LYATdbydQ

Request Chain 150

https://d.agkn.com/pixel/2175/?google_gid=CAESEEDtWOMk1zFAnGQIFLVCtpQ&google_cver=1&google_push=AQvitUJWwQWGukHnBC5F8IhctAZOiSKNGpszN4ctZNJ9W9pyF7_mjNjr_4ZmCvr-bxHnMdXi84VZOLs4zzmBPe8UX8LSLNWjug HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJWwQWGukHnBC5F8IhctAZOiSKNGpszN4ctZNJ9W9pyF7_mjNjr_4ZmCvr-bxHnMdXi84VZOLs4zzmBPe8UX8LSLNWjug&google_hm=Q0FFU0VFRHRXT01rMXpGQW5HUUlGTFZDdHBR

Request Chain 152

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEH4CqLYQUeF2odz8RaUa7CM&google_cver=1&google_push=AQvitUJH8n8VEpqZpexhB4BOeF9mqWR_E4P-4CbGMxZSnARX5vEkPs6kWij1VAKqEdgqcG65VK0HG2lenZnzeUs5L--XLZmDm10 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEH4CqLYQUeF2odz8RaUa7CM&google_cver=1&google_push=AQvitUJH8n8VEpqZpexhB4BOeF9mqWR_E4P-4CbGMxZSnARX5vEkPs6kWij1VAKqEdgqcG65VK0HG2lenZnzeUs5L--XLZmDm10&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PgNN3C80S5i_tD-Sc3e8zg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJH8n8VEpqZpexhB4BOeF9mqWR_E4P-4CbGMxZSnARX5vEkPs6kWij1VAKqEdgqcG65VK0HG2lenZnzeUs5L--XLZmDm10

Request Chain 153

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEOkP6sI2zLcBo8zm0cGYJGg&google_cver=1&google_push=AQvitUJlxsYhGBfu1xQ6zuXRXVW7jXq7Qp1GuLD83vn4WU2HYf1lYX_5B839ai4syfIoTb2DcT8CMpLs1od40NgGdJpjtcUwenw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09TS0VYVzItMVotMUNI&google_push=AQvitUJlxsYhGBfu1xQ6zuXRXVW7jXq7Qp1GuLD83vn4WU2HYf1lYX_5B839ai4syfIoTb2DcT8CMpLs1od40NgGdJpjtcUwenw

Request Chain 154

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEN-_KHCLbJjfAvb0Q80Dwng&google_cver=1&google_push=AQvitUILgtNnw_VuHme0pS1_eRPJYA3bGn98vCBe2byjjnb9InhlRiYKgZ76fT909MVUKvk80WNgExDlufy0YOMU_5L-Xnh38iYz HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUILgtNnw_VuHme0pS1_eRPJYA3bGn98vCBe2byjjnb9InhlRiYKgZ76fT909MVUKvk80WNgExDlufy0YOMU_5L-Xnh38iYz&google_hm=

Request Chain 164

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEFCToY0mei9TQBmIu9N2vv4&google_cver=1&google_push=AQvitULDpopPm3jtVfmc_4s_ujEEgJDwMzFq56PrXtFPnQx1HTNf2Nmhj9uIKQ8Hq2Cu1yyinjgc_f5NMRYcK4D_To3kg_GLqxnF HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULDpopPm3jtVfmc_4s_ujEEgJDwMzFq56PrXtFPnQx1HTNf2Nmhj9uIKQ8Hq2Cu1yyinjgc_f5NMRYcK4D_To3kg_GLqxnF&google_hm=LXDiVejX4KtSN0Mh28iLJA

Request Chain 165

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitULlYBC2K8WMRNXdbmBW35rTZ21XVjz4fgED3JmZnXBkFRNC0b3HHDKvymSWX1MHlyE5ixKBeLnzfKNFH0So1jIdu1eE_No&google_gid=CAESEJ0edXY5lGNwEE1bPsmhCbA&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJi6iYUGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BUXZpdFVMbFlCQzJLOFdNUk5YZGJtQlczNXJUWjIxWFZqejRmZ0VEM0ptWm5YQmtGUk5DMGIzSEhES3Z5bVNXWDFNSGx5RTVpeEtCZUxuemZLTkZIMFNvMWpJZHUxZUVfTm8 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwaHpIRmJ2TWtsMzFCdGRUc1NTdHRoWkQybmN2alloOWVZTnZ3ZjBHai1fVQ==&google_push

Request Chain 167

https://rtb.openx.net/sync/dds?google_gid=CAESEI9N3NDByF5dV3-nOAsod9g&google_cver=1&google_push=AQvitULcVwT-Elrk4td94_TIx3zrt8cTBrJdpoW8U4P7LOyYeTj3FSp_BdTfK6y-RLYSYLYt08YQOxOK-dsTqruu9FrIqg0FUXU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULcVwT-Elrk4td94_TIx3zrt8cTBrJdpoW8U4P7LOyYeTj3FSp_BdTfK6y-RLYSYLYt08YQOxOK-dsTqruu9FrIqg0FUXU&google_hm=v5fMemhVwnwdGZ1qymmGEw==

Request Chain 168

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEC69unYYiqv7Q6r3uwg5xO4&google_cver=1&google_push=AQvitUKwupwaYfjxNnANMTdIVApvI3cK9HtzPhHBxRO9SEb0VtAj6LZ_r4KIF4R9dOBUQqpBACp65smg5Kbev4S9EJ6Hb3yO4Hk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PgNN3C80S5i_tD-Sc3e8zg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKwupwaYfjxNnANMTdIVApvI3cK9HtzPhHBxRO9SEb0VtAj6LZ_r4KIF4R9dOBUQqpBACp65smg5Kbev4S9EJ6Hb3yO4Hk

Request Chain 169

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFlcg-hqLMjlRyQQ1AhIiHg&google_cver=1&google_push=AQvitULbpigeFAUt0Cec84QK10DATpx46g-h0HYo2Xsz80Mk_yVqLQQ0BIiIcI65Wik05_iQ-W0EwEQTmrNc6eOJxu4pfnwW-4I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09TS0VZMU4tMUItQVNJRQ==&google_push=AQvitULbpigeFAUt0Cec84QK10DATpx46g-h0HYo2Xsz80Mk_yVqLQQ0BIiIcI65Wik05_iQ-W0EwEQTmrNc6eOJxu4pfnwW-4I

Request Chain 170

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_cver=1&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc=

Request Chain 176

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

179 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 gMLeqraBgF Show response
t.co/ 438 B
443 B 128ms
127ms Document
text/html 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/gMLeqraBgF

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

10496f7285c31b514fffe3588561720ccd5a94e9a0b1ff7323529384132fe344

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

:method: GET
:authority: t.co
:scheme: https
:path: /gMLeqraBgF
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:56 GMT
vary: Origin
server: tsa_o
expires: Mon, 17 May 2021 12:14:57 GMT
set-cookie: muc=ae47678d-e106-4c5a-be2f-f098b33fb4c6; Max-Age=63072000; Expires=Wed, 17 May 2023 12:09:57 GMT; Domain=t.co; Secure; SameSite=None
content-type: text/html; charset=utf-8
cache-control: private,max-age=300
content-length: 222
content-encoding: gzip
x-xss-protection: 0
strict-transport-security: max-age=0
x-connection-hash: 8fc72fbd1c1b638ad74d1b12d2ac2656e5cb478830b3f5fda71c7af5d5944d67

GET
H2 200 Primary Request / Show response
gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/ 128 KB
26 KB 683ms
666ms Document
text/html 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Requested by

Host: t.co
URL: https://t.co/gMLeqraBgF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ad88e456c895ce5fe8f1a28b5968a31f03049a5191501ab139d26fa5dd12b0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: gbhackers.com
:scheme: https
:path: /apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://t.co/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://t.co/

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-type: text/html; charset=UTF-8
x-pingback: https://gbhackers.com/xmlrpc.php
x-mod-pagespeed: 1.13.35.2-0
cache-control: max-age=0, no-cache, must-revalidate
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-varnish: 37799681
age: 0
x-cache: MISS
cf-cache-status: DYNAMIC
cf-request-id: 0a1bd4b3c50000d6edf1a81000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0oI2YXdMv9jXMvABU6YBB2EvdQvp0xRz3ocBVuAf6Lag60cVv6F2BaPWsHaP2POFk0sbVWn3lcLiET%2FIRticUSFTfpFNdrxu7pHwvYe%2BeDo3t6RGEB0hwm3z"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 650cbd660fbed6ed-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3-29 200 style.min.css
gbhackers.com/wp-includes/css/dist/block-library/ 52 KB
8 KB 31ms
15ms Stylesheet
text/css 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-includes/css/dist/block-library/style.min.css?ver=4cc0e90e607ad87706fb34633047a82d

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96a2fc04e5f82d1b6fed397c6954cecd40fbb8383d422a4d39f3ab7d0687693a

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=4cc0e90e607ad87706fb34633047a82d
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 53593
x-xss-protection: 1; mode=block
age: 2098467
cf-ray: 650cbd6a5af605bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b678000005bf1386f000000001
server: cloudflare
etag: W/"PSA-aj-_93gOJAMuK"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OjI%2B6lZnEXZNpY5CxSZdewQ4AKpnabGnhSlMfC9LjVl%2FELuk8sqDwJKz0DZHQEKz2%2B7hrWW0kAUIXShs9K%2B3%2FRwX4sTl673wySYv4uDA4cmFYUoiEd9%2FQPTb"}],"group":"cf-nel","max_age":604800}
x-varnish: 1346794
vary: Accept-Encoding
cache-control: public, max-age=2591725
content-type: text/css
expires: Wed, 05 May 2021 16:32:55 GMT

GET
H3-29 200 email-subscribers-public.css
gbhackers.com/wp-content/plugins/email-subscribers/lite/public/css/ 1 KB
1 KB 32ms
17ms Stylesheet
text/css 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/plugins/email-subscribers/lite/public/css/email-subscribers-public.css?ver=4.4.4

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8d22757b5d6d70bb4a66040eb6ba44389922a08c588e4e46f14ec141e028540

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/email-subscribers/lite/public/css/email-subscribers-public.css?ver=4.4.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 1822
x-xss-protection: 1; mode=block
age: 2098466
cf-polished: origSize=1300
cf-ray: 650cbd6a5af805bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b678000005bf6586f000000001
cf-bgj: minify
server: cloudflare
etag: W/"PSA-aj-P_IhAR--LJ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hCrSRc%2Fz1XyScSItuoBzrwuhxVWlGAgWMDyNtXwddNWbVShTTSOpOh%2FDtXdiOJGiNPUqhmpYA37s3qrge11ISgIheIxiXR1JBNlOXjE30JgUGDxVbHqU%2ByGm"}],"group":"cf-nel","max_age":604800}
x-varnish: 1607315
vary: Accept-Encoding
cache-control: public, max-age=2591725
content-type: text/css
expires: Wed, 05 May 2021 16:32:55 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 26 KB
1 KB 27ms
24ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700%2C900%7COpen+Sans%3A300italic%2C400%2C400italic%2C600%2C600italic%2C700%7CDroid+Sans%3A400&ver=8.5.1

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

49daa62f238b139bba874e6d5e6309dead5f3a7dac4acd17b605443fec10f66b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 May 2021 12:09:58 GMT
server: ESF
date: Mon, 17 May 2021 12:09:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 May 2021 12:09:58 GMT

GET
H3-29 200 default.min.css
gbhackers.com/wp-content/plugins/tablepress/css/ 5 KB
3 KB 39ms
25ms Stylesheet
text/css 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.11

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/tablepress/css/default.min.css?ver=1.11
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 207176
cf-ray: 650cbd6a5afa05bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b678000005bf09314000000001
last-modified: Tue, 14 Apr 2020 02:59:37 GMT
server: cloudflare
etag: W/"322034-13e4-5a33763e180f0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9l%2BxT9YXYQuaOGDH5SPTLasLi%2FSs580cRyHXCTSNAyxVgws9dgEnVf8i30UR0wVbmXhRYEuFxW7XUwaGSRaK65xWgRkI6Mu6psTgSbw7dOzIJyNLPRqB6Gas"}],"group":"cf-nel","max_age":604800}
x-varnish: 1673062
x-xss-protection: 1; mode=block
cache-control: public, max-age=2592000, s-maxage=10
content-type: text/css
expires: Fri, 13 Aug 2021 02:34:50 GMT

GET
H3-29 200 js_composer.min.css
gbhackers.com/wp-content/plugins/js_composer/assets/css/ 474 KB
40 KB 45ms
31ms Stylesheet
text/css 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.5.2

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2e44fde0f87b83dec6b41a9526aea2db66628d4bdfda550d6631f1504963e92

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.5.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 481374
x-xss-protection: 1; mode=block
age: 2098467
cf-ray: 650cbd6a5afb05bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b678000005bf03bfc000000001
server: cloudflare
etag: W/"PSA-aj-DyPxzs0pAP"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=R5pZdzf9CYnbVzgd9Xzz%2FFJ7rz9rkIQDtBWU%2FW1KV%2FspHXc4L6v9yJjMhzMfyKZ7PvB8yQCNsH8HfrxHb1l%2FVOUSqZN3YQue96AhxH072Z%2BXHZqmAILyoiO%2B"}],"group":"cf-nel","max_age":604800}
x-varnish: 2328236
vary: Accept-Encoding
cache-control: public, max-age=2569433
content-type: text/css
expires: Wed, 05 May 2021 10:21:24 GMT

GET
H3-29 200 style.css
gbhackers.com/wp-content/themes/Newspaper/ 859 KB
86 KB 40ms
25ms Stylesheet
text/css 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/themes/Newspaper/style.css?ver=8.5.1

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc1c9310b4e7ce78149bfc5a27a511c73fe3b83f1345bafb62d7a94f484e2151

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/themes/Newspaper/style.css?ver=8.5.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 1112087
x-xss-protection: 1; mode=block
age: 2098466
cf-polished: origSize=884995
cf-ray: 650cbd6a5afc05bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b67a000005bf8d28e000000001
cf-bgj: minify
server: cloudflare
etag: W/"PSA-aj-pulD_dW8Vv"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4ip4g8RICRwqUk%2BJ0%2FwdkPOfwmC3kgj9Wo02UVwyqwULcjzBvvqbv59oQYGypn0uAGvjRA78%2BYe7IP%2Ft4RMQ29GttZAfoEfjxgmTXwg4%2BwwAaJbERPz%2Bec%2Fx"}],"group":"cf-nel","max_age":604800}
x-varnish: 1347129
vary: Accept-Encoding
cache-control: public, max-age=2591198
content-type: text/css
expires: Wed, 05 May 2021 16:32:55 GMT

GET
H3-29 200 demo_style.css
gbhackers.com/wp-content/themes/Newspaper/includes/demos/sport/ 284 B
791 B 57ms
42ms Stylesheet
text/css 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/themes/Newspaper/includes/demos/sport/demo_style.css?ver=8.5.1

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

033ac4de550c02006f3ad635fab1d85fe4c08179481725a25c14862b503a1912

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/themes/Newspaper/includes/demos/sport/demo_style.css?ver=8.5.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 544
x-xss-protection: 1; mode=block
age: 2098466
cf-ray: 650cbd6a5b0405bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b67a000005bf458a2000000001
cf-bgj: minify
server: cloudflare
etag: W/"PSA-aj-67kD1uWlVx"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=65ykX37P3nRfK0LdZ1GQB7%2BOr30y1BfKmiTNNoWbgVG9Z2UUbSnMe9FCLXHKRKMP62yzr4anfFgXX1URS08e2hCvPjANFWyYZArU8ScvjHCYdXHzWSC%2BXUS2"}],"group":"cf-nel","max_age":604800}
x-varnish: 951459
vary: Accept-Encoding
cache-control: public, max-age=2591725
content-type: text/css
expires: Wed, 05 May 2021 16:32:55 GMT

GET
H3-29 200 social-logos.min.css
gbhackers.com/wp-content/plugins/jetpack/_inc/social-logos/ 26 KB
19 KB 57ms
43ms Stylesheet
text/css 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/plugins/jetpack/_inc/social-logos/social-logos.min.css?ver=1

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e1ced1bd0736a56a0c44fd7b3bf8134850398ecddd52a0f5e6e437c5d527999

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/jetpack/_inc/social-logos/social-logos.min.css?ver=1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 207250
cf-ray: 650cbd6a5b0605bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b67b000005bf9e9ab000000001
last-modified: Tue, 14 Apr 2020 03:01:28 GMT
server: cloudflare
etag: W/"233cbb-6866-5a3376a7c5de6-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iGzWejGv8KFg4xviPylAe4N8LiR4uZcM%2B2xXwe61Tqufg%2BzgkhQx5fQl0VzTZbKY1pH%2FwqoZfOtzMEvUO9XM29tfb5UIxNznqdYAL7PFQGrJduj6aSBlEh9l"}],"group":"cf-nel","max_age":604800}
x-varnish: 1673068
x-xss-protection: 1; mode=block
cache-control: public, max-age=2592000, s-maxage=10
content-type: text/css
expires: Fri, 13 Aug 2021 02:33:52 GMT

GET
H3-29 200 jetpack.css
gbhackers.com/wp-content/plugins/jetpack/css/ 73 KB
13 KB 58ms
43ms Stylesheet
text/css 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/plugins/jetpack/css/jetpack.css?ver=8.4.1

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d14b906e1458386885199c244b317e1080d48079dc4f3371ef126f4fcb89e988

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/jetpack/css/jetpack.css?ver=8.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 74081
x-xss-protection: 1; mode=block
age: 2098466
cf-polished: origSize=74498
cf-ray: 650cbd6a5b0705bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b67b000005bf119fc000000001
cf-bgj: minify
server: cloudflare
etag: W/"PSA-aj-9TmDGULRZE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NBSuh74YIEDdnHExK5w5yEaKEa2A1i2Hi%2B7tK0WW9RDVWPLQ%2FU0eOadWPOi8TQieosephSZQyrqf2nfRP44YRHIjniDtsIiOzvWLO1TzfgUZyl80JzbMw3JF"}],"group":"cf-nel","max_age":604800}
x-varnish: 1673113
vary: Accept-Encoding
cache-control: public, max-age=2590250
content-type: text/css
expires: Wed, 05 May 2021 16:06:25 GMT

GET
H3-29 200 jquery.js Show response
gbhackers.com/wp-includes/js/jquery/ 95 KB
32 KB 58ms
44ms Script
application/javascript 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d08fdf960890b4f7662bad35400a8464627110622652b944445b4a4ab32c01cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 96873
x-xss-protection: 1; mode=block
age: 2098466
cf-ray: 650cbd6a5b0905bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b67b000005bf93b86000000001
cf-bgj: minify
server: cloudflare
etag: W/"PSA-aj-gp20iU5FlU"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JQfICW3mWhSo8gnEQqCjN8f%2Bag7oFxGcrVtbtTAWT7Udn51COpnlrFMMudLMW2VUa4Dw6gI1Rw2IQaICGP0%2F0Cs%2BYpOy6J0skDpOpmJ%2B%2B5XvYiOTI7SMJi3O"}],"group":"cf-nel","max_age":604800}
x-varnish: 1935866
vary: Accept-Encoding
cache-control: public, max-age=2591725
content-type: application/javascript
expires: Wed, 05 May 2021 16:32:56 GMT

GET
H3-29 200 jquery-migrate.min.js Show response
gbhackers.com/wp-includes/js/jquery/ 10 KB
4 KB 31ms
17ms Script
application/javascript 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01ebeb3fcdc269ef402f29f9fba025d3266fcd5c54ae7bca44aaa7c2cf738d93

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 10056
x-xss-protection: 1; mode=block
age: 2098466
cf-ray: 650cbd6a5b0b05bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b67b000005bf02a73000000001
server: cloudflare
etag: W/"PSA-aj-C2obERNcWh"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=w9%2BaEzDwCMjjK2%2BtWryQWMe%2FJ6Yvdmc%2FdKZejbw1%2FwJKiHIETBle3xL2rKywFNRsDXHO9R52JyQh3au%2B0TK%2B197VPe%2FiOyOXR2og7fSUSL9TtRAi1xLPZW4V"}],"group":"cf-nel","max_age":604800}
x-varnish: 1607318
vary: Accept-Encoding
cache-control: public, max-age=2591725
content-type: application/javascript
expires: Wed, 05 May 2021 16:32:56 GMT

GET
H3-29 200 email-subscribers-public.js Show response
gbhackers.com/wp-content/plugins/email-subscribers/lite/public/js/ 2 KB
1 KB 30ms
16ms Script
application/javascript 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/plugins/email-subscribers/lite/public/js/email-subscribers-public.js?ver=4.4.4

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fbe809775a3a3199624d023fb474484d89b9a4c48f1585f1eac8dbb53b5b9be

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/email-subscribers/lite/public/js/email-subscribers-public.js?ver=4.4.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 3544
x-xss-protection: 1; mode=block
age: 2098466
cf-ray: 650cbd6a5b0d05bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b67b000005bf9baac000000001
cf-bgj: minify
server: cloudflare
etag: W/"PSA-aj-SZWxqyGU4m"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=M%2F%2BI4X4khigu1a0XUGhFIS2NNP8gc1i%2BLEM9B8r0q1flACpcGH0RWpy4Sz72h3mHje8YEs%2B9Mh7fOH2Mwi%2FslRd5UtlWcu92IkjtVtJNj33yalwilDi1254n"}],"group":"cf-nel","max_age":604800}
x-varnish: 198314
vary: Accept-Encoding
cache-control: public, max-age=2591725
content-type: application/javascript
expires: Wed, 05 May 2021 16:32:56 GMT

GET
H3-29 200 wp-emoji-release.min.js Show response
gbhackers.com/wp-includes/js/ 13 KB
5 KB 21ms
15ms Script
application/javascript 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-includes/js/wp-emoji-release.min.js?ver=4cc0e90e607ad87706fb34633047a82d

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1820ff4e7bde396510b5a0f38900029400a051e4a11d960646cca97d4e7445f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=4cc0e90e607ad87706fb34633047a82d
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 13901
x-xss-protection: 1; mode=block
age: 2098466
cf-ray: 650cbd6aec8105bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b6d1000005bf5c089000000001
server: cloudflare
etag: W/"PSA-aj-n7WRPF4oRE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fvlW3O2aDPn8NJDdOblzTbKB1yIqoInc%2FJQ9F6X9x%2Bz5S0snjdOiVB8DOiPAZEfGVcmsX9YRcuGOmPFWEx8u2KoPGoT61d7%2B2oCW7Du8V5Hpyex6nHPxR1dh"}],"group":"cf-nel","max_age":604800}
x-varnish: 2167491
vary: Accept-Encoding
cache-control: public, max-age=2591724
content-type: application/javascript
expires: Wed, 05 May 2021 16:32:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 36ms
28ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-88811382-1

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0cbcbae1760f5f3c61d7dc97ffe2a86fcd19748ef86b3a5762150891207479e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35636
x-xss-protection: 0
expires: Mon, 17 May 2021 12:09:58 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 63 KB
21 KB 52ms
12ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4bf63af61eae56517944f32094187ba6082c7d29cfaac60064142769f57af1c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "874 / 91 of 1000 / last-modified: 1621249903"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21333
x-xss-protection: 0
expires: Mon, 17 May 2021 12:09:58 GMT

GET
H2 200 Ethical%2BTop%2Bbanner%2B%25281%2529.png
1.bp.blogspot.com/-hNcs9BCu1X8/XZrjNyr1RmI/AAAAAAAAEmg/jbHagFWnbFMK5ZA3sausuYJIJAqtyJ7kACLcBGAsYHQ/s1600/ 21 KB
21 KB 44ms
5ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-hNcs9BCu1X8/XZrjNyr1RmI/AAAAAAAAEmg/jbHagFWnbFMK5ZA3sausuYJIJAqtyJ7kACLcBGAsYHQ/s1600/Ethical%2BTop%2Bbanner%2B%25281%2529.png

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a389e6e3293a45b776d9b37cda9d39c09c26ff99c64ab17f9aab727a25dc1803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 08:25:31 GMT
x-content-type-options: nosniff
age: 13467
content-disposition: inline;filename="Ethical Top banner (1).png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21390
x-xss-protection: 0
server: fife
etag: "v1269"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 15 May 2021 14:25:45 GMT

GET
H2 200 IMG-20201011-WA0002.jpg
1.bp.blogspot.com/-nh3rRAX0-Is/X4QDajtzAgI/AAAAAAAAKwc/3-k4ASEg3bgUilXA1h-lPbSlzSpZAzmXwCLcBGAsYHQ/s16000/ 23 KB
23 KB 49ms
10ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-nh3rRAX0-Is/X4QDajtzAgI/AAAAAAAAKwc/3-k4ASEg3bgUilXA1h-lPbSlzSpZAzmXwCLcBGAsYHQ/s16000/IMG-20201011-WA0002.jpg

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

29b689fcdae866248a1e6d13b39fbf03a728c8253dcbea31d5dae5595c740d33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 08:55:54 GMT
x-content-type-options: nosniff
age: 11644
content-disposition: inline;filename="IMG-20201011-WA0002.jpg"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23147
x-xss-protection: 0
server: fife
etag: "v2b08"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 29 Apr 2021 11:50:23 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 142 KB
49 KB 31ms
24ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b87c086edf82604a1a5d4892ea8b121d480c6570d0ab7be8464322312e60c2a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49888
x-xss-protection: 0
server: cafe
etag: 503174456932000003
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 17 May 2021 12:09:58 GMT

GET
H3-29

200

fin7.png
1.bp.blogspot.com/-MnfduDaBgTQ/YKId_VMoaWI/AAAAAAAANIs/rynMpIFmN-M3GFEmvchBbP1PietULHHFwCLcBGAsYHQ/s16000/
Redirect Chain

https://i0.wp.com/1.bp.blogspot.com/-MnfduDaBgTQ/YKId_VMoaWI/AAAAAAAANIs/rynMpIFmN-M3GFEmvchBbP1PietULHHFwCLcBGAsYHQ/s16000/fin7.png?w=696&ssl=1
https://1.bp.blogspot.com/-MnfduDaBgTQ/YKId_VMoaWI/AAAAAAAANIs/rynMpIFmN-M3GFEmvchBbP1PietULHHFwCLcBGAsYHQ/s16000/fin7.png

276 KB
276 KB

35ms
20ms

Image
image/png

2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-MnfduDaBgTQ/YKId_VMoaWI/AAAAAAAANIs/rynMpIFmN-M3GFEmvchBbP1PietULHHFwCLcBGAsYHQ/s16000/fin7.png

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e8b15f91f0d85835c860490cfc761750ef1125ce7d277d6cc66fd8ce93635afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:08:58 GMT
x-content-type-options: nosniff
age: 60
content-disposition: inline;filename="fin7.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 283056
x-xss-protection: 0
server: fife
etag: "v348c"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 18 May 2021 07:53:42 GMT

Redirect headers

x-nc: EXPIRED hhn 3
date: Mon, 17 May 2021 12:09:58 GMT
server: nginx
location: https://1.bp.blogspot.com/-MnfduDaBgTQ/YKId_VMoaWI/AAAAAAAANIs/rynMpIFmN-M3GFEmvchBbP1PietULHHFwCLcBGAsYHQ/s16000/fin7.png
access-control-allow-methods: GET, HEAD
content-type: text/html
access-control-allow-origin: *
timing-allow-origin: *
content-length: 138

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 98 KB
34 KB 41ms
21ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6ca801945b37685030703be292721a016b24fe19db9412d4c48c1415bf22b79d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34624
x-xss-protection: 0
server: cafe
etag: 16663582932883417966
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 17 May 2021 12:09:58 GMT

GET
H2 200 URSTbNUBb--V-HZvUKOQ9UxRhEn7qj4CgFZOYOYLTdc4LRACYnOIEPZe2j1xHMtd7XBbBInzHz8REhBrEbKPwilECZFFFYdg0Ww3nBnRn_d7YLhSQW59K8EGXt96U2xYntsMPwAC
lh5.googleusercontent.com/ 162 KB
162 KB 14ms
7ms Image
image/png 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/URSTbNUBb--V-HZvUKOQ9UxRhEn7qj4CgFZOYOYLTdc4LRACYnOIEPZe2j1xHMtd7XBbBInzHz8REhBrEbKPwilECZFFFYdg0Ww3nBnRn_d7YLhSQW59K8EGXt96U2xYntsMPwAC

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

063097b88e61be916a7de3dd2ab1c7ae7a20349e46108a4db8356ea302031284

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:08:58 GMT
x-content-type-options: nosniff
age: 60
content-disposition: inline;filename="LZ 1.PNG"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 165494
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 18 May 2021 08:08:57 GMT

GET
H2 200 97da5a61b17f846e5666ba80c29d776e
secure.gravatar.com/avatar/ 5 KB
5 KB 12ms
5ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/97da5a61b17f846e5666ba80c29d776e?s=96&d=mm&r=g
Requested by: Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 7b867db7037f102dc3346bf60926585e6a5a1442128e71523741b05fef6c50d3

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 17 May 2021 12:09:58 GMT
last-modified: Thu, 07 Feb 2019 15:03:43 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="97da5a61b17f846e5666ba80c29d776e.jpeg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/97da5a61b17f846e5666ba80c29d776e?s=96&d=mm&r=g>; rel="canonical"
content-length: 4687
expires: Mon, 17 May 2021 12:14:58 GMT

GET
H3-29 200 email-decode.min.js Show response
gbhackers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 10ms
9ms Script
application/javascript 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"cf-nel","max_age":604800}
cf-request-id: 0a1bd4b6be000005bf1d3bc000000001
last-modified: Tue, 11 May 2021 15:38:57 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"609aa511-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1Wa70HgotNliOafDr%2B7xnCwrnVE8X4ZE6xWPkK6dDDroM901A6rt29rck%2FHfTRaGir9gzG%2F2sTvRGVKsF2V1sACjQiDsDuXZ9CCUCXhTVkvyjUKHpIbOZCVP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
cf-ray: 650cbd6acc2205bf-FRA
expires: Wed, 19 May 2021 12:09:58 GMT

GET
H3-29

200

Certified+Malware+Analyst.png
1.bp.blogspot.com/-oxwS6knOVFE/XvB5z8MpgYI/AAAAAAAAJYo/Necs1uQ7fmUnpAo7jCtWT_-VwAKP8FlegCLcBGAsYHQ/s1600/
Redirect Chain

https://i1.wp.com/1.bp.blogspot.com/-oxwS6knOVFE/XvB5z8MpgYI/AAAAAAAAJYo/Necs1uQ7fmUnpAo7jCtWT_-VwAKP8FlegCLcBGAsYHQ/s1600/Certified%2BMalware%2BAnalyst.png?ssl=1
https://1.bp.blogspot.com/-oxwS6knOVFE/XvB5z8MpgYI/AAAAAAAAJYo/Necs1uQ7fmUnpAo7jCtWT_-VwAKP8FlegCLcBGAsYHQ/s1600/Certified+Malware+Analyst.png

21 KB
21 KB

29ms
16ms

Image
image/png

2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-oxwS6knOVFE/XvB5z8MpgYI/AAAAAAAAJYo/Necs1uQ7fmUnpAo7jCtWT_-VwAKP8FlegCLcBGAsYHQ/s1600/Certified+Malware+Analyst.png

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5acb8d78c03361f8d2157108fceaeb83858cf0a32f4f7f22a2f7964703b9e9ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 09:12:34 GMT
x-content-type-options: nosniff
age: 10644
content-disposition: inline;filename="Certified Malware Analyst.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21091
x-xss-protection: 0
server: fife
etag: "v258b"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 12 May 2021 10:50:48 GMT

Redirect headers

x-nc: EXPIRED hhn 1
date: Mon, 17 May 2021 12:09:58 GMT
server: nginx
location: https://1.bp.blogspot.com/-oxwS6knOVFE/XvB5z8MpgYI/AAAAAAAAJYo/Necs1uQ7fmUnpAo7jCtWT_-VwAKP8FlegCLcBGAsYHQ/s1600/Certified+Malware+Analyst.png
access-control-allow-methods: GET, HEAD
content-type: text/html
access-control-allow-origin: *
timing-allow-origin: *
content-length: 138

GET
H3-29

200

UNC2529+Hacking+Group.PNG
1.bp.blogspot.com/-_1TPDfZ9k9o/YJTZAkNPRTI/AAAAAAAAM9A/gb7YmRIT9WAlxH2v84R3OiViRfOKUHXLACLcBGAsYHQ/s16000/
Redirect Chain

https://i2.wp.com/1.bp.blogspot.com/-_1TPDfZ9k9o/YJTZAkNPRTI/AAAAAAAAM9A/gb7YmRIT9WAlxH2v84R3OiViRfOKUHXLACLcBGAsYHQ/s16000/UNC2529%2BHacking%2BGroup.PNG?ssl=1
https://1.bp.blogspot.com/-_1TPDfZ9k9o/YJTZAkNPRTI/AAAAAAAAM9A/gb7YmRIT9WAlxH2v84R3OiViRfOKUHXLACLcBGAsYHQ/s16000/UNC2529+Hacking+Group.PNG

239 KB
239 KB

35ms
24ms

Image
image/png

2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-_1TPDfZ9k9o/YJTZAkNPRTI/AAAAAAAAM9A/gb7YmRIT9WAlxH2v84R3OiViRfOKUHXLACLcBGAsYHQ/s16000/UNC2529+Hacking+Group.PNG

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

575ee7759f46cc43e90347b403b2ca1dcfea36b9c31a3522ca3ee9d8f74bb248

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 08:24:18 GMT
x-content-type-options: nosniff
age: 13540
content-disposition: inline;filename="UNC2529 Hacking Group.PNG"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 244412
x-xss-protection: 0
server: fife
etag: "v33d1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 08 May 2021 06:38:35 GMT

Redirect headers

x-nc: EXPIRED hhn 4
date: Mon, 17 May 2021 12:09:58 GMT
server: nginx
location: https://1.bp.blogspot.com/-_1TPDfZ9k9o/YJTZAkNPRTI/AAAAAAAAM9A/gb7YmRIT9WAlxH2v84R3OiViRfOKUHXLACLcBGAsYHQ/s16000/UNC2529+Hacking+Group.PNG
access-control-allow-methods: GET, HEAD
content-type: text/html
access-control-allow-origin: *
timing-allow-origin: *
content-length: 138

GET
H3-29

200

Hackers+Abuse+Excel+4.0+macros+to+Deliver+malware+such+as+ZLoader+and+Quakbot.png
1.bp.blogspot.com/-DouOOO10b8k/YI4an-qamUI/AAAAAAAAM4w/mYw0HUpa4gw8xLAxF34H11frucd2Sbs8gCLcBGAsYHQ/s16000/
Redirect Chain

https://i0.wp.com/1.bp.blogspot.com/-DouOOO10b8k/YI4an-qamUI/AAAAAAAAM4w/mYw0HUpa4gw8xLAxF34H11frucd2Sbs8gCLcBGAsYHQ/s16000/Hackers%2BAbuse%2BExcel%2B4.0%2Bmacros%2Bto%2BDeliver%2Bmalware%2Bsuch%2B...
https://1.bp.blogspot.com/-DouOOO10b8k/YI4an-qamUI/AAAAAAAAM4w/mYw0HUpa4gw8xLAxF34H11frucd2Sbs8gCLcBGAsYHQ/s16000/Hackers+Abuse+Excel+4.0+macros+to+Deliver+malware+such+as+ZLoader+and+Quakbot.png

59 KB
59 KB

31ms
18ms

Image
image/png

2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-DouOOO10b8k/YI4an-qamUI/AAAAAAAAM4w/mYw0HUpa4gw8xLAxF34H11frucd2Sbs8gCLcBGAsYHQ/s16000/Hackers+Abuse+Excel+4.0+macros+to+Deliver+malware+such+as+ZLoader+and+Quakbot.png

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

924e047ef0300d05b2397336beb08d118622a26e5e7fd1f345da229cd10c79ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 08:24:19 GMT
x-content-type-options: nosniff
age: 13539
content-disposition: inline;filename="Hackers Abuse Excel 4.0 macros to Deliver malware such as ZLoader and Quakbot.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60309
x-xss-protection: 0
server: fife
etag: "v338e"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 05 May 2021 04:37:56 GMT

Redirect headers

x-nc: EXPIRED hhn 1
date: Mon, 17 May 2021 12:09:58 GMT
server: nginx
location: https://1.bp.blogspot.com/-DouOOO10b8k/YI4an-qamUI/AAAAAAAAM4w/mYw0HUpa4gw8xLAxF34H11frucd2Sbs8gCLcBGAsYHQ/s16000/Hackers+Abuse+Excel+4.0+macros+to+Deliver+malware+such+as+ZLoader+and+Quakbot.png
access-control-allow-methods: GET, HEAD
content-type: text/html
access-control-allow-origin: *
timing-allow-origin: *
content-length: 138

GET
H3-29 200 spinner.gif
gbhackers.com/wp-content/plugins/email-subscribers/lite/public/images/ 3 KB
4 KB 21ms
16ms Image
image/gif 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gbhackers.com/wp-content/plugins/email-subscribers/lite/public/images/spinner.gif

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7837e876f1eef549b3250b78380ec2df00ad6da4da6c27667424b1636854df3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/email-subscribers/lite/public/images/spinner.gif
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2098466
cf-ray: 650cbd6aec8e05bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3208
cf-request-id: 0a1bd4b6d3000005bf363b3000000001
last-modified: Tue, 14 Apr 2020 02:56:40 GMT
server: cloudflare
etag: "24c026-c88-5a337594fc442"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BgLwHf%2Fx393Ie%2BqbHGuRNizx3Ba%2FHaYKee7%2Bh60roicUe0ETmTJ6UjMqkr0sgUJi6Y%2F%2Fm4tgLK27%2BCGOXSeRJtDQJ3iqoA9TwI9RsmbRkFg0IJt2QeBWfg%2FE"}],"group":"cf-nel","max_age":604800}
x-varnish: 1444045
x-xss-protection: 1; mode=block
cache-control: public, max-age=2592000
accept-ranges: bytes
content-type: image/gif
expires: Tue, 05 Apr 2022 16:35:55 GMT

GET
H2 200 EthicalHackers%2Bacademy%2Bcourses.png
1.bp.blogspot.com/-JItdPCN7Ipo/XTNSaTGASQI/AAAAAAAADJM/S0Y-kG_ZdGMUIdFLtJIzEQ2WJ8oHdLYoQCLcBGAs/s1600/ 28 KB
28 KB 36ms
12ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-JItdPCN7Ipo/XTNSaTGASQI/AAAAAAAADJM/S0Y-kG_ZdGMUIdFLtJIzEQ2WJ8oHdLYoQCLcBGAs/s1600/EthicalHackers%2Bacademy%2Bcourses.png

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f769700a03fd02056c813aa2174cc931da2954454a36e5c616853dfc35186adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 08:55:54 GMT
x-content-type-options: nosniff
age: 11644
content-disposition: inline;filename="EthicalHackers academy courses.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28725
x-xss-protection: 0
server: fife
etag: "vc94"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 29 Apr 2021 11:50:23 GMT

GET
H2 200 w860e1552283196.jpg
i0.wp.com/gbhackers.com/wp-content/uploads/2019/03/ 1 KB
2 KB 20ms
16ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/gbhackers.com/wp-content/uploads/2019/03/w860e1552283196.jpg?resize=100%2C70&ssl=1

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i2.wp.com

Software

nginx /

Resource Hash

bf39a3a6d35c2a2648b687b71f2d1b1bb1de6bb84698d38c37d12c34fa08996a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Mon, 17 May 2021 12:09:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 11 May 2021 09:23:29 GMT
server: nginx
etag: "e4454867f29526f5"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://gbhackers.com/wp-content/uploads/2019/03/w860e1552283196.jpg>; rel="canonical"
content-length: 1416
expires: Thu, 11 May 2023 21:23:29 GMT

GET
H3-29

200

10+Best+Free+Firewall+Software+2020.png
1.bp.blogspot.com/-h2qDwE6pNtI/XkhHw_4VRdI/AAAAAAAAHhY/jbJG8PxbSlMzMhll5XScn6bUL__cBJp9gCLcBGAsYHQ/s1600/
Redirect Chain

https://i1.wp.com/1.bp.blogspot.com/-h2qDwE6pNtI/XkhHw_4VRdI/AAAAAAAAHhY/jbJG8PxbSlMzMhll5XScn6bUL__cBJp9gCLcBGAsYHQ/s1600/10%2BBest%2BFree%2BFirewall%2BSoftware%2B2020.png?ssl=1
https://1.bp.blogspot.com/-h2qDwE6pNtI/XkhHw_4VRdI/AAAAAAAAHhY/jbJG8PxbSlMzMhll5XScn6bUL__cBJp9gCLcBGAsYHQ/s1600/10+Best+Free+Firewall+Software+2020.png

52 KB
52 KB

26ms
13ms

Image
image/png

2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-h2qDwE6pNtI/XkhHw_4VRdI/AAAAAAAAHhY/jbJG8PxbSlMzMhll5XScn6bUL__cBJp9gCLcBGAsYHQ/s1600/10+Best+Free+Firewall+Software+2020.png

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

16f36c51725cdc98a049c01090083721020f99e14ce5b0659fe0e0951192484c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 08:55:55 GMT
x-content-type-options: nosniff
age: 11643
content-disposition: inline;filename="10 Best Free Firewall Software 2020.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53377
x-xss-protection: 0
server: fife
etag: "v1e25"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 16 May 2021 07:40:14 GMT

Redirect headers

x-nc: EXPIRED hhn 3
date: Mon, 17 May 2021 12:09:58 GMT
server: nginx
location: https://1.bp.blogspot.com/-h2qDwE6pNtI/XkhHw_4VRdI/AAAAAAAAHhY/jbJG8PxbSlMzMhll5XScn6bUL__cBJp9gCLcBGAsYHQ/s1600/10+Best+Free+Firewall+Software+2020.png
access-control-allow-methods: GET, HEAD
content-type: text/html
access-control-allow-origin: *
timing-allow-origin: *
content-length: 138

GET
H3-29

200

hacking-3112539_960_720.png
1.bp.blogspot.com/-pP9RTrREWBM/YIGs6KxWn3I/AAAAAAAAMrU/3ciyYNJNVfkAfgopgp6eIdpb_iFVNC8twCLcBGAsYHQ/s16000/
Redirect Chain

https://i0.wp.com/1.bp.blogspot.com/-pP9RTrREWBM/YIGs6KxWn3I/AAAAAAAAMrU/3ciyYNJNVfkAfgopgp6eIdpb_iFVNC8twCLcBGAsYHQ/s16000/hacking-3112539_960_720.png?ssl=1
https://1.bp.blogspot.com/-pP9RTrREWBM/YIGs6KxWn3I/AAAAAAAAMrU/3ciyYNJNVfkAfgopgp6eIdpb_iFVNC8twCLcBGAsYHQ/s16000/hacking-3112539_960_720.png

454 KB
454 KB

35ms
22ms

Image
image/png

2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-pP9RTrREWBM/YIGs6KxWn3I/AAAAAAAAMrU/3ciyYNJNVfkAfgopgp6eIdpb_iFVNC8twCLcBGAsYHQ/s16000/hacking-3112539_960_720.png

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6b533713a96e1bf46d708bdb2b777114297647210d9ef64ff901a1a4bbf38e2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 08:55:55 GMT
x-content-type-options: nosniff
age: 11643
content-disposition: inline;filename="hacking-3112539_960_720.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 464574
x-xss-protection: 0
server: fife
etag: "v32b6"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 16 May 2021 07:40:14 GMT

Redirect headers

x-nc: EXPIRED hhn 4
date: Mon, 17 May 2021 12:09:58 GMT
server: nginx
location: https://1.bp.blogspot.com/-pP9RTrREWBM/YIGs6KxWn3I/AAAAAAAAMrU/3ciyYNJNVfkAfgopgp6eIdpb_iFVNC8twCLcBGAsYHQ/s16000/hacking-3112539_960_720.png
access-control-allow-methods: GET, HEAD
content-type: text/html
access-control-allow-origin: *
timing-allow-origin: *
content-length: 138

GET
H3-29

200

Pulse+Secure+VPN.png
1.bp.blogspot.com/-SYKZsnTA8IU/YIGnvdkyKUI/AAAAAAAAMrM/qtnpvMsTyfYKHExCTQASnbHk6iJMkhDxQCLcBGAsYHQ/s16000/
Redirect Chain

https://i2.wp.com/1.bp.blogspot.com/-SYKZsnTA8IU/YIGnvdkyKUI/AAAAAAAAMrM/qtnpvMsTyfYKHExCTQASnbHk6iJMkhDxQCLcBGAsYHQ/s16000/Pulse%2BSecure%2BVPN.png?ssl=1
https://1.bp.blogspot.com/-SYKZsnTA8IU/YIGnvdkyKUI/AAAAAAAAMrM/qtnpvMsTyfYKHExCTQASnbHk6iJMkhDxQCLcBGAsYHQ/s16000/Pulse+Secure+VPN.png

139 KB
139 KB

35ms
23ms

Image
image/png

2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-SYKZsnTA8IU/YIGnvdkyKUI/AAAAAAAAMrM/qtnpvMsTyfYKHExCTQASnbHk6iJMkhDxQCLcBGAsYHQ/s16000/Pulse+Secure+VPN.png

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ac506e96556e211a29136296ea3e0d23067b0a43bf383bf128161aa6d55aba38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 08:55:54 GMT
x-content-type-options: nosniff
age: 11644
content-disposition: inline;filename="Pulse Secure VPN.png"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 142762
x-xss-protection: 0
server: fife
etag: "v32b4"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 16 May 2021 07:40:15 GMT

Redirect headers

x-nc: EXPIRED hhn 4
date: Mon, 17 May 2021 12:09:58 GMT
server: nginx
location: https://1.bp.blogspot.com/-SYKZsnTA8IU/YIGnvdkyKUI/AAAAAAAAMrM/qtnpvMsTyfYKHExCTQASnbHk6iJMkhDxQCLcBGAsYHQ/s16000/Pulse+Secure+VPN.png
access-control-allow-methods: GET, HEAD
content-type: text/html
access-control-allow-origin: *
timing-allow-origin: *
content-length: 138

GET
H3-29

200

sCuCS1562894148-compressor.jpg
1.bp.blogspot.com/-TfknOEjDMSg/XSfZbAsNEWI/AAAAAAAAC4I/qHfxlFPKxccMNfgrfkdxKFRHEsERooH-wCLcBGAs/s1600/
Redirect Chain

https://i1.wp.com/1.bp.blogspot.com/-TfknOEjDMSg/XSfZbAsNEWI/AAAAAAAAC4I/qHfxlFPKxccMNfgrfkdxKFRHEsERooH-wCLcBGAs/s1600/sCuCS1562894148-compressor.jpg?ssl=1
https://1.bp.blogspot.com/-TfknOEjDMSg/XSfZbAsNEWI/AAAAAAAAC4I/qHfxlFPKxccMNfgrfkdxKFRHEsERooH-wCLcBGAs/s1600/sCuCS1562894148-compressor.jpg

58 KB
58 KB

24ms
11ms

Image
image/jpeg

2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-TfknOEjDMSg/XSfZbAsNEWI/AAAAAAAAC4I/qHfxlFPKxccMNfgrfkdxKFRHEsERooH-wCLcBGAs/s1600/sCuCS1562894148-compressor.jpg

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

52300f3493ece732fe9a8e5324b10bcb6abbb51a709010e8f3b442a4cc53a938

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 08:55:55 GMT
x-content-type-options: nosniff
age: 11643
content-disposition: inline;filename="sCuCS1562894148-compressor.jpg"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59600
x-xss-protection: 0
server: fife
etag: "vb83"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 22 Apr 2021 22:05:10 GMT

Redirect headers

x-nc: EXPIRED hhn 3
date: Mon, 17 May 2021 12:09:58 GMT
server: nginx
location: https://1.bp.blogspot.com/-TfknOEjDMSg/XSfZbAsNEWI/AAAAAAAAC4I/qHfxlFPKxccMNfgrfkdxKFRHEsERooH-wCLcBGAs/s1600/sCuCS1562894148-compressor.jpg
access-control-allow-methods: GET, HEAD
content-type: text/html
access-control-allow-origin: *
timing-allow-origin: *
content-length: 138

GET
H3-29 200 woo.css
gbhackers.com/wp-content/plugins/featured-image-from-url/includes/html/css/ 60 B
698 B 22ms
16ms Stylesheet
text/css 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/plugins/featured-image-from-url/includes/html/css/woo.css?ver=4cc0e90e607ad87706fb34633047a82d

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0eca051bf2e51696f3f8ef35337104af0c65042f06ee0b8badf3f8f2b4e8fdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/featured-image-from-url/includes/html/css/woo.css?ver=4cc0e90e607ad87706fb34633047a82d
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 76
x-xss-protection: 1; mode=block
age: 2098466
cf-polished: origSize=64
cf-ray: 650cbd6aec7505bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b6cf000005bf61020000000001
cf-bgj: minify
server: cloudflare
etag: W/"PSA-aj-mMIhCQsjHN"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=X3p6l%2FKyFvnqHKiqHgwBA8cIPAxhqLPn8tvDrdp54tUCbBGCyuXivXwsW0RnTCNkvVg7pYktz9F0RKhyUI6J6GyiApb%2BS7phxXypfDZYZr63LNyRG4H%2BNXGP"}],"group":"cf-nel","max_age":604800}
x-varnish: 494109
vary: Accept-Encoding
cache-control: public, max-age=2591725
content-type: text/css
expires: Wed, 05 May 2021 16:32:56 GMT

GET
H3-29 200 photon.min.js Show response
gbhackers.com/wp-content/plugins/jetpack/_inc/build/photon/ 685 B
929 B 34ms
28ms Script
application/javascript 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cfd3418ebf7c95f8f7a9024ebfa383ff5a267a8568c9a2708c26733824bdf07

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 758
x-xss-protection: 1; mode=block
age: 60891
cf-ray: 650cbd6aec7705bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b6d0000005bf71b23000000001
server: cloudflare
etag: W/"PSA-aj-JGJqxEU79F"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=o4%2BJ4NsuBxUMy8l2oNhkKWSdiC4PvFB7YlUcTP1xscpz9zRYivzGxFoc9Tg23R3XefOnuF1w0VHHgUcodYM84ttC6ZEuYifjMVzk9ORyc5icJYsuJrpldQ4M"}],"group":"cf-nel","max_age":604800}
x-varnish: 22163901
vary: Accept-Encoding
cache-control: public, max-age=2591884
content-type: application/javascript
expires: Sat, 05 Jun 2021 09:28:32 GMT

GET
H3-29 200 tagdiv_theme.min.js Show response
gbhackers.com/wp-content/themes/Newspaper/js/ 200 KB
45 KB 32ms
25ms Script
application/javascript 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/themes/Newspaper/js/tagdiv_theme.min.js?ver=8.5.1

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b8209efc7da6a179bd91dee606ada248b8439c4a409ccbf09d239995cbbba55

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/themes/Newspaper/js/tagdiv_theme.min.js?ver=8.5.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 205617
x-xss-protection: 1; mode=block
age: 2098466
cf-ray: 650cbd6aec7805bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b6d0000005bf37b37000000001
server: cloudflare
etag: W/"PSA-aj-iHIXaJ9EqT"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3dAavB0jro5PPjSr6kepbxcchYmxDcRzx0VnEtk1y1gaiXwdaleefZ8epItkABBZACLziFgTbtLaxOZd2K1UWODY0L4zWwpABQqeVpOig0Nw2zKUJ2Amznv%2F"}],"group":"cf-nel","max_age":604800}
x-varnish: 1346797
vary: Accept-Encoding
cache-control: public, max-age=2591725
content-type: application/javascript
expires: Wed, 05 May 2021 16:32:56 GMT

GET
H3-29 200 comment-reply.min.js Show response
gbhackers.com/wp-includes/js/ 2 KB
2 KB 25ms
18ms Script
application/javascript 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-includes/js/comment-reply.min.js?ver=4cc0e90e607ad87706fb34633047a82d

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73eb139b1371aed55b1dce74b7258f2d90991c5294d69fce852c3eed1af40068

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-includes/js/comment-reply.min.js?ver=4cc0e90e607ad87706fb34633047a82d
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 2420
x-xss-protection: 1; mode=block
age: 2098466
cf-ray: 650cbd6aec7a05bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b6d0000005bf8d29a000000001
server: cloudflare
etag: W/"PSA-aj-C22YcYY7sT"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uduOOFMXlNEBJFU1KQPNFpeTybPAP8jwFqPTlnWqykI0STrWtQG58eRqS%2FsOuZC2BzJoBMOnVcWsNpQz%2F08vi5I2HNV9WyqWm17t0x9HPZtRztQprfBTa75o"}],"group":"cf-nel","max_age":604800}
x-varnish: 2370
vary: Accept-Encoding
cache-control: public, max-age=2591725
content-type: application/javascript
expires: Wed, 05 May 2021 16:32:56 GMT

GET
H3-29 200 wp-embed.min.js Show response
gbhackers.com/wp-includes/js/ 1 KB
1 KB 22ms
15ms Script
application/javascript 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-includes/js/wp-embed.min.js?ver=4cc0e90e607ad87706fb34633047a82d

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=4cc0e90e607ad87706fb34633047a82d
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 1434
x-xss-protection: 1; mode=block
age: 2098466
cf-ray: 650cbd6aec7c05bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b6d0000005bf103fd000000001
server: cloudflare
etag: W/"PSA-aj-BBM9N8_Q8I"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HsBQcKhMJIcsYJWTt9hjTHKMdjh48uUKgy98dGio%2FOIQLy52xzZmxSZFphyfLID9di5oOBuaJWsi4mIsZSObtOJv0MU2Z2rDo9hU0zaKLV4HghKJmBt4HtTp"}],"group":"cf-nel","max_age":604800}
x-varnish: 1444289
vary: Accept-Encoding
cache-control: public, max-age=2591725
content-type: application/javascript
expires: Wed, 05 May 2021 16:32:56 GMT

GET
H3-29 200 image.js Show response
gbhackers.com/wp-content/plugins/featured-image-from-url/includes/html/js/ 2 KB
1 KB 30ms
24ms Script
application/javascript 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?3_0_1&ver=4cc0e90e607ad87706fb34633047a82d

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbca7622295dec97458ab7a27983d05969398fbc96da602c38edb8f83e79374a

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/featured-image-from-url/includes/html/js/image.js?3_0_1&ver=4cc0e90e607ad87706fb34633047a82d
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 2916
x-xss-protection: 1; mode=block
age: 2098466
cf-ray: 650cbd6aec7e05bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b6d1000005bf14a2c000000001
cf-bgj: minify
server: cloudflare
etag: W/"PSA-aj-pSApZDLai5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7yq1bMrY2qPSBxosD%2B6D%2FfAk2tHk%2Fpx4sLaTggxVS%2Fhizx5hs%2B7oGMZ70b9vRk7X0Tf%2BsLAna0WRfnAQyUE7H%2BM9p7H%2Fqhsmu6npIij6E1LxzKR%2BL38la%2Fgj"}],"group":"cf-nel","max_age":604800}
x-varnish: 1673151
vary: Accept-Encoding
cache-control: public, max-age=2591725
content-type: application/javascript
expires: Wed, 05 May 2021 16:32:56 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 29ms
14ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=4cc0e90e607ad87706fb34633047a82d
Requested by: Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1fdc83f40b6872fbf82ad027168954ccaa7eee12c7e6fcbe52e26c36bf915de

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 60
etag: W/"5404400d01d5519bc4a10316e7ed5c9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 650cbd6b4e794db2-FRA
cf-request-id: 0a1bd4b70f00004db2e0205000000001
expires: Thu, 20 May 2021 12:09:58 GMT

GET
H3-29 200 sharing.min.js Show response
gbhackers.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/ 8 KB
3 KB 19ms
12ms Script
application/javascript 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=8.4.1

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee73983f199df0f0cca9f5306e79bd0a5a624e09b9e805a93957a4167ee87fe0

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=8.4.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gbhackers.com
referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: br
x-content-type-options: nosniff nosniff
cf-cache-status: HIT
x-original-content-length: 8027
x-xss-protection: 1; mode=block
age: 2098466
cf-ray: 650cbd6aec7f05bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b6d1000005bf023b0000000001
server: cloudflare
etag: W/"PSA-aj-lTL_G96kcx"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xRBP2iKSc8Qk1sCuDVGF8u604Czt5XN8oK9E%2FZTZCbDtQrKmEUAsJuglDjyn%2FSdTucdrJXWi2aDDtUp9Yy2Ng%2FN%2Bs4QzhY%2B6KML0Pc2KYToG6uA3mSgP3oMd"}],"group":"cf-nel","max_age":604800}
x-varnish: 426852
vary: Accept-Encoding
cache-control: public, max-age=2591746
content-type: application/javascript
expires: Wed, 05 May 2021 16:33:17 GMT

GET
H2 200 e-202120.js Show response
stats.wp.com/ 9 KB
3 KB 60ms
19ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202120.js
Requested by: Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 08 May 2022 21:00:05 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fb55864b528fb5460ccf4acb8ff4498ec0a588cb262170df0ddc9caf32f0d76e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
H3-29 200 newspaper.woff
gbhackers.com/wp-content/themes/Newspaper/images/icons/ 15 KB
15 KB 403ms
399ms Font
application/x-font-woff 2606:4700:3030::6815:22df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gbhackers.com/wp-content/themes/Newspaper/images/icons/newspaper.woff?14

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/wp-content/themes/Newspaper/style.css?ver=8.5.1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:22df , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc7375f568ea439c4f544ac6488b963a8d57d6cd65b0a8a551230d330e55483f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/themes/Newspaper/images/icons/newspaper.woff?14
pragma: no-cache
origin: https://gbhackers.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: gbhackers.com
referer: https://gbhackers.com/wp-content/themes/Newspaper/style.css?ver=8.5.1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://gbhackers.com
Referer: https://gbhackers.com/wp-content/themes/Newspaper/style.css?ver=8.5.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 650cbd6b0cdd05bf-FRA
x-cache: MISS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1bd4b6e2000005bf8d29f000000001
last-modified: Sat, 16 Dec 2017 02:49:51 GMT
server: cloudflare
etag: W/"1a035e-3b50-5606c2bcad1c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cseZl61pOj1DOtthU6wjezjtuXlKF5KeL9s0EWewpIQ5ws%2Fi6ccp3UQeXOtu%2BQI4o08qBAKyMjt%2BxUm2yMias6bxDlAeUYGaFLB8WMjC9FnbtaB4tiLtzJXR"}],"group":"cf-nel","max_age":604800}
x-varnish: 8431043
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, s-maxage=10
content-type: application/x-font-woff
expires: Tue, 17 May 2022 12:08:58 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ 14 KB
14 KB 14ms
3ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700%2C900%7COpen+Sans%3A300italic%2C400%2C400italic%2C600%2C600italic%2C700%7CDroid+Sans%3A400&ver=8.5.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://gbhackers.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 01:50:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 555561
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Wed, 11 May 2022 01:50:37 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 13ms
3ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://gbhackers.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 20:40:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:00 GMT
server: sffe
age: 487760
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15056
x-xss-protection: 0
expires: Wed, 11 May 2022 20:40:38 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 16 KB
16 KB 21ms
3ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://gbhackers.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 00:12:11 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
age: 561467
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
expires: Wed, 11 May 2022 00:12:11 GMT

GET
H3-29 200 mem6YaGs126MiZpBA-UFUK0Zdc0.woff2
fonts.gstatic.com/s/opensans/v18/ 13 KB
13 KB 18ms
14ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem6YaGs126MiZpBA-UFUK0Zdc0.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da407a15b1ea0c1b4bb774bd77bb608d6b1c90397b5a75b8895bbccfda5feb63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://gbhackers.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:44:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:37 GMT
server: sffe
age: 332756
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13780
x-xss-protection: 0
expires: Fri, 13 May 2022 15:44:02 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://gbhackers.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 01:43:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 383186
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Fri, 13 May 2022 01:43:32 GMT

GET
H3-29 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v27/ 17 KB
17 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://gbhackers.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:35:31 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 333267
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17304
x-xss-protection: 0
expires: Fri, 13 May 2022 15:35:31 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://gbhackers.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:35:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
age: 333269
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
expires: Fri, 13 May 2022 15:35:29 GMT

GET
H3-29 200 KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2
fonts.gstatic.com/s/roboto/v27/ 17 KB
17 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://gbhackers.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 10 May 2021 21:43:27 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:45 GMT
server: sffe
age: 570391
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17380
x-xss-protection: 0
expires: Tue, 10 May 2022 21:43:27 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210511/r20190131/ 223 KB
82 KB 47ms
31ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210511/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8834194653550774&plah=gbhackers.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66f661926ae6c1e13c6b2169733476eb03b9be46e333e5f81eab69a5b0d27ace

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84097
x-xss-protection: 0
server: cafe
etag: 12558658968377452156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 17 May 2021 12:09:58 GMT

GET
DATA 200
OK truncated
/ 18 KB
18 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 94b293e2c7affa223f0e3a5cfd950030c8aacee84bc93ec5f0d35c7f4e91381b

Request headers

Origin: https://gbhackers.com
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 / Show response
jetpack.wordpress.com/jetpack-comment/ Frame 083F 26 KB
8 KB 682ms
634ms Document
text/html 192.0.78.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://jetpack.wordpress.com/jetpack-comment/?blogid=116523949&postid=49573&comment_registration=0&require_name_email=1&stc_enabled=0&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=8.4.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=9681a058ed28dc3d403d4e86940cd114e6f1ae9d

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.32 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1adf107409509ee68bd128b0cfc978ce4cb4c2429ef8a2dd850864347740348e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: jetpack.wordpress.com
:scheme: https
:path: /jetpack-comment/?blogid=116523949&postid=49573&comment_registration=0&require_name_email=1&stc_enabled=0&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=8.4.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=9681a058ed28dc3d403d4e86940cd114e6f1ae9d
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gbhackers.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gbhackers.com/

Response headers

server: nginx
date: Mon, 17 May 2021 12:09:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
host-header: WordPress.com
content-encoding: gzip
x-ac: 2.hhn _dfw
strict-transport-security: max-age=15552000

GET
H3-29 200 mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://gbhackers.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:47 GMT
server: sffe
age: 93980
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14880
x-xss-protection: 0
expires: Mon, 16 May 2022 10:03:38 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210511/r20190131/ Frame 9138 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210511/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210511/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gbhackers.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gbhackers.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 16 May 2021 20:20:17 GMT
expires: Sun, 30 May 2021 20:20:17 GMT
content-type: text/html; charset=UTF-8
etag: 10446291943670460780
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4644
x-xss-protection: 0
age: 56981
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pubads_impl_2021051001.js Show response
securepubads.g.doubleclick.net/gpt/ 303 KB
107 KB 73ms
28ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051001.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

b19865c2e8366fc6cef8f869b9447b23243e4917d73591e554f1b697a1f8da9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 10 May 2021 08:38:30 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109340
x-xss-protection: 0
expires: Mon, 17 May 2021 12:09:58 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-88811382-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6186
date: Mon, 17 May 2021 10:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Mon, 17 May 2021 12:26:52 GMT

GET
H3-29 200 SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2
fonts.gstatic.com/s/droidsans/v12/ 21 KB
21 KB 13ms
12ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/droidsans/v12/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a615849237c0ce94e73fc69d86e5f9c58bdaca8d9756a5ff4c88fa86b14e6177

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://gbhackers.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 22:09:45 GMT
x-content-type-options: nosniff
last-modified: Thu, 20 Feb 2020 01:56:42 GMT
server: sffe
age: 482413
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21232
x-xss-protection: 0
expires: Wed, 11 May 2022 22:09:45 GMT

GET
H3-29 200 memnYaGs126MiZpBA-UFUKXGUdhrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ 14 KB
14 KB 12ms
12ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKXGUdhrIqM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10879c90d675623954d308fa8d34ab038c915646aa4167764fd8bb02804cbbf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://gbhackers.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 02:03:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 382015
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13852
x-xss-protection: 0
expires: Fri, 13 May 2022 02:03:03 GMT

GET
H2 200 count.json Show response
api.pinterest.com/v1/urls/ 151 B
378 B 151ms
112ms Script
application/javascript 151.101.112.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pinterest.com/v1/urls/count.json?callback=WPCOMSharing.update_pinterest_count&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&_=1621253398213

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.112.84 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

972fa89f74260a714bc528f6b514fc4dd4ac235b309afc952823705e5ef6fcb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:59 GMT
x-content-type-options: nosniff
x-cdn: fastly
age: 0
content-type: application/javascript
access-control-allow-origin: *
cache-control: private
x-envoy-upstream-service-time: 1
x-pinterest-rid: 1251961090346764
content-length: 151
expires: Mon, 17 May 2021 12:24:59 GMT

GET
H2 200 / Show response
graph.facebook.com/ 244 B
661 B 73ms
39ms Script
text/javascript 2a03:2880:f030:f:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&_=1621253398214

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f030:f:face:b00c:0:2 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

925ddac80ed45b597bbb3091205d947e3fc84a51abf2a387b0002bcf30d6f2e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1003800368
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 183
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: iK7Sis3Dk+C4jcmMaD47zb2LN4JDpZcSRun0sXKPZf2Y2fDmw4zEExuce5NolGbFxlBODbH6haAy9gwSgCyKKA==
x-fb-trace-id: HuEegUI7g6d
date: Mon, 17 May 2021 12:09:59 GMT
vary: Origin, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AkYAO6OF5d9s8U3-AXsIPMT
cache-control: no-store
facebook-api-version: v3.3
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 20ms
19ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=pinterest&r=0.38299216584186246
Requested by: Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
92 B 20ms
19ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.5331898919540412
Requested by: Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:58 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 203 B
407 B 52ms
51ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=gbhackers.com&callback=_gfp_s_&client=ca-pub-8834194653550774

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210511/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8834194653550774&plah=gbhackers.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

cf679368dc054a749b392e77da632239e77476c8e6f03358302dd59eb5bf4c46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 192
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
313 B 15ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=gbhackers.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
313 B 14ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gbhackers.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 May 2021 12:09:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2D63 47 KB
18 KB 313ms
313ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8834194653550774&output=html&h=600&slotname=3739790355&adk=1157797212&adf=3742738727&pi=t.ma~as.3739790355&w=160&lmt=1621253398&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398595&bpp=15&bdt=481&idt=365&shv=r20210511&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1440&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nEFIvxzzTN&p=https%3A//gbhackers.com&dtd=397

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f5ff823cd4a7bdcf3bfd95734694be08f17e7491ecc73f6ddd620b5d614abdbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8834194653550774&output=html&h=600&slotname=3739790355&adk=1157797212&adf=3742738727&pi=t.ma~as.3739790355&w=160&lmt=1621253398&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398595&bpp=15&bdt=481&idt=365&shv=r20210511&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1440&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nEFIvxzzTN&p=https%3A//gbhackers.com&dtd=397
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gbhackers.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gbhackers.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 17 May 2021 12:09:59 GMT
server: cafe
content-length: 18390
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 17-May-2021 12:24:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 17 May 2021 12:09:59 GMT
cache-control: private

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 32ms
17ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5195b5533eaad9e23ee9c1ad9dd017b4f0fca8d54921a3f045858eaf4145689d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620991985148764"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27994
x-xss-protection: 0
expires: Mon, 17 May 2021 12:09:59 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
97 B 20ms
19ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A8.4.1&blog=116523949&post=49573&tz=0&srv=gbhackers.com&host=gbhackers.com&ref=https%3A%2F%2Ft.co%2F&fcp=1125&rand=0.7477383190279865
Requested by: Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:59 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 17E3 67 KB
24 KB 637ms
637ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=280&slotname=8042110665&adk=772156370&adf=815780160&pi=t.ma~as.8042110665&w=696&fwrn=4&fwrnh=100&lmt=1621253399&rafmt=1&psa=0&format=696x280&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398688&bpp=29&bdt=574&idt=337&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=266&ady=480&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=doas2SqEUu&p=https%3A//gbhackers.com&dtd=350

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaf1925385c2d68fd51e4c87c659f3fe913799708629834fb5b159e1e054912b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5372786174760228&output=html&h=280&slotname=8042110665&adk=772156370&adf=815780160&pi=t.ma~as.8042110665&w=696&fwrn=4&fwrnh=100&lmt=1621253399&rafmt=1&psa=0&format=696x280&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398688&bpp=29&bdt=574&idt=337&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=266&ady=480&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=doas2SqEUu&p=https%3A//gbhackers.com&dtd=350
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gbhackers.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gbhackers.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 17 May 2021 12:10:00 GMT
server: cafe
content-length: 24296
x-xss-protection: 0
set-cookie: IDE=AHWqTUnQZWk3Ghmxsb2V_N7pZMngUiKPMTGN6d9PxkSNpqV0GtjcCfFtAH1eehkFvn0; expires=Sat, 11-Jun-2022 12:09:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 17 May 2021 12:10:00 GMT
cache-control: private

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
12ms XHR
text/plain 2a00:1450:4001:80e::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=554624659&t=pageview&_s=1&dl=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=APT%20Hacker%20Group%20FIN7%20Uses%20an%20Ethical%20Hacking%20Tools&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=202897116&gjid=851079975&cid=1929148175.1621253399&tid=UA-88811382-1&_gid=599702036.1621253399&_r=1&gtm=2ou5c1&z=1760207835

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:09:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://gbhackers.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 56BE 73 KB
25 KB 648ms
648ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=1238950596&adk=1685320399&adf=172511590&pi=t.ma~as.1238950596&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398717&bpp=2&bdt=604&idt=371&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=1365&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=6NXkeUWmfA&p=https%3A//gbhackers.com&dtd=375

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e657594b47b09235434133e0579777f64f538ecbe23cd1863ae2ae9ce109a9a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=1238950596&adk=1685320399&adf=172511590&pi=t.ma~as.1238950596&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398717&bpp=2&bdt=604&idt=371&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=1365&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=6NXkeUWmfA&p=https%3A//gbhackers.com&dtd=375
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gbhackers.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gbhackers.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 17 May 2021 12:10:00 GMT
server: cafe
content-length: 25907
x-xss-protection: 0
set-cookie: IDE=AHWqTUnACZFYYOxYBLEUh0vY3WJFrKv8xNadL-9gAu9PtsKDZ0Nquyt7B_aLugabWJU; expires=Sat, 11-Jun-2022 12:09:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 17 May 2021 12:10:00 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 41E6 75 KB
25 KB 736ms
736ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=2715683798&adk=3586715749&adf=1368364605&pi=t.ma~as.2715683798&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398719&bpp=1&bdt=606&idt=377&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280%2C300x250&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=2368&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9UpxQZ1VAq&p=https%3A//gbhackers.com&dtd=382

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f739e77acee2c2a87ad95bd4ffbad4b95c34a756860c2ae69732b118be9601c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=2715683798&adk=3586715749&adf=1368364605&pi=t.ma~as.2715683798&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398719&bpp=1&bdt=606&idt=377&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280%2C300x250&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=2368&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9UpxQZ1VAq&p=https%3A//gbhackers.com&dtd=382
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gbhackers.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gbhackers.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 17 May 2021 12:10:00 GMT
server: cafe
content-length: 25603
x-xss-protection: 0
set-cookie: IDE=AHWqTUkRm41fmBfptpt2XjmvG7I_mQVEFFvbVHxcO3-ZNWM04z06_L8WZUxvT7eCHtk; expires=Sat, 11-Jun-2022 12:09:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 17 May 2021 12:10:00 GMT
cache-control: private

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
83 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9b

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-88811382-1&cid=1929148175.1621253399&jid=202897116&gjid=851079975&_gid=599702036.1621253399&_u=YAhAAUAAAAAAAC~&z=1598490563

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 17 May 2021 12:09:59 GMT
content-type: text/plain
access-control-allow-origin: https://gbhackers.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 spam_signals_bundle_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/elements/html/spam_signals/ Frame 2D63 6 KB
3 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/elements/html/spam_signals/spam_signals_bundle_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8834194653550774&output=html&h=600&slotname=3739790355&adk=1157797212&adf=3742738727&pi=t.ma~as.3739790355&w=160&lmt=1621253398&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398595&bpp=15&bdt=481&idt=365&shv=r20210511&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1440&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nEFIvxzzTN&p=https%3A//gbhackers.com&dtd=397

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

41a39f4628ed5d28c57ab70026f672800fdcdab9580d3957db13645d0c44d4d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 10:51:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4685
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2925
x-xss-protection: 0
server: cafe
etag: 11749031388657934619
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 10:51:54 GMT

GET
H2 200 8815019794235045971
tpc.googlesyndication.com/daca_images/simgad/ Frame 2D63 54 KB
55 KB 26ms
7ms Image
image/png 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/8815019794235045971

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b5ddfaee9c847c131c49682c9785f0b1b20df7050a0cdaccd8ebbe528b200029

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 09:47:58 GMT
x-content-type-options: nosniff
age: 94921
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55614
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 02:12:37 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 16 May 2022 09:47:58 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/ Frame 2D63 17 KB
7 KB 23ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

85e3697fdb65077432d19ff2953a9384b12c6971b9187fd719ac2cf0f1f472d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7042
x-xss-protection: 0
server: cafe
etag: 2725110100707361309
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:09:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 2D63 2 KB
1 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:09:00 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2D63 117 KB
36 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14a6bc9fca94f536d24da272cf684e3e900adaf170804cceda99f44c97c710c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620991973329016"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36585
x-xss-protection: 0
expires: Mon, 17 May 2021 12:09:59 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 2D63 13 KB
6 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:08:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 96
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:08:23 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 2D63 25 KB
10 KB 23ms
9ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

05e695a8f4bd26c3a3092afbd08d40b873b39599d47ce15c281b1b526e934258

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:57:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 724
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10380
x-xss-protection: 0
server: cafe
etag: 16922886349488815302
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 11:57:55 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 083F 132 KB
41 KB 72ms
30ms Script
application/javascript 192.0.77.32

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyFzUEKwkAMheELmQ5DocWFeJZaY8kwyYxJBu3traBQV67e4v/ghUeFuYijeEgWajFnNJsW7JIdwm/lcqGM0Ax1A+JAcitfRzLndkV7w3RvqOtnOib5i4Bp0clxj3fPmh2qlue6tTOf4hDHPvbDeEwvhOVG7A==
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=116523949&postid=49573&comment_registration=0&require_name_email=1&stc_enabled=0&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=8.4.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=9681a058ed28dc3d403d4e86940cd114e6f1ae9d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN (),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 12b21a2d3fde07cf06583fbad384ba1bd37fb39bd1e4c2f208d6be41e3b19dd8

Request headers

Origin: https://jetpack.wordpress.com
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 17 May 2021 12:09:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Apr 2021 21:48:08 GMT
server: nginx
etag: W/"60663f98-20f0b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Fri, 01 Apr 2022 21:48:13 GMT

GET
H2 200 style.css
s0.wp.com/wp-content/mu-plugins/highlander-comments/ Frame 083F 19 KB
4 KB 73ms
22ms Stylesheet
text/css 192.0.77.32

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1530132353h&cssminify=yes
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=116523949&postid=49573&comment_registration=0&require_name_email=1&stc_enabled=0&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=8.4.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=9681a058ed28dc3d403d4e86940cd114e6f1ae9d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN (),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 89d01b152beefa0885d7821cea6cc319054d5e272549b004479a6ac81ecafee3

Request headers

Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Mon, 17 May 2021 12:09:59 GMT
content-encoding: gzip
server: nginx
etag: W/"5b33f7b7-5e1f"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Thu, 03 Feb 2022 04:32:43 GMT

GET
H2 200 ad516503a11cd5ca435acc9bb6523536
1.gravatar.com/avatar/ Frame 083F 556 B
776 B 8ms
5ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=116523949&postid=49573&comment_registration=0&require_name_email=1&stc_enabled=0&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=8.4.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=9681a058ed28dc3d403d4e86940cd114e6f1ae9d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ae82e42491a7de3c5d3df779e9600e5191708025e8c46102ccfa7026df735d64

Request headers

Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Mon, 17 May 2021 12:09:59 GMT
last-modified: Sat, 01 Mar 2008 02:44:06 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="ad516503a11cd5ca435acc9bb6523536.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25>; rel="canonical"
content-length: 556
expires: Mon, 17 May 2021 12:14:59 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 083F 42 KB
11 KB 20ms
20ms Script
application/javascript 192.0.77.32

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/jquery/jquery.autoresize.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1573483029j
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=116523949&postid=49573&comment_registration=0&require_name_email=1&stc_enabled=0&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=8.4.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=9681a058ed28dc3d403d4e86940cd114e6f1ae9d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN (),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4a82bed4d069950b1f5e43cdfb5b107eee29ee9e60b6363543b3f3ee58e0f558

Request headers

Origin: https://jetpack.wordpress.com
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 17 May 2021 12:09:59 GMT
content-encoding: gzip
last-modified: Mon, 11 Nov 2019 14:37:22 GMT
server: nginx
etag: W/"5dc97222-a830"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Fri, 05 Nov 2021 08:08:05 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 083F 30 KB
9 KB 20ms
19ms Script
application/javascript 192.0.77.32

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJx9jjEOwjAMRS9EYgqIwoA4CkobA04Tt8QJFZweD7AwdLItvff9YZ5MP3JBLhAEwqNifn2HJX4SzjbICpawgGVy/WAyCr3xH0/VTLHeiAUiDSigUsW7Yx8xL8DOJ2LTuQzJScGsmylZ/8hPIu5j9ZqojfTE1KG3Ki2FDiQJi9naNVzUh+uYk/LndGr2zaY5toddGz7tXGXv
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=116523949&postid=49573&comment_registration=0&require_name_email=1&stc_enabled=0&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=8.4.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=9681a058ed28dc3d403d4e86940cd114e6f1ae9d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN (),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 22a12ce9657a6da58d3dc1d544505d3f861956f77bf7cb5101275f0c7b0d9be0

Request headers

Origin: https://jetpack.wordpress.com
Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Mon, 17 May 2021 12:09:59 GMT
content-encoding: gzip
last-modified: Mon, 01 Feb 2021 16:44:18 GMT
server: nginx
etag: W/"60182fe2-79c3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dfw
timing-allow-origin: *
expires: Tue, 12 Apr 2022 17:54:38 GMT

GET
H2 200 wp-emoji-release.min.js Show response
s0.wp.com/wp-includes/js/ Frame 083F 14 KB
5 KB 23ms
23ms Script
application/javascript 192.0.77.32

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1612197847h&ver=5.7.2
Requested by: Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=116523949&postid=49573&comment_registration=0&require_name_email=1&stc_enabled=0&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=8.4.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=9681a058ed28dc3d403d4e86940cd114e6f1ae9d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN (),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Request headers

Referer: https://jetpack.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Mon, 17 May 2021 12:09:59 GMT
content-encoding: gzip
server: nginx
etag: W/"60182fe2-3795"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Fri, 13 May 2022 14:50:40 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BFF8 143 B
163 B 7ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8834194653550774&output=html&h=600&slotname=3739790355&adk=1157797212&adf=3742738727&pi=t.ma~as.3739790355&w=160&lmt=1621253398&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398595&bpp=15&bdt=481&idt=365&shv=r20210511&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1440&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nEFIvxzzTN&p=https%3A//gbhackers.com&dtd=397
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8834194653550774&output=html&h=600&slotname=3739790355&adk=1157797212&adf=3742738727&pi=t.ma~as.3739790355&w=160&lmt=1621253398&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398595&bpp=15&bdt=481&idt=365&shv=r20210511&cbv=%2Fr20190131&ptt=5&saldr=sa&abxe=1&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1440&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfeE%7C&abl=CF&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=nEFIvxzzTN&p=https%3A//gbhackers.com&dtd=397

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 17 May 2021 11:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2440
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 redir.html Show response
p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame B6D4 247 B
789 B 84ms
25ms Document
text/html 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

622770e837b5661b3c1f60e3351024ce59b0391e71d99bd5b50e510571d8b6d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com
:scheme: https
:path: /v6exp3/redir.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-h3H1ovwfYy09YACNv9vr9Q' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
content-length: 204
date: Mon, 17 May 2021 12:09:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2D63 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 00c250bc17f772c96d4822622b54cfe700dc899581c3c29e9a1f5cc9d5079646

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
public-api.wordpress.com/connect/ Frame B23D 2 KB
1 KB 247ms
205ms Document
text/html 192.0.78.23

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fjetpack.wordpress.com&color_scheme=light

Requested by

Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=116523949&postid=49573&comment_registration=0&require_name_email=1&stc_enabled=0&stb_enabled=0&show_avatars=1&avatar_default=mystery&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=8.4.1&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=9681a058ed28dc3d403d4e86940cd114e6f1ae9d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 , United States, ASN (),

Reverse DNS

Software

nginx /

Resource Hash

6574c03ef34c869d4a560674a171cfdeceb77589d59b7d073a95eebdb733a827

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: public-api.wordpress.com
:scheme: https
:path: /connect/?googleplus-sign-in=https%3A%2F%2Fjetpack.wordpress.com&color_scheme=light
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://jetpack.wordpress.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://jetpack.wordpress.com/

Response headers

server: nginx
date: Mon, 17 May 2021 12:09:59 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
host-header: WordPress.com
content-encoding: gzip
x-ac: 1.hhn _dfw
strict-transport-security: max-age=15552000

GET
H2 200 button-back.gif
s0.wp.com/wp-content/mu-plugins/highlander-comments/images/ Frame 083F 1 KB
1 KB 23ms
22ms Image
image/gif 192.0.77.32

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/images/button-back.gif
Requested by: Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1530132353h&cssminify=yes
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN (),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35

Request headers

Referer: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1530132353h&cssminify=yes
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Mon, 17 May 2021 12:09:59 GMT
x-ac: 4.ams _dfw
last-modified: Sat, 31 Dec 2016 05:45:43 GMT
server: nginx
etag: "58674607-4d0"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 1232
expires: Thu, 03 Feb 2022 04:33:12 GMT

GET
H3-29 200 iframe.html Show response
p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame B6D4 4 KB
2 KB 52ms
26ms Document
text/html 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

05ebb6ddb9f062cace4a9db2e54b0a7d65f087bc16241796783e24b5c7b7975c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com
:scheme: https
:path: /v6exp3/iframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-k8KdRoZeQbmxr6xLDDFACA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
content-length: 1862
date: Mon, 17 May 2021 12:09:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Thu, 29 Apr 2021 21:38:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BFF8
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 17 May 2021 12:09:59 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Mon, 17-May-2021 13:09:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 17 May 2021 12:09:59 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 17 May 2021 12:09:59 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js Show response
pagead2.googlesyndication.com/bg/ Frame DAE8 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f2408d274b2e81505cf5c1b84d9f0d583282490834abfe22710e697342c05e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 07:07:36 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 104543
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5636
x-xss-protection: 0
expires: Mon, 16 May 2022 07:07:36 GMT

GET
H2 200 googleplus-sign-in.js Show response
s0.wp.com/wp-content/js/ Frame B23D 11 KB
4 KB 23ms
23ms Script
application/javascript 192.0.77.32

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/googleplus-sign-in.js?m=1551752381h
Requested by: Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fjetpack.wordpress.com&color_scheme=light
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN (),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 83f49a60c7b81bab4b8b2ffd154c069fdde45e0ec303ce85ede59495844f919a

Request headers

Referer: https://public-api.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Mon, 17 May 2021 12:09:59 GMT
content-encoding: gzip
server: nginx
etag: W/"5c7ddce7-4290"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 4.ams _dfw
timing-allow-origin: *
expires: Fri, 04 Mar 2022 02:20:30 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 17E3 3 KB
578 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=280&slotname=8042110665&adk=772156370&adf=815780160&pi=t.ma~as.8042110665&w=696&fwrn=4&fwrnh=100&lmt=1621253399&rafmt=1&psa=0&format=696x280&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398688&bpp=29&bdt=574&idt=337&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=266&ady=480&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=doas2SqEUu&p=https%3A//gbhackers.com&dtd=350

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 May 2021 10:15:06 GMT
server: ESF
date: Mon, 17 May 2021 12:10:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 May 2021 12:10:00 GMT

GET
H3-29 200 bg_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/elements/html/ Frame 17E3 6 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/elements/html/bg_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

3064051b55452898041bd544760775c16f1745bdf57f68f7178e85ba5d251803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:07:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3757
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2682
x-xss-protection: 0
server: cafe
etag: 2526539418818066319
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 11:07:23 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 17E3 1 KB
909 B 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:02:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 472
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:02:08 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/ Frame 17E3 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

85e3697fdb65077432d19ff2953a9384b12c6971b9187fd719ac2cf0f1f472d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7042
x-xss-protection: 0
server: cafe
etag: 2725110100707361309
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:09:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 17E3 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:09:00 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 17E3 117 KB
36 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14a6bc9fca94f536d24da272cf684e3e900adaf170804cceda99f44c97c710c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:10:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620991973329016"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36585
x-xss-protection: 0
expires: Mon, 17 May 2021 12:10:00 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 17E3 13 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:08:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 97
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:08:23 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 17E3 0
0 19ms
15ms Image
text/html 2a00:1450:4001:831::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT_HgTnnq7crMIeuK3lvMW3auTGXHL_RNkOb8cVfRuf0d3rB7CaauCKc8viXzn31X32QQusTU0OX8AJF8u3Y0WIoUuzLw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=280&slotname=8042110665&adk=772156370&adf=815780160&pi=t.ma~as.8042110665&w=696&fwrn=4&fwrnh=100&lmt=1621253399&rafmt=1&psa=0&format=696x280&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398688&bpp=29&bdt=574&idt=337&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=266&ady=480&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=doas2SqEUu&p=https%3A//gbhackers.com&dtd=350
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 a9a8364a2596c42846402f3b38495283.js Show response
www.gstatic.com/mysidia/ Frame 17E3 25 KB
10 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:82b::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a9a8364a2596c42846402f3b38495283.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4bfbe90df75b370438ad25150e701108c1d6bb27003add53d2f0be9e42b194ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 11:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:22:03 GMT
server: sffe
age: 2081
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10414
x-xss-protection: 0
expires: Sun, 15 Aug 2021 11:35:19 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 56BE 4 KB
617 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=1238950596&adk=1685320399&adf=172511590&pi=t.ma~as.1238950596&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398717&bpp=2&bdt=604&idt=371&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=1365&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=6NXkeUWmfA&p=https%3A//gbhackers.com&dtd=375

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 May 2021 10:19:40 GMT
server: ESF
date: Mon, 17 May 2021 12:10:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 May 2021 12:10:00 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 17E3 0
0 44ms
42ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Com5xF12iYKb3F83dzQaL_qvQBvzthtpiz7jhtdMNv87z_QgQASCKqvZCYJUCoAGSmav8AsgBAagDAcgDywSqBIsCT9AiRVVJAutVrFJCo75yrz8aHpEKxvkIO4S9FBhWTGnyAMaIzmg2clhUg5GS3v7OIr_xvi2siNcizcRqS1hsoutEMshUhhddanXvqdff2nXZLZy9hZNzVUW0CdjkAl9UEN5MKMmUf1vjXLCKLyUCm_JI5M8B-B16lX63v9EQk0Kjll-8vIoMqhEZJiI3W1G0mmu5DYwAKOSsB_jihDaMjHME2-UuDr-aQaNwQxxWjOFBP-TXQfoxA0iLH2wO5Pwad3Q-pOnZvod9xgRCdnw08El9nGZ-Hu-X6VxnzQitT2COkWGsSgRyR9mTLefzG2jVdwAjD1wpcmL5ptdXrsEn0JvcJj0co5MT_cd2wASA2s2U2wOSBQQIBBgBkgUECAUYBIAH1ubUgwGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQ-vAp0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBmBYBgBcBshcaChgIABIUcHViLTUzNzI3ODYxNzQ3NjAyMjg&sigh=SW5D_KndUa0

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=280&slotname=8042110665&adk=772156370&adf=815780160&pi=t.ma~as.8042110665&w=696&fwrn=4&fwrnh=100&lmt=1621253399&rafmt=1&psa=0&format=696x280&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398688&bpp=29&bdt=574&idt=337&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=266&ady=480&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=doas2SqEUu&p=https%3A//gbhackers.com&dtd=350
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 17 May 2021 12:10:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 56BE 1 KB
909 B 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:02:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 472
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:02:08 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/ Frame 56BE 17 KB
7 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

85e3697fdb65077432d19ff2953a9384b12c6971b9187fd719ac2cf0f1f472d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7042
x-xss-protection: 0
server: cafe
etag: 2725110100707361309
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:09:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 56BE 2 KB
1 KB 13ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:09:00 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 56BE 117 KB
36 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14a6bc9fca94f536d24da272cf684e3e900adaf170804cceda99f44c97c710c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:10:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620991973329016"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36585
x-xss-protection: 0
expires: Mon, 17 May 2021 12:10:00 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 56BE 13 KB
6 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:08:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 97
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:08:23 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 56BE 0
0 18ms
13ms Image
text/html 2a00:1450:4001:831::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSBj3LUwr4rXZzvHDHYoPcqDDhH8g937-oiW04lqnPtELd2RTUVscp6Jp5UYp2-WO4xB-mmDr1kXCxOrqQT3t7_1zxtXw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=1238950596&adk=1685320399&adf=172511590&pi=t.ma~as.1238950596&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398717&bpp=2&bdt=604&idt=371&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=1365&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=6NXkeUWmfA&p=https%3A//gbhackers.com&dtd=375
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 a9a8364a2596c42846402f3b38495283.js Show response
www.gstatic.com/mysidia/ Frame 56BE 25 KB
10 KB 20ms
14ms Script
text/javascript 2a00:1450:4001:82f::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a9a8364a2596c42846402f3b38495283.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4bfbe90df75b370438ad25150e701108c1d6bb27003add53d2f0be9e42b194ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 20:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:22:03 GMT
server: sffe
age: 57745
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10414
x-xss-protection: 0
expires: Sat, 14 Aug 2021 20:07:35 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8D8B 143 B
163 B 9ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=280&slotname=8042110665&adk=772156370&adf=815780160&pi=t.ma~as.8042110665&w=696&fwrn=4&fwrnh=100&lmt=1621253399&rafmt=1&psa=0&format=696x280&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398688&bpp=29&bdt=574&idt=337&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=266&ady=480&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=doas2SqEUu&p=https%3A//gbhackers.com&dtd=350
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUnACZFYYOxYBLEUh0vY3WJFrKv8xNadL-9gAu9PtsKDZ0Nquyt7B_aLugabWJU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=280&slotname=8042110665&adk=772156370&adf=815780160&pi=t.ma~as.8042110665&w=696&fwrn=4&fwrnh=100&lmt=1621253399&rafmt=1&psa=0&format=696x280&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398688&bpp=29&bdt=574&idt=337&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=266&ady=480&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=doas2SqEUu&p=https%3A//gbhackers.com&dtd=350

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 17 May 2021 11:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2441
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B1FD 1 KB
749 B 9ms
7ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 17 May 2021 06:38:34 GMT
expires: Tue, 18 May 2021 06:38:34 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 19886
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/311988235480489666/ Frame 56BE 12 KB
12 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/311988235480489666/downsize_200k_v1?w=400&h=209

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a839e7404c5ae65914c49e56a8f169e01cb952010cfeca9258b7e6f0c441f2cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 05:04:25 GMT
x-content-type-options: nosniff
age: 284735
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12284
x-xss-protection: 0
last-modified: Thu, 03 Dec 2020 20:31:11 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 05:04:25 GMT

GET
DATA 200
OK truncated
/ Frame 56BE 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 56BE 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CzBR1F12iYJmZGOq8-wbkpYGwAY680aliydqr0qoMxMGLoqQcEAEgiqr2QmCVAqAButvjmAPIAQmoAwHIA8sEqgSSAk_QU4zSpBJ7FPWR4vAtLvVY6IZuuymQS7IhG1TMviWCC55XGUj09OqECLoLNSUdDix-hQo8JfFEVS87NRwXccR8NPVGLg16N6BCc1cvHPF0t8V4prqfNzRuutqQWD-sZ_TfyHhit_6eICcZat1NFGlO2Hvqbt-InUM6EL5A3g8s_9noaoZx63PfIthyxLDDueW58xE5udvWJ0ycQpyGriqRgsvGb06IzoaLBwu8Of-EPkDQCAL66TIfrVncLARiDtM1mqIMFGrZBFRAqDsVDY2Cvg61HHeBAWVi2fKVnGA7KSjsVEiffWk9lFmCD0zEfjB7ex8oMq0ch8_R--JjZ07yURtogmFjd4eW1Yj6h4HfqqXABPLaiI2pA5IFBAgEGAGSBQQIBRgEoAYugAeupJxnqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEIm3aNIICQiA4YAQEAEYH4AKAcgLAbgTiCfYEw2IFAbQFQGAFwGyFxoKGAgAEhRwdWItNTM3Mjc4NjE3NDc2MDIyOA&sigh=XSbWW9jtwhs&template_id=5000

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=1238950596&adk=1685320399&adf=172511590&pi=t.ma~as.1238950596&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398717&bpp=2&bdt=604&idt=371&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=1365&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=6NXkeUWmfA&p=https%3A//gbhackers.com&dtd=375
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 17 May 2021 12:10:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 17E3 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 210e5c2757eb3b82a03702a11b2476514ad85df43e4b4a4ebcf8325dae072df1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EDC8 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 17 May 2021 06:38:34 GMT
expires: Tue, 18 May 2021 06:38:34 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 19886
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 56BE 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f218c02bd440d145575a44dda01906280e2723fbbef4c2da8b15f84b90731c7c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 17E3 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 01:32:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 383878
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Fri, 13 May 2022 01:32:02 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 17E3 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 01:31:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 383909
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Fri, 13 May 2022 01:31:31 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 41E6 3 KB
578 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=2715683798&adk=3586715749&adf=1368364605&pi=t.ma~as.2715683798&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398719&bpp=1&bdt=606&idt=377&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280%2C300x250&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=2368&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9UpxQZ1VAq&p=https%3A//gbhackers.com&dtd=382

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 May 2021 11:07:08 GMT
server: ESF
date: Mon, 17 May 2021 12:10:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 May 2021 12:10:00 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 41E6 1 KB
909 B 8ms
8ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:02:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 472
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:02:08 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/ Frame 41E6 17 KB
7 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

85e3697fdb65077432d19ff2953a9384b12c6971b9187fd719ac2cf0f1f472d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7042
x-xss-protection: 0
server: cafe
etag: 2725110100707361309
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:09:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 41E6 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:09:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:09:00 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 41E6 117 KB
36 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14a6bc9fca94f536d24da272cf684e3e900adaf170804cceda99f44c97c710c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:10:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1620991973329016"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36585
x-xss-protection: 0
expires: Mon, 17 May 2021 12:10:00 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/ Frame 41E6 13 KB
6 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:08:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 97
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 May 2021 12:08:23 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 41E6 0
0 17ms
13ms Image
text/html 2a00:1450:4001:831::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT1xEUrZ2uoF3lXi64_TlHMLWzgYOFe-pVL-ddYqegdPQFEVfwYRgoq76pxFYE8hOkN6wez082XJhVR1wFRjSCkMAqrRQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=2715683798&adk=3586715749&adf=1368364605&pi=t.ma~as.2715683798&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398719&bpp=1&bdt=606&idt=377&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280%2C300x250&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=2368&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9UpxQZ1VAq&p=https%3A//gbhackers.com&dtd=382
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 a9a8364a2596c42846402f3b38495283.js Show response
www.gstatic.com/mysidia/ Frame 41E6 25 KB
10 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:82f::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a9a8364a2596c42846402f3b38495283.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4bfbe90df75b370438ad25150e701108c1d6bb27003add53d2f0be9e42b194ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 20:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:22:03 GMT
server: sffe
age: 57745
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10414
x-xss-protection: 0
expires: Sat, 14 Aug 2021 20:07:35 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame B1FD 35 B
463 B 31ms
9ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEdXxz6qMM3ZuqljAEbqPI0&google_cver=1&google_push=AQvitUJdSS4ckS2bMX7G3m2VqMgMOvWfQe6tMUkg2hsImdH3XpfcLUkd75CaFMrd0NC6it72mRm-VjBpIvM1jyL2P_-4HYAkrT02

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B1FD
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUKdS6-00oJOBwsvbbendqiOHGleLByCZxSulJF...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtKZEdBQUFCRXlQZzJhZw&google_push=AQvitUKdS6-00oJOBwsvbbendqiOHGleLByCZxSulJF7YBmhOXxMb11Voi7G17_6rCFinCFN2XVjuQxR3zrpCn0WEc0F2bPcdtSE

170 B
188 B

29ms
29ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtKZEdBQUFCRXlQZzJhZw&google_push=AQvitUKdS6-00oJOBwsvbbendqiOHGleLByCZxSulJF7YBmhOXxMb11Voi7G17_6rCFinCFN2XVjuQxR3zrpCn0WEc0F2bPcdtSE

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtKZEdBQUFCRXlQZzJhZw&google_push=AQvitUKdS6-00oJOBwsvbbendqiOHGleLByCZxSulJF7YBmhOXxMb11Voi7G17_6rCFinCFN2XVjuQxR3zrpCn0WEc0F2bPcdtSE
Date: Mon, 17 May 2021 12:10:00 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame B1FD 43 B
607 B 57ms
25ms Image
image/gif 34.98.67.61

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEIsWbA3O2_CQz7B4lxe8MYw&google_push=AQvitULvpRYi_GOMW8aSpvjuY2Ol7KeTyAgmc8_xpQhHwauUWuqtkPh0kAGE7wZA-ENoL_ZVw_Jk2I5PNyHA5UwUjwQ77KFvWsqe&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=280&slotname=8042110665&adk=772156370&adf=815780160&pi=t.ma~as.8042110665&w=696&fwrn=4&fwrnh=100&lmt=1621253399&rafmt=1&psa=0&format=696x280&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398688&bpp=29&bdt=574&idt=337&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=2&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=266&ady=480&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=doas2SqEUu&p=https%3A//gbhackers.com&dtd=350
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN (),
Reverse DNS
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B1FD
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEEmzXYEVFX-BIRqIG5M6Waw&google_cver=1&google_push=AQvitUJ2AO1R1UMvB1sXVJ6LFRN2QC3aPvyNjqmfiMBHASaPJ4x3MubWHzjquVf0ukBJRfOLqGaSGz378I2cZLAOB1AV8OYPP29x
https://rtb.openx.net/sync/dds?google_gid=CAESEEmzXYEVFX-BIRqIG5M6Waw&google_cver=1&google_push=AQvitUJ2AO1R1UMvB1sXVJ6LFRN2QC3aPvyNjqmfiMBHASaPJ4x3MubWHzjquVf0ukBJRfOLqGaSGz378I2cZLAOB1AV8OYPP29x&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ2AO1R1UMvB1sXVJ6LFRN2QC3aPvyNjqmfiMBHASaPJ4x3MubWHzjquVf0ukBJRfOLqGaSGz378I2cZLAOB1AV8OYPP29x&google_hm=v5fMemhVwnwdGZ1qymmGEw==

170 B
188 B

31ms
31ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ2AO1R1UMvB1sXVJ6LFRN2QC3aPvyNjqmfiMBHASaPJ4x3MubWHzjquVf0ukBJRfOLqGaSGz378I2cZLAOB1AV8OYPP29x&google_hm=v5fMemhVwnwdGZ1qymmGEw==

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUJ2AO1R1UMvB1sXVJ6LFRN2QC3aPvyNjqmfiMBHASaPJ4x3MubWHzjquVf0ukBJRfOLqGaSGz378I2cZLAOB1AV8OYPP29x&google_hm=v5fMemhVwnwdGZ1qymmGEw==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: equeuvevq88qak4tdq9jhpke4vensbjp

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B1FD
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=OsMrSOseThK-__SVOEJuAA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

27ms
26ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=OsMrSOseThK-__SVOEJuAA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUIJ-Hu-XLYCAVDrykBi8eJo0-TTclV3o984ak0aDwuoyFUDx7JHxINOLgt2gJr2XMb4LRhTG0kfueBa7bmPsnQnYpD68kHr

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=OsMrSOseThK-__SVOEJuAA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUIJ-Hu-XLYCAVDrykBi8eJo0-TTclV3o984ak0aDwuoyFUDx7JHxINOLgt2gJr2XMb4LRhTG0kfueBa7bmPsnQnYpD68kHr
date: Mon, 17 May 2021 12:09:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B1FD
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIidZanZFJg3Afp0iUImRkU&google_cver=1&google_push=AQvitULP2sCJS-T6LdvURyp7vZtuXBoW0GNdeO-hXnbRDKJZtD3W2eT0WyJaMY10Dp4tBBNmEph...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09TS0VYVjAtMTAtOVRORw==&google_push=AQvitULP2sCJS-T6LdvURyp7vZtuXBoW0GNdeO-hXnbRDKJZtD3W2eT0WyJaMY10Dp4tBBNmEphygHF_0RYOYC3Tv9o3zxgeSvg8

170 B
188 B

36ms
35ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09TS0VYVjAtMTAtOVRORw==&google_push=AQvitULP2sCJS-T6LdvURyp7vZtuXBoW0GNdeO-hXnbRDKJZtD3W2eT0WyJaMY10Dp4tBBNmEphygHF_0RYOYC3Tv9o3zxgeSvg8

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09TS0VYVjAtMTAtOVRORw==&google_push=AQvitULP2sCJS-T6LdvURyp7vZtuXBoW0GNdeO-hXnbRDKJZtD3W2eT0WyJaMY10Dp4tBBNmEphygHF_0RYOYC3Tv9o3zxgeSvg8
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame B1FD
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_push=AQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW...

0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame B1FD 0
227 B 79ms
26ms Image
text/html 142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JSoV7eSjGHzcsf3m_DKsMK8xSZGKHlrG9K7pDF2RP2lh_Xq46HXJTvESw1e1YwJjRdNJnj

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 41E6 0
0 44ms
43ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CsskFF12iYJ2oGIa_zAaIkYHoDpGer4Rhtcbv6fgM6Kq2lYsDEAEgiqr2QmCVAqAB3JK0vwPIAQGoAwHIA8MEqgSPAk_QisI2G-dWFATK9s3hPIMNLPzfnNrUB4kZhwZ7dclK3piufNFdl2hUqKXSj0z7pL6Il6DIRzDGOt0nSL6HMP2vI15C8tY8SeJfdHlLCuF72ucTvhvyusHL8DAk6mXAN8aq-jKOcjp0Ep2Nk0ijWt3EugkrH8aOt863ldslZ3dnEDNNqDtXUZAiqa_nvwdVTYgTkz_2aD3vh2Bkz4sH1bKVVEBraeoh0jo6pHS9A3w4DyMSNlvAm5LFssy1j1pA9l6wvrxbe2qZpoOSDfOrEoqfX6NCsuXlqujmx20pXHZMi9rc7U5X32vWxXoAvSYo0kBnbPRtMqXggVJM5o0A3Syq_fUAC52kttLGe8DdfDfABMCa_qzGA5IFBAgEGAGSBQQIBRgEoAZRgAeM7ctAqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEKGZF9IICQiA4YAQEAEYH4AKAcgLAdgTDNAVAZgWAYAXAbIXGgoYCAASFHB1Yi01MzcyNzg2MTc0NzYwMjI4&sigh=xWcaTK9nCe0

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=2715683798&adk=3586715749&adf=1368364605&pi=t.ma~as.2715683798&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398719&bpp=1&bdt=606&idt=377&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280%2C300x250&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=2368&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9UpxQZ1VAq&p=https%3A//gbhackers.com&dtd=382
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 17 May 2021 12:10:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8D8B
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
14ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUkRm41fmBfptpt2XjmvG7I_mQVEFFvbVHxcO3-ZNWM04z06_L8WZUxvT7eCHtk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 17 May 2021 12:10:00 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Mon, 17-May-2021 13:10:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 17 May 2021 12:10:00 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 17 May 2021 12:10:00 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 56BE 16 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 00:12:11 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
age: 561469
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
expires: Wed, 11 May 2022 00:12:11 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 56BE 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 01:43:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 383188
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Fri, 13 May 2022 01:43:32 GMT

GET
H3-29 200 DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 5547 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/elements/html/bg_fy2019.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f2408d274b2e81505cf5c1b84d9f0d583282490834abfe22710e697342c05e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 07:07:36 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 104544
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5636
x-xss-protection: 0
expires: Mon, 16 May 2022 07:07:36 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame EDC8 35 B
210 B 13ms
8ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELzVRV4YNtVQ8jXbKuu5Kas&google_cver=1&google_push=AQvitULk6GPzPJ9qCKFc0czfgwKVg2x8tUQ52dQ_Etd-VFeqcKLcbLGD-YixJm3OJg6Pb3ikhFM7mJTunAB_cf9RlaoaNS-n6ng

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame EDC8
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAQvitUJBTcIdKB4e725K7-4JR2kMpeByOU5mpdw5HaC...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtKZEdBQUFBUGxVTDNBbA&google_push=AQvitUJBTcIdKB4e725K7-4JR2kMpeByOU5mpdw5HaC6-BcNA9YZP9k54VIsCyzQV6DPyxxI3w_OBt5yzgzKe5If1LYATdbydQ

170 B
188 B

28ms
28ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtKZEdBQUFBUGxVTDNBbA&google_push=AQvitUJBTcIdKB4e725K7-4JR2kMpeByOU5mpdw5HaC6-BcNA9YZP9k54VIsCyzQV6DPyxxI3w_OBt5yzgzKe5If1LYATdbydQ

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WUtKZEdBQUFBUGxVTDNBbA&google_push=AQvitUJBTcIdKB4e725K7-4JR2kMpeByOU5mpdw5HaC6-BcNA9YZP9k54VIsCyzQV6DPyxxI3w_OBt5yzgzKe5If1LYATdbydQ
Date: Mon, 17 May 2021 12:10:00 GMT
Server: Apache
Connection: keep-alive
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame EDC8
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEEDtWOMk1zFAnGQIFLVCtpQ&google_cver=1&google_push=AQvitUJWwQWGukHnBC5F8IhctAZOiSKNGpszN4ctZNJ9W9pyF7_mjNjr_4ZmCvr-bxHnMdXi84VZOLs4zzmBPe8UX8LSLNWjug
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJWwQWGukHnBC5F8IhctAZOiSKNGpszN4ctZNJ9W9pyF7_mjNjr_4ZmCvr-bxHnMdXi84VZOLs4zzmBPe8UX8LSLNWjug&google_hm=Q0FFU0VFRHRXT01rMXpGQW5...

170 B
188 B

27ms
26ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJWwQWGukHnBC5F8IhctAZOiSKNGpszN4ctZNJ9W9pyF7_mjNjr_4ZmCvr-bxHnMdXi84VZOLs4zzmBPe8UX8LSLNWjug&google_hm=Q0FFU0VFRHRXT01rMXpGQW5HUUlGTFZDdHBR

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 17 May 2021 12:09:59 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUJWwQWGukHnBC5F8IhctAZOiSKNGpszN4ctZNJ9W9pyF7_mjNjr_4ZmCvr-bxHnMdXi84VZOLs4zzmBPe8UX8LSLNWjug&google_hm=Q0FFU0VFRHRXT01rMXpGQW5HUUlGTFZDdHBR
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame EDC8 43 B
389 B 31ms
26ms Image
image/gif 34.98.67.61

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEM36fAS0fx5L1tMYfSxad5Y&google_push=AQvitULbNDLQxsXFb4rfOifeDihZdDyzSR7Zvd7sALdpCfDUuzEZfWfG6mBdDvvWSrYn4AZKqQrgMrkvnoBM1Vsyjr79mqWQZg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=1238950596&adk=1685320399&adf=172511590&pi=t.ma~as.1238950596&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398717&bpp=2&bdt=604&idt=371&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=1365&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=6NXkeUWmfA&p=https%3A//gbhackers.com&dtd=375
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN (),
Reverse DNS
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame EDC8
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PgNN3C80S5i_tD-Sc3e8zg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

27ms
27ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PgNN3C80S5i_tD-Sc3e8zg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJH8n8VEpqZpexhB4BOeF9mqWR_E4P-4CbGMxZSnARX5vEkPs6kWij1VAKqEdgqcG65VK0HG2lenZnzeUs5L--XLZmDm10

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PgNN3C80S5i_tD-Sc3e8zg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUJH8n8VEpqZpexhB4BOeF9mqWR_E4P-4CbGMxZSnARX5vEkPs6kWij1VAKqEdgqcG65VK0HG2lenZnzeUs5L--XLZmDm10
date: Mon, 17 May 2021 12:09:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame EDC8
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEOkP6sI2zLcBo8zm0cGYJGg&google_cver=1&google_push=AQvitUJlxsYhGBfu1xQ6zuXRXVW7jXq7Qp1GuLD83vn4WU2HYf1lYX_5B839ai4syfIoTb2DcT8...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09TS0VYVzItMVotMUNI&google_push=AQvitUJlxsYhGBfu1xQ6zuXRXVW7jXq7Qp1GuLD83vn4WU2HYf1lYX_5B839ai4syfIoTb2DcT8CMpLs1od40NgGdJpjtcUwenw

170 B
188 B

29ms
28ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09TS0VYVzItMVotMUNI&google_push=AQvitUJlxsYhGBfu1xQ6zuXRXVW7jXq7Qp1GuLD83vn4WU2HYf1lYX_5B839ai4syfIoTb2DcT8CMpLs1od40NgGdJpjtcUwenw

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09TS0VYVzItMVotMUNI&google_push=AQvitUJlxsYhGBfu1xQ6zuXRXVW7jXq7Qp1GuLD83vn4WU2HYf1lYX_5B839ai4syfIoTb2DcT8CMpLs1od40NgGdJpjtcUwenw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame EDC8
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEN-_KHCLbJjfAvb0Q80Dwng&google_cver=1&google_push=AQvitUILgtNnw_VuHme0pS1_...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUILgtNnw_VuHme0pS1_eRPJYA3bGn98vCBe2byjjnb9InhlRiYKgZ76fT909MVUKvk80WNgExDlufy0YOMU_5L-Xnh38iYz&google_hm=

170 B
188 B

28ms
26ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUILgtNnw_VuHme0pS1_eRPJYA3bGn98vCBe2byjjnb9InhlRiYKgZ76fT909MVUKvk80WNgExDlufy0YOMU_5L-Xnh38iYz&google_hm=

Requested by

Host: gbhackers.com
URL: https://gbhackers.com/apt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUILgtNnw_VuHme0pS1_eRPJYA3bGn98vCBe2byjjnb9InhlRiYKgZ76fT909MVUKvk80WNgExDlufy0YOMU_5L-Xnh38iYz&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Sun, 16 May 2021 12:10:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame EDC8 0
49 B 30ms
27ms Image
text/html 142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KqCRQFQkyNaAOGA0wEech8KCPkyF-n-MILslbxJTvoCX3aqzUjsvXfBRliH16Wgx7hzVWZxQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E71F 143 B
163 B 6ms
5ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=2715683798&adk=3586715749&adf=1368364605&pi=t.ma~as.2715683798&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398719&bpp=1&bdt=606&idt=377&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280%2C300x250&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=2368&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9UpxQZ1VAq&p=https%3A//gbhackers.com&dtd=382
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUkRm41fmBfptpt2XjmvG7I_mQVEFFvbVHxcO3-ZNWM04z06_L8WZUxvT7eCHtk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=2715683798&adk=3586715749&adf=1368364605&pi=t.ma~as.2715683798&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398719&bpp=1&bdt=606&idt=377&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280%2C300x250&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=2368&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9UpxQZ1VAq&p=https%3A//gbhackers.com&dtd=382

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 17 May 2021 11:29:19 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2441
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 45F4 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 17 May 2021 06:38:34 GMT
expires: Tue, 18 May 2021 06:38:34 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 19886
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 41E6 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e6ce539976176e44948dff3905e228b527f600e940f1a27319f0585573336098

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js Show response
pagead2.googlesyndication.com/bg/ Frame D61C 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f2408d274b2e81505cf5c1b84d9f0d583282490834abfe22710e697342c05e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 07:07:36 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 104544
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5636
x-xss-protection: 0
expires: Mon, 16 May 2022 07:07:36 GMT

POST
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 41E6 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=26&version=r20210511&sample=0.01

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20210511/r20110914/client/load_preloaded_resource_fy2019.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 41E6 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 01:32:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 383878
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Fri, 13 May 2022 01:32:02 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 41E6 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 01:31:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 383909
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Fri, 13 May 2022 01:31:31 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2D63 42 B
64 B 55ms
41ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv9SumMiwMrfrUKCCE0MXXES3vXurxuoApNNuNhXQ0Z8i3wvqjPSaS9rekG8pDjdaLSbLh-9rxJvmzVihhGk-K7eAwTyUDUz77WaFKUo9AgltLyOQ_wmCep8gI8nw&sai=AMfl-YT_XzAqDCcFuU0NS79Os-od7QDhAMWSNS06w6H6Yg_A-LdjXnXihGw5rxPNGHp4ns6KE1HCca0ulWuD&sig=Cg0ArKJSzPi-yd8ORmLnEAE&id=lidar2&mcvt=1008&p=0,1440,600,1600&mtos=1008,1008,1008,1008,1008&tos=1008,0,0,0,0&v=20210514&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=1157797212&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&rst=1621253398996&dlt=386&rpt=147&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 45F4
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEFCToY0mei9TQBmIu9N2vv4&google_cver=1&google_push=AQvitULDpopPm3jtVfmc_4s_ujEEgJDwMzFq56PrXtFPnQx1HTNf2Nmhj9...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULDpopPm3jtVfmc_4s_ujEEgJDwMzFq56PrXtFPnQx1HTNf2Nmhj9uIKQ8Hq2Cu1yyinjgc_f5NMRYcK4D_To3kg_GLqxnF&google_hm=LXDiVe...

170 B
188 B

27ms
26ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULDpopPm3jtVfmc_4s_ujEEgJDwMzFq56PrXtFPnQx1HTNf2Nmhj9uIKQ8Hq2Cu1yyinjgc_f5NMRYcK4D_To3kg_GLqxnF&google_hm=LXDiVejX4KtSN0Mh28iLJA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AQvitULDpopPm3jtVfmc_4s_ujEEgJDwMzFq56PrXtFPnQx1HTNf2Nmhj9uIKQ8Hq2Cu1yyinjgc_f5NMRYcK4D_To3kg_GLqxnF&google_hm=LXDiVejX4KtSN0Mh28iLJA
pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 45F4
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAQvitULlYBC2K8WMRNXdbmBW35rTZ21XVjz4fgED3JmZnXBkFRNC0b3HHDKvymSWX1MHlyE5ixKBeLnzfKNFH0So1jIdu1eE_No&google_gid=CAESEJ0edXY5lGNwEE1bPsmhCbA&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJi6iYUGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BUXZpdFVMbFlCQzJLOFdNUk5YZGJtQlczNXJUWjIxWFZqejRmZ0VEM0ptWm5YQmtGUk5DMGIzSEhES3Z5bVNXWDFNSGx5RTVpeEtCZUxuemZLTkZIMF...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwaHpIRmJ2TWtsMzFCdGRUc1NTdHRoWkQybmN2alloOWVZTnZ3ZjBHai1fVQ==&google_push

170 B
188 B

27ms
26ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwaHpIRmJ2TWtsMzFCdGRUc1NTdHRoWkQybmN2alloOWVZTnZ3ZjBHai1fVQ==&google_push

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 17 May 2021 12:10:00 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwaHpIRmJ2TWtsMzFCdGRUc1NTdHRoWkQybmN2alloOWVZTnZ3ZjBHai1fVQ==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 45F4 43 B
389 B 27ms
26ms Image
image/gif 34.98.67.61

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEK49jkU5FnyOX8WaKkPUurw&google_push=AQvitUL7-uFRtkUh7--dwur0rQPsuLw3dRQKAo5AwRBDk3K12xFMCdGVWtTi5BjXthqzeNI0XD9k0JUkZK29tMY_tVhp5WA9O9ya&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5372786174760228&output=html&h=250&slotname=2715683798&adk=3586715749&adf=1368364605&pi=t.ma~as.2715683798&w=300&lmt=1621253399&psa=0&format=300x250&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253398719&bpp=1&bdt=606&idt=377&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=696x280%2C300x250&prev_slotnames=3739790355&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=464&ady=2368&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9UpxQZ1VAq&p=https%3A//gbhackers.com&dtd=382
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN (),
Reverse DNS
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 45F4
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEI9N3NDByF5dV3-nOAsod9g&google_cver=1&google_push=AQvitULcVwT-Elrk4td94_TIx3zrt8cTBrJdpoW8U4P7LOyYeTj3FSp_BdTfK6y-RLYSYLYt08YQOxOK-dsTqruu9FrIqg0FUXU
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULcVwT-Elrk4td94_TIx3zrt8cTBrJdpoW8U4P7LOyYeTj3FSp_BdTfK6y-RLYSYLYt08YQOxOK-dsTqruu9FrIqg0FUXU&google_hm=v5fMemhVwnwdGZ1qymmGEw==

170 B
188 B

27ms
27ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULcVwT-Elrk4td94_TIx3zrt8cTBrJdpoW8U4P7LOyYeTj3FSp_BdTfK6y-RLYSYLYt08YQOxOK-dsTqruu9FrIqg0FUXU&google_hm=v5fMemhVwnwdGZ1qymmGEw==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULcVwT-Elrk4td94_TIx3zrt8cTBrJdpoW8U4P7LOyYeTj3FSp_BdTfK6y-RLYSYLYt08YQOxOK-dsTqruu9FrIqg0FUXU&google_hm=v5fMemhVwnwdGZ1qymmGEw==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: k1h25j2lfccbo1v7vu674k07lqfud3e8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 45F4
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PgNN3C80S5i_tD-Sc3e8zg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

26ms
26ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PgNN3C80S5i_tD-Sc3e8zg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKwupwaYfjxNnANMTdIVApvI3cK9HtzPhHBxRO9SEb0VtAj6LZ_r4KIF4R9dOBUQqpBACp65smg5Kbev4S9EJ6Hb3yO4Hk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=PgNN3C80S5i_tD-Sc3e8zg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKwupwaYfjxNnANMTdIVApvI3cK9HtzPhHBxRO9SEb0VtAj6LZ_r4KIF4R9dOBUQqpBACp65smg5Kbev4S9EJ6Hb3yO4Hk
date: Mon, 17 May 2021 12:09:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 45F4
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFlcg-hqLMjlRyQQ1AhIiHg&google_cver=1&google_push=AQvitULbpigeFAUt0Cec84QK10DATpx46g-h0HYo2Xsz80Mk_yVqLQQ0BIiIcI65Wik05_iQ-W0...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09TS0VZMU4tMUItQVNJRQ==&google_push=AQvitULbpigeFAUt0Cec84QK10DATpx46g-h0HYo2Xsz80Mk_yVqLQQ0BIiIcI65Wik05_iQ-W0EwEQTmrNc6eOJxu4pfnwW-4I

170 B
188 B

28ms
28ms

Image
image/png

142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09TS0VZMU4tMUItQVNJRQ==&google_push=AQvitULbpigeFAUt0Cec84QK10DATpx46g-h0HYo2Xsz80Mk_yVqLQQ0BIiIcI65Wik05_iQ-W0EwEQTmrNc6eOJxu4pfnwW-4I

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09TS0VZMU4tMUItQVNJRQ==&google_push=AQvitULbpigeFAUt0Cec84QK10DATpx46g-h0HYo2Xsz80Mk_yVqLQQ0BIiIcI65Wik05_iQ-W0EwEQTmrNc6eOJxu4pfnwW-4I
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 45F4
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dY...

0
0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 45F4 0
12 B 24ms
24ms Image
text/html 142.250.185.130

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KZ_RM92lwGXNHtTGeb_zd9No_VFU1Wn_6eXONwFuV6lIiO3j0OQSFlCuN7dpK1MGvilZJY

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN (),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:10:00 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=gbhackers.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 May 2021 12:10:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 27ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gbhackers.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 May 2021 12:10:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DBD7 0
16 B 15ms
15ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8834194653550774&output=html&adk=1812271804&adf=3025194257&lmt=1621253400&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253400541&bpp=2&bdt=2427&idt=2&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1d2aa1ccf8342db3-22a2241917c80053%3AT%3D1621253399%3ART%3D1621253399%3AS%3DALNI_MbwrrZ362jiL3FSGRxfvhlGZK_D4g&prev_fmts=696x280%2C300x250%2C300x250&prev_slotnames=3739790355&nras=1&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&psts=AGkb-H89CcB4GxNZxd1gIuxBd7Jc0BoFRmlBYeNIzY2ISYvx5Qj80oK8QlpSbAsixeiys3_T0Id4nF0L0w&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&ifi=5&uci=a!5&fsb=1&dtd=12

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8834194653550774&output=html&adk=1812271804&adf=3025194257&lmt=1621253400&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fgbhackers.com%2Fapt-hacker-group-fin7-uses-a-pentesting-tool-to-infect-windows-machines%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1621253400541&bpp=2&bdt=2427&idt=2&shv=r20210511&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1d2aa1ccf8342db3-22a2241917c80053%3AT%3D1621253399%3ART%3D1621253399%3AS%3DALNI_MbwrrZ362jiL3FSGRxfvhlGZK_D4g&prev_fmts=696x280%2C300x250%2C300x250&prev_slotnames=3739790355&nras=1&correlator=7436988267135&frm=20&pv=1&ga_vid=1929148175.1621253399&ga_sid=1621253399&ga_hid=554624659&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982100%2C21066429&oid=3&psts=AGkb-H89CcB4GxNZxd1gIuxBd7Jc0BoFRmlBYeNIzY2ISYvx5Qj80oK8QlpSbAsixeiys3_T0Id4nF0L0w&pvsid=2286001813659220&ref=https%3A%2F%2Ft.co%2F&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&ifi=5&uci=a!5&fsb=1&dtd=12
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gbhackers.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUkRm41fmBfptpt2XjmvG7I_mQVEFFvbVHxcO3-ZNWM04z06_L8WZUxvT7eCHtk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gbhackers.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 17 May 2021 12:10:00 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 19ms
19ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210511&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c63f38f7a194b7127a31177a5b62e58e26e84af081df696fd2bb730405ce0c43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 17 May 2021 12:10:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7704
x-xss-protection: 0

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E71F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
14ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUkRm41fmBfptpt2XjmvG7I_mQVEFFvbVHxcO3-ZNWM04z06_L8WZUxvT7eCHtk
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 17 May 2021 12:10:00 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Mon, 17-May-2021 13:10:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 17 May 2021 12:10:00 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 17 May 2021 12:10:00 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 436F 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f2408d274b2e81505cf5c1b84d9f0d583282490834abfe22710e697342c05e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 07:07:36 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 104544
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5636
x-xss-protection: 0
expires: Mon, 16 May 2022 07:07:36 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:10:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 17 May 2021 12:10:00 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame D318 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:813::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN (),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gbhackers.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gbhackers.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 17 May 2021 12:07:59 GMT
expires: Tue, 17 May 2022 12:07:59 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 121
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js Show response
pagead2.googlesyndication.com/bg/ Frame D318 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DyQI0nSy6BUFz1wbhNnw1YMoJJCDSr_iJxDmlzQsBeQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f2408d274b2e81505cf5c1b84d9f0d583282490834abfe22710e697342c05e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 07:07:36 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 06 May 2021 09:28:00 GMT
server: sffe
age: 104544
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5636
x-xss-protection: 0
expires: Mon, 16 May 2022 07:07:36 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
121 B 41ms
41ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210511&jk=2286001813659220&bg=!nZ6lntrNAAY59bwoOfU7ACkAdvg8WqvyyQEgDC70C0MVIZz-YL89InATI7a1jFsIzRCS5dl5bvlhXgIAAAB2UgAAAAtoAQcKAMBsGiP8B_H1cabpkftfMZjyuZhEi3GekDtvtwHf-03fVoA1-Hbnfl0r3y0Y_SOrzknDbtSF3EYmCYzZ68yhhzdXMs_LEK97fn9XwuMUJbHc9TGGlsc7ruaUeBi5O4dLm8RTxB4PY6ZOwmRFKRxTxthgUYm38lz40pADANzEY4FHAuqVwoSlTx4oE5OEj2Npm8kggXqyRafJ4pHX4oD-1jUjtSnFMQ8fKzr07NRaN38UUqXppKxutuEdb0xSn1WaDKGZAkXONN5o0F7bUL-Kaou1gPCxqNm1wW2qZKc6n18PGmEcaMz5Vfy4Mby2AYTnwJXbAuqIfCGF3E_Kk8N8Piw1oNGeccPZKWZsnFlIQrYf8yjKQz9f1tY7JgJu9ZcyXL8PL0XbxNowiiVcsLvCg_1w9lhZhKzbo5TWx4rg1HMr3W_ZkSdN7DiIFvqDRgQPWYZmgOka_evxMF1x5tkBlsNW583QKKKq5XIqVhOwNbzWuMRXhmYyeu07hqQ3THnEHd_JXU9rENJTd4hDM6e7SMou_AeM2Nj-R-mxSoafT2cEABgRXHFvyXpe55C_p0G3anIPRCJ2tNQ74niqQxzCMf5yfmNl8pBqePIMk4T0AjYcpBxHbe1UXe5FBhh8C4xZvtHWODZP84E1901qCndWm6lfZXUvNU8RIcmpKgfTbxo0yIrNdtU0IfikYo--7QjO-vjWPSoHfi0d9nG4FJNEeZ1000T8OyqyUTZGmXKxht_Ew4bE3Kn_VJodDR08O652WSlUPWc8-mf3Z1QWfilh18F8H6RIN1U7xIkQ7coFQlenDh4j3pUIflTIP0aw9U3jTi_m5BCkNQoReK-u4K9XVh8FV5cxAP_H-pRFZnp--jlQ68MeX_H9ijQZ33J6hPz0-kY3ClLhyyak1s0RqF6u_oOCor195A5ofx-gFAqgCIu1zzQIoAcQQQ6rcdvhPIeudhbnRg9AeF4BOyL39vTijBWDc7jIi0mPirM2OswmWbzkXFShYgFW07jkA4Bp-Qa3Y_9qGT772G6OHA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gbhackers.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 17E3 42 B
64 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssq9Bw0Qt_ZjqWPJKd8m9FNf6aY8snDxqjx5Xepgx3MhejZQ-RUDj5dm9tis2QoS_mZ0I-I_l2Lh6z385q4Dvrv15ZyreSYb1M7dLKsTbhYOa5lHTA5cZ3cd6FM0A&sai=AMfl-YQEVFs5dP5WaIgJJ9AcO_MFnaWMyHm1ge3lKwk_sYHZkaaxW5Un2eDoVGpCFY4IDJxV2UWNE6H1c9Lexy-cLPrXx6rDTbrKYWQ&sig=Cg0ArKJSzO28u-5Zen_FEAE&cid=CAASF-RoKvrnd4mQykFCyYklczdAwf0r5RhM&id=lidar2&mcvt=1001&p=480,266,760,962&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210514&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=772156370&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&rst=1621253399042&dlt=975&rpt=87&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6.gif
p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-565384-i1-v6exp3.ds.metric.gstatic.com/v6exp3/ Frame B6D4 35 B
410 B 49ms
15ms Image
image/gif 2a00:1450:4001:829::2012
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-565384-i1-v6exp3.ds.metric.gstatic.com/v6exp3/6.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2012 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:09 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6.gif
p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-565384-i2-v6exp3.v4.metric.gstatic.com/v6exp3/ Frame B6D4 35 B
410 B 86ms
26ms Image
image/gif 142.250.185.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-565384-i2-v6exp3.v4.metric.gstatic.com/v6exp3/6.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.82 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f18.1e100.net

Software

sffe /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 12:10:09 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_cver=1&google_push=AQvitUL1rRbb223JkGAe3untDdXslEhlDNgeVywKsgHsyfJc18svDzo1gGeaKMghFxkw7UGN2aXW6v6O6_G6Wj7mRNi_xag9bYfc&google_gid=CAESENP4hDHfnoxYVrkZTYYH_j8&google_tc=

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKJdGLk7sRz19wF4NrXYlwAABIoAAAAB&google_push=AQvitUKDiHr1NOW1RWJlBECcXzjlzCEQLLAnPoXHcEIuAKhPLCjiAJA4n1L_EXm8TC9KcWl3jfVZXWY1U6YGzDm-dYq-LXujrIfX&google_cver=1&google_gid=CAESEO6yp6vU2gIDmboea3N4MG8&google_tc=

Verdicts & Comments Add Verdict or Comment

309 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 03:42:29	Name: IDE Value: AHWqTUkRm41fmBfptpt2XjmvG7I_mQVEFFvbVHxcO3-ZNWM04z06_L8WZUxvT7eCHtk
.gbhackers.com/	1970-01-19 18:22:19	Name: _gid Value: GA1.2.599702036.1621253399
.gbhackers.com/	1970-01-20 03:42:29	Name: __gads Value: ID=1d2aa1ccf8342db3-22a2241917c80053:T=1621253399:RT=1621253399:S=ALNI_MbwrrZ362jiL3FSGRxfvhlGZK_D4g
.gbhackers.com/	1970-01-19 18:20:53	Name: _gat_gtag_UA_88811382_1 Value: 1
.doubleclick.net/	1970-01-19 18:20:57	Name: DSID Value: NO_DATA
.gbhackers.com/	1970-01-20 11:52:05	Name: _ga Value: GA1.2.1929148175.1621253399

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://gbhackers.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 1) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=4cc0e90e607ad87706fb34633047a82d(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	log	URL: https://s0.wp.com/_static/??-eJyFzUEKwkAMheELmQ5DocWFeJZaY8kwyYxJBu3traBQV67e4v/ghUeFuYijeEgWajFnNJsW7JIdwm/lcqGM0Ax1A+JAcitfRzLndkV7w3RvqOtnOib5i4Bp0clxj3fPmh2qlue6tTOf4hDHPvbDeEwvhOVG7A==(Line 820) Message: JQMIGRATE: Migrate is installed, version 3.3.2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
1.gravatar.com
adservice.google.com
adservice.google.de
api.pinterest.com
cdn.onesignal.com
cm.g.doubleclick.net
cms.quantserve.com
d.agkn.com
fonts.googleapis.com
fonts.gstatic.com
gbhackers.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
graph.facebook.com
i0.wp.com
i1.wp.com
i2.wp.com
id.rlcdn.com
image6.pubmatic.com
jetpack.wordpress.com
lh5.googleusercontent.com
odr.mookie1.com
p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-565384-i1-v6exp3.ds.metric.gstatic.com
p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-565384-i2-v6exp3.v4.metric.gstatic.com
p4-chnihbx2pbw7y-pfiqrryyzdf4ioqw-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.rubiconproject.com
pixel.wp.com
public-api.wordpress.com
rtb.openx.net
s0.wp.com
secure.gravatar.com
securepubads.g.doubleclick.net
stats.g.doubleclick.net
stats.wp.com
t.co
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
cm.g.doubleclick.net
104.244.42.197
142.250.181.226
142.250.184.195
142.250.185.130
142.250.185.82
151.101.112.84
18.195.194.125
185.64.189.115
192.0.76.3
192.0.77.2
192.0.77.32
192.0.78.23
192.0.78.32
217.182.200.20
2606:4700:3030::6815:22df
2606:4700::6812:e134
2620:116:800d:21:51e4:db4b:4436:b305
2a00:1450:4001:800::2002
2a00:1450:4001:801::2001
2a00:1450:4001:802::2002
2a00:1450:4001:802::2003
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2004
2a00:1450:4001:80e::200e
2a00:1450:4001:811::2001
2a00:1450:4001:811::2008
2a00:1450:4001:813::2001
2a00:1450:4001:827::2002
2a00:1450:4001:828::200e
2a00:1450:4001:829::2012
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2004
2a00:1450:400c:c0c::9b
2a03:2880:f030:f:face:b00c:0:2
2a04:fa87:fffe::c000:4902
34.98.67.61
35.227.252.103
35.244.174.68
69.173.144.138
99.80.199.35
00c250bc17f772c96d4822622b54cfe700dc899581c3c29e9a1f5cc9d5079646
01ebeb3fcdc269ef402f29f9fba025d3266fcd5c54ae7bca44aaa7c2cf738d93
0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b
033ac4de550c02006f3ad635fab1d85fe4c08179481725a25c14862b503a1912
05e695a8f4bd26c3a3092afbd08d40b873b39599d47ce15c281b1b526e934258
05ebb6ddb9f062cace4a9db2e54b0a7d65f087bc16241796783e24b5c7b7975c
063097b88e61be916a7de3dd2ab1c7ae7a20349e46108a4db8356ea302031284
0a938256d2de59b044f8ca7c7aa0c788ed2ffa9a48bf0e3930a5830c4298f509
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
0cbcbae1760f5f3c61d7dc97ffe2a86fcd19748ef86b3a5762150891207479e5
0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0f2408d274b2e81505cf5c1b84d9f0d583282490834abfe22710e697342c05e4
0fbe809775a3a3199624d023fb474484d89b9a4c48f1585f1eac8dbb53b5b9be
10496f7285c31b514fffe3588561720ccd5a94e9a0b1ff7323529384132fe344
10879c90d675623954d308fa8d34ab038c915646aa4167764fd8bb02804cbbf9
12b21a2d3fde07cf06583fbad384ba1bd37fb39bd1e4c2f208d6be41e3b19dd8
1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc
14a6bc9fca94f536d24da272cf684e3e900adaf170804cceda99f44c97c710c4
16f36c51725cdc98a049c01090083721020f99e14ce5b0659fe0e0951192484c
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1820ff4e7bde396510b5a0f38900029400a051e4a11d960646cca97d4e7445f0
1adf107409509ee68bd128b0cfc978ce4cb4c2429ef8a2dd850864347740348e
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
210e5c2757eb3b82a03702a11b2476514ad85df43e4b4a4ebcf8325dae072df1
22a12ce9657a6da58d3dc1d544505d3f861956f77bf7cb5101275f0c7b0d9be0
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
29b689fcdae866248a1e6d13b39fbf03a728c8253dcbea31d5dae5595c740d33
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2e1ced1bd0736a56a0c44fd7b3bf8134850398ecddd52a0f5e6e437c5d527999
3064051b55452898041bd544760775c16f1745bdf57f68f7178e85ba5d251803
3b8209efc7da6a179bd91dee606ada248b8439c4a409ccbf09d239995cbbba55
41a39f4628ed5d28c57ab70026f672800fdcdab9580d3957db13645d0c44d4d2
46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
49daa62f238b139bba874e6d5e6309dead5f3a7dac4acd17b605443fec10f66b
4a82bed4d069950b1f5e43cdfb5b107eee29ee9e60b6363543b3f3ee58e0f558
4bf63af61eae56517944f32094187ba6082c7d29cfaac60064142769f57af1c5
4bfbe90df75b370438ad25150e701108c1d6bb27003add53d2f0be9e42b194ab
5195b5533eaad9e23ee9c1ad9dd017b4f0fca8d54921a3f045858eaf4145689d
52300f3493ece732fe9a8e5324b10bcb6abbb51a709010e8f3b442a4cc53a938
575ee7759f46cc43e90347b403b2ca1dcfea36b9c31a3522ca3ee9d8f74bb248
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
5acb8d78c03361f8d2157108fceaeb83858cf0a32f4f7f22a2f7964703b9e9ca
5cfd3418ebf7c95f8f7a9024ebfa383ff5a267a8568c9a2708c26733824bdf07
622770e837b5661b3c1f60e3351024ce59b0391e71d99bd5b50e510571d8b6d4
6574c03ef34c869d4a560674a171cfdeceb77589d59b7d073a95eebdb733a827
66f661926ae6c1e13c6b2169733476eb03b9be46e333e5f81eab69a5b0d27ace
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6b533713a96e1bf46d708bdb2b777114297647210d9ef64ff901a1a4bbf38e2d
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ca801945b37685030703be292721a016b24fe19db9412d4c48c1415bf22b79d
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
73eb139b1371aed55b1dce74b7258f2d90991c5294d69fce852c3eed1af40068
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
7837e876f1eef549b3250b78380ec2df00ad6da4da6c27667424b1636854df3c
7ad88e456c895ce5fe8f1a28b5968a31f03049a5191501ab139d26fa5dd12b0d
7b867db7037f102dc3346bf60926585e6a5a1442128e71523741b05fef6c50d3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83f49a60c7b81bab4b8b2ffd154c069fdde45e0ec303ce85ede59495844f919a
85e3697fdb65077432d19ff2953a9384b12c6971b9187fd719ac2cf0f1f472d5
89d01b152beefa0885d7821cea6cc319054d5e272549b004479a6ac81ecafee3
924e047ef0300d05b2397336beb08d118622a26e5e7fd1f345da229cd10c79ce
925ddac80ed45b597bbb3091205d947e3fc84a51abf2a387b0002bcf30d6f2e7
94b293e2c7affa223f0e3a5cfd950030c8aacee84bc93ec5f0d35c7f4e91381b
96a2fc04e5f82d1b6fed397c6954cecd40fbb8383d422a4d39f3ab7d0687693a
972fa89f74260a714bc528f6b514fc4dd4ac235b309afc952823705e5ef6fcb1
97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a389e6e3293a45b776d9b37cda9d39c09c26ff99c64ab17f9aab727a25dc1803
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
a615849237c0ce94e73fc69d86e5f9c58bdaca8d9756a5ff4c88fa86b14e6177
a839e7404c5ae65914c49e56a8f169e01cb952010cfeca9258b7e6f0c441f2cc
aaf1925385c2d68fd51e4c87c659f3fe913799708629834fb5b159e1e054912b
abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340
ac506e96556e211a29136296ea3e0d23067b0a43bf383bf128161aa6d55aba38
ae82e42491a7de3c5d3df779e9600e5191708025e8c46102ccfa7026df735d64
b19865c2e8366fc6cef8f869b9447b23243e4917d73591e554f1b697a1f8da9a
b5ddfaee9c847c131c49682c9785f0b1b20df7050a0cdaccd8ebbe528b200029
b87c086edf82604a1a5d4892ea8b121d480c6570d0ab7be8464322312e60c2a7
b8d22757b5d6d70bb4a66040eb6ba44389922a08c588e4e46f14ec141e028540
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bf39a3a6d35c2a2648b687b71f2d1b1bb1de6bb84698d38c37d12c34fa08996a
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c63f38f7a194b7127a31177a5b62e58e26e84af081df696fd2bb730405ce0c43
cbca7622295dec97458ab7a27983d05969398fbc96da602c38edb8f83e79374a
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf679368dc054a749b392e77da632239e77476c8e6f03358302dd59eb5bf4c46
d08fdf960890b4f7662bad35400a8464627110622652b944445b4a4ab32c01cb
d0eca051bf2e51696f3f8ef35337104af0c65042f06ee0b8badf3f8f2b4e8fdc
d14b906e1458386885199c244b317e1080d48079dc4f3371ef126f4fcb89e988
d1fdc83f40b6872fbf82ad027168954ccaa7eee12c7e6fcbe52e26c36bf915de
d2e44fde0f87b83dec6b41a9526aea2db66628d4bdfda550d6631f1504963e92
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
da407a15b1ea0c1b4bb774bd77bb608d6b1c90397b5a75b8895bbccfda5feb63
dc7375f568ea439c4f544ac6488b963a8d57d6cd65b0a8a551230d330e55483f
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e657594b47b09235434133e0579777f64f538ecbe23cd1863ae2ae9ce109a9a4
e6ce539976176e44948dff3905e228b527f600e940f1a27319f0585573336098
e8b15f91f0d85835c860490cfc761750ef1125ce7d277d6cc66fd8ce93635afc
ee73983f199df0f0cca9f5306e79bd0a5a624e09b9e805a93957a4167ee87fe0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f218c02bd440d145575a44dda01906280e2723fbbef4c2da8b15f84b90731c7c
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f5ff823cd4a7bdcf3bfd95734694be08f17e7491ecc73f6ddd620b5d614abdbb
f739e77acee2c2a87ad95bd4ffbad4b95c34a756860c2ae69732b118be9601c5
f769700a03fd02056c813aa2174cc931da2954454a36e5c616853dfc35186adb
fb55864b528fb5460ccf4acb8ff4498ec0a588cb262170df0ddc9caf32f0d76e
fc1c9310b4e7ce78149bfc5a27a511c73fe3b83f1345bafb62d7a94f484e2151

gbhackers.com Open in urlscan Pro 2606:4700:3030::6815:22df Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

179 Requests

99 %HTTPS

55 %IPv6

29 Domains

45 Subdomains

35 IPs

6 Countries

3097 kBTransfer

6360 kBSize

6 Cookies

18 Outgoing links

Page URL History

Redirected requests

179 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

gbhackers.com Open in urlscan Pro
2606:4700:3030::6815:22df Public Scan

Screenshot
Live screenshot

Full Image

179
Requests

99 %
HTTPS

55 %
IPv6

29
Domains

45
Subdomains

35
IPs

6
Countries

3097 kB
Transfer

6360 kB
Size

6
Cookies

179 HTTP transactions
7 data transactions