www.cyberscoop.com Open in urlscan Pro
52.222.186.77 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cyberscoop.com/fin7-ransomware-mandiant/
Submission: On April 11 via api (April 11th 2022, 5:16:45 pm UTC) from US — Scanned from DE

Summary HTTP 247 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 45 IPs in 5 countries across 33 domains to perform 247 HTTP transactions. The main IP is 52.222.186.77, located in United States and belongs to AMAZON-02, US. The main domain is www.cyberscoop.com. The Cisco Umbrella rank of the primary domain is 323609.
TLS certificate: Issued by Amazon on October 27th 2021. Valid for: a year.

This is the only time www.cyberscoop.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4 33	52.222.186.77 52.222.186.77	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
25	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
16	3.5.9.157 3.5.9.157	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6811:b749	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
4	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:801::2008	15169 (GOOGLE) (GOOGLE)
3	2606:4700:10:... 2606:4700:10::6816:47c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5505	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:7::17d8:4dca	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6811:d2cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	2606:4700::68... 2606:4700::6811:46b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
33	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1	192.0.78.22 192.0.78.22	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400c:c08::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
27	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
1 2	52.213.82.127 52.213.82.127	16509 (AMAZON-02) (AMAZON-02)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2	34.243.58.169 34.243.58.169	16509 (AMAZON-02) (AMAZON-02)
1	65.9.96.20 65.9.96.20	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82f::2006	15169 (GOOGLE) (GOOGLE)
1 2	54.154.124.119 54.154.124.119	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:209... 2600:9000:2093:5600:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
2	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	104.244.36.20 104.244.36.20	7415 (ADSAFE-1) (ADSAFE-1)
5	65.9.96.70 65.9.96.70	16509 (AMAZON-02) (AMAZON-02)
247	45

33 52.222.186.77 (United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-222-186-77.ham50.r.cloudfront.net

www.cyberscoop.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 3.5.9.157 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:b749 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6816:47c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5505 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:7::17d8:4dca (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d2cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

da26b7b2d708a73695478cb8cd65eb22.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
25545f8df5becf54e5054b470f0cc97e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
6a35763cb171b771b1d17407e9702dbf.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
f4c3b1a256be7aa05a907a2640858998.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:46b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.22 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.213.82.127 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-82-127.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.243.58.169 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-58-169.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.96.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-96-20.prg50.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.154.124.119 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-124-119.eu-west-1.compute.amazonaws.com

verizon.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2093:5600:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 104.244.36.20 (United States)

ASN7415 (ADSAFE-1, US)
PTR: nyidt.adsafeprotected.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 65.9.96.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-96-70.prg50.r.cloudfront.net

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
66	googlesyndication.com da26b7b2d708a73695478cb8cd65eb22.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 128 25545f8df5becf54e5054b470f0cc97e.safeframe.googlesyndication.com 6a35763cb171b771b1d17407e9702dbf.safeframe.googlesyndication.com f4c3b1a256be7aa05a907a2640858998.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com	836 KB
33	cyberscoop.com 4 redirects www.cyberscoop.com — Cisco Umbrella Rank: 323609	568 KB
29	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 stats.g.doubleclick.net — Cisco Umbrella Rank: 95 ad.doubleclick.net — Cisco Umbrella Rank: 196 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 293	788 KB
27	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 780 pixel.adsafeprotected.com — Cisco Umbrella Rank: 573 static.adsafeprotected.com — Cisco Umbrella Rank: 565 dt.adsafeprotected.com — Cisco Umbrella Rank: 517	135 KB
16	google.com adservice.google.com — Cisco Umbrella Rank: 77 www.google.com — Cisco Umbrella Rank: 4	4 KB
16	amazonaws.com s3.amazonaws.com	68 KB
13	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 176	382 KB
6	google.de adservice.google.de — Cisco Umbrella Rank: 7579 www.google.de — Cisco Umbrella Rank: 5383	2 KB
5	trustarc.com choices.trustarc.com — Cisco Umbrella Rank: 737	16 KB
5	gstatic.com fonts.gstatic.com	103 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 482 www.linkedin.com — Cisco Umbrella Rank: 603 px4.ads.linkedin.com — Cisco Umbrella Rank: 4702	3 KB
4	wp.com stats.wp.com — Cisco Umbrella Rank: 2657 pixel.wp.com — Cisco Umbrella Rank: 2521	7 KB
3	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3990	59 KB
3	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 1059 trc-events.taboola.com — Cisco Umbrella Rank: 1698	18 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	2 KB
2	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2374	1 KB
2	demdex.net 1 redirects verizon.demdex.net — Cisco Umbrella Rank: 11340	2 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	315 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 138	114 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 262	43 KB
1	truste.com choices.truste.com — Cisco Umbrella Rank: 722	8 KB
1	wordpress.com public-api.wordpress.com — Cisco Umbrella Rank: 7152	3 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2289	16 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2287	20 KB
1	t.co t.co — Cisco Umbrella Rank: 476	337 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 524	459 B
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2436	862 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 619	6 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 913	3 KB
1	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4897	5 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	60 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6966	145 KB
247	33

	Domain	Requested by
33	tpc.googlesyndication.com	securepubads.g.doubleclick.net 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com tpc.googlesyndication.com ad.doubleclick.net www.cyberscoop.com
33	www.cyberscoop.com	4 redirects www.cyberscoop.com
27	pagead2.googlesyndication.com	www.cyberscoop.com securepubads.g.doubleclick.net tpc.googlesyndication.com ad.doubleclick.net www.googletagservices.com
25	securepubads.g.doubleclick.net	www.cyberscoop.com securepubads.g.doubleclick.net www.googletagservices.com 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com
19	dt.adsafeprotected.com
16	s3.amazonaws.com	www.cyberscoop.com
13	www.googletagservices.com	www.cyberscoop.com securepubads.g.doubleclick.net 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com www.googletagservices.com
11	www.google.com	securepubads.g.doubleclick.net www.cyberscoop.com tpc.googlesyndication.com
5	choices.trustarc.com	choices.truste.com
5	adservice.google.com	securepubads.g.doubleclick.net
5	adservice.google.de	securepubads.g.doubleclick.net
5	fonts.gstatic.com	fonts.googleapis.com
4	static.adsafeprotected.com	fw.adsafeprotected.com 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com
3	static.addtoany.com	www.cyberscoop.com static.addtoany.com
3	fonts.googleapis.com	www.cyberscoop.com js.hsforms.net
2	track.hubspot.com
2	trc-events.taboola.com	cdn.taboola.com
2	verizon.demdex.net	1 redirects 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com
2	pixel.adsafeprotected.com	ad.doubleclick.net
2	googleads4.g.doubleclick.net	ad.doubleclick.net
2	fw.adsafeprotected.com	1 redirects ad.doubleclick.net
2	8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.facebook.com	www.cyberscoop.com
2	px.ads.linkedin.com	2 redirects
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	www.cyberscoop.com connect.facebook.net
2	pixel.wp.com	www.cyberscoop.com
2	stats.wp.com	www.cyberscoop.com
1	s0.2mdn.net	8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com
1	choices.truste.com	ad.doubleclick.net
1	ad.doubleclick.net	www.googletagservices.com
1	f4c3b1a256be7aa05a907a2640858998.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	6a35763cb171b771b1d17407e9702dbf.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	25545f8df5becf54e5054b470f0cc97e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	www.google.de	www.cyberscoop.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	public-api.wordpress.com	www.cyberscoop.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	t.co	www.cyberscoop.com
1	analytics.twitter.com	static.ads-twitter.com
1	px4.ads.linkedin.com	www.cyberscoop.com
1	www.linkedin.com	1 redirects
1	da26b7b2d708a73695478cb8cd65eb22.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	js.hs-scripts.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	forms.hsforms.com	js.hsforms.net
1	www.googletagmanager.com	www.cyberscoop.com
1	js.hsforms.net	www.cyberscoop.com
1	cdn.taboola.com	www.cyberscoop.com
247	51

This site contains links to these domains. Also see Links.

Domain
cyberscoop.com
scoopnewsgroup.com
www.mandiant.com
therecord.media
www.wsj.com
www.facebook.com
twitter.com
www.linkedin.com
www.instagram.com
fedscoop.com
statescoop.com
edscoop.com
workscoop.com
www.scoopnewsgroup.com
www.addtoany.com
jetpack.com

Subject Issuer	Validity	Valid
defensescoop.com Amazon	`2021-10-27` - `2022-11-25`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-06-23` - `2022-07-24`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-16` - `2022-07-15`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-19` - `2022-04-19`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-12` - `2022-11-14`	2 years	crt.sh
www.google.de GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
*.truste.com Amazon	`2022-01-17` - `2023-02-15`	a year	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh
*.adsafeprotected.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-26` - `2022-06-17`	a year	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh

This page contains 32 frames:

Primary Page: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Frame ID: 31BBC8E0D6CECF52AD14A313DF97BEE3
Requests: 93 HTTP requests in this frame

Frame: https://www.cyberscoop.com/advertising/?id=leaderboard&parent_id=ad-ruX3FXOYPk-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Frame ID: 802BE9E2AA2A11723FF41A384CFBFE0F
Requests: 10 HTTP requests in this frame

Frame: https://www.cyberscoop.com/advertising/?id=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Frame ID: 905B06DB2A73FB43950FB762CD7752AA
Requests: 9 HTTP requests in this frame

Frame: https://www.cyberscoop.com/advertising/?id=skyscraper&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Frame ID: EF7C69D80C68327A73D3A062C87F6C51
Requests: 9 HTTP requests in this frame

Frame: https://www.cyberscoop.com/advertising/?id=billboard&position=bottom&parent_id=ad-KYv6hV90ia-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Frame ID: 0049FFA2086504F78751F513B6618F97
Requests: 9 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.23.html
Frame ID: D2BEF16312EEE54766436695A11ECC38
Requests: 1 HTTP requests in this frame

Frame: https://da26b7b2d708a73695478cb8cd65eb22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E9959F94B96D0F09A10423A4A1E6F417
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsugetHrdOUAL-A4zjD1KpJHtPdsjxTA0QrCROWR6C57qyE4VYbnusULdwdw2uu6tn_GiziJq4g0ZQDzbtEmEWX4QZRNYT7ghEOwoNrgCu4k2tFXdvqzCER2Gj1Ec4clW23SWP2dQizbyMi5rjf_GWnRKKkbu0HHfyLO9UjDoEbTQm-AyUa6yED7lsnShWt3OsJ5bOGDQzfeezghdHA2IYs10SjyWlH_870M5QOGq9W_KWC19RX2iFrJy0mXUt_PhI5cmDPNEHds7V36aWkxP6BRXE_1z8FmBggGjwR2gSVgxLEtnIafIPDh&sai=AMfl-YRkaqeG_M-ouE0ZKE83cL67qGJ23yvUxEt8ma2Wt6Pr7vx0oZMDlU9URBqAb1qLKtFbCTyYcD60WnKCo0TKW2xORe8zlZXxXpF9Axwx&sig=Cg0ArKJSzAZ3ZzVa_ZDWEAE&uach_m=[UACH]&adurl=
Frame ID: 6D449DB8DB185BDC94449510DFF6EAD5
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvRune6Yb2gEbbcUHkMoLjAbbUHRmtA6aggPBHNwU-pRnqK_LRryYFlbNXeKeeHtFtfGQzYE6x0aAAZ0a-oM6TcJIxKGn9ufTpI8ucmCyKYY4XpKV1yPEsjUfIBfzoZnwB4Gtg1TtLEXdA-0l1NPO6AC3OiXGbTGXPlNLxx56bjDJEPwlI3oG1N0TDkuCPd3pbRVEqi9kqCwNHpaoyZqRqqicqjE4GgC4nmot_Kmxr7VhhdQTl8u5itsVM-FH7gnI69It20iFROcdHn_BZ-iBePLsmmJKKB_0VW9GNZzUjdyAOvCUn4_sQJ7lfrFUrS&sai=AMfl-YRrGZVvWjrRQQhoXjH7zglBufRkRdvjMe05UiOF2YdiS6cOYbkQ0DfPU9q77YcYpkBq_xL87DevtwPN3yRlBgD3zKiAaMLHhfKsoJRd04YT9M7ckJsQK_31MNLIgqdq&sig=Cg0ArKJSzNYnfAKxOv7QEAE&uach_m=[UACH]&adurl=
Frame ID: 5CD0B5588C9F0BFF7FB40AB50B7F71C8
Requests: 7 HTTP requests in this frame

Frame: https://25545f8df5becf54e5054b470f0cc97e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 99765650219E907A7E3A13006F99B902
Requests: 1 HTTP requests in this frame

Frame: https://6a35763cb171b771b1d17407e9702dbf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: B4A665A9E6A0901B57A1C2A4F3736DA1
Requests: 1 HTTP requests in this frame

Frame: https://f4c3b1a256be7aa05a907a2640858998.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 8A0CADAF16B0EA6A8877D386AB5F0D83
Requests: 1 HTTP requests in this frame

Frame: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 3BB180EF3D897745D59A9FA8FBF6024C
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsveZI7_Vzb0akab-VDQV-rWsOnjhsqXuzYOYAoSuEhF_3oBHOMxH1qbkTVLXAtI0_eZ8KxGCuGBQse3M13jpk6oW3HmDVmQDwhbfZSAVFnA6DVPMG4N10EnMxoIfQfTzzI4SxdUkD7VrhSSK9Z90gKEjPEPKAdf3OJSmtwDQJtGsJfCWg27xWyd-_9FBHmId3ZLDcmH5b4MWkc7qLy46ER5oxEd3UADCbbdM_N2SVZmEhJgFy-8KrUz_qymvdQqUfTjgmP3gc5_j0tIDwwtS0Ur-SOd8MjBsxIi3Y9zM9bHzk8NzdlQ94mjDtBzIwjdRiJ8wbouiwfOSuwU&sig=Cg0ArKJSzLz_Ymnp7djyEAE&uach_m=[UACH]&adurl=
Frame ID: 2F5A64330001B6BF30AD5472BAC24740
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuOlGjkEfAiCOluDUEcR44JnIf6DId_JeACw4Xdcy_K8svEMXpJGkoPbLjKTkg7Aa1q8wFWzzqP80lZxU2hUt7Vmbu_d25dOTf334-_hWC278YZBXqrEfzhxKC1BHoJN0WqzolCs3LTIFS6Kzdk7O4kW6ZBpBqJFs1wyNQjNy_aHqlIDcvywK2cRGwCz_eYP2ekvmr_NdcDncUedX6sFy5kY2aItFPiBGmjnYkl2vtj4-Ns0Db8VNvpYNRP8svnyrPslpbht5NVb2DAqok9LG-VYyGA45YRp1muK3eGHL87HYJa6vV83pOz_fxZjM51RV126AK8uSB12wLEsE8W85fs&sig=Cg0ArKJSzLnRizbti7rPEAE&uach_m=[UACH]&adurl=
Frame ID: 792DB18B11CE4F715F0FBC6AEC7CD9DC
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuwbpmV5sLhlkv24VhswvtJ54Ko4z7D3rM1kWhmB635T2tTQFsd1Fa-Ps3rSAkjNP3C6x0Z-_sqfbWGL-bckmSqB960p3-PVzEIF6cDkp1d6XGnMH0rrRCyCbZfbPFlzV_T5E-RaUrCzClkYXk9B5qQFjC_GqfkJZJMdZdpdMLvmomqZjqj9tdHXyTKCrXu-doE6Tnxp1edEzWiiblmX0dnUyPOK6H-9_JxD9-n2ktfNiqWhJcwhNgUPoJhdP1ziOXQ5U0rHs2CsA3icdCRBVrixrS_yMiPxPlYIxprgkVtY0NJ-Wk27YBzSnRmuNrgsNY2gLBUcvby6-75-95Q6YZxkdJK&sig=Cg0ArKJSzAvRi-VpT_EjEAE&uach_m=[UACH]&adurl=
Frame ID: 203F4B25DD2633B76103BC89681D457E
Requests: 8 HTTP requests in this frame

Frame: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 7D31222594BB4F7982407F241E6F5FB5
Requests: 45 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: D156229B62F0513FA21DFFC5B2DBBD8B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BF3B472402988D742139B14161D54BA7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AE40791DC10DAB66B2DE8F83F3170C1B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E38524CC5630E9070E03BCA24887B095
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FA83BE303BCDF23ED5F4F978E824F561
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 739612526F0FCEB9EEED1590C1AA75A0
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9BF665A9BAA87EE1FA7D028A24FC4C3E
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 51C74A77A9FBF904796A6A59C7B3BC66
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: F981BD76E33C3B39750C57D2B3CAEDE7
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 4606DD60BA1C76FD6C783BF2410CED0C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5E415C8E20DD6C2899AED620165AF42D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 5728095D8035006726C9EB3C768D342F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 02512070EEE093BD785512B9C28EA08E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1A2BB6930F3A70A04D6F41654DC8666E
Requests: 2 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Frame ID: 814B5E3AFD9F56114E31EC924B137D61
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Notorious hacking group FIN7 adds ransomware to its repertoire - CyberScoopMagnifying GlassClose search resultsTag

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Page Statistics

247
Requests

99 %
HTTPS

58 %
IPv6

33
Domains

51
Subdomains

45
IPs

5
Countries

3433 kB
Transfer

8330 kB
Size

26
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://cyberscoop.com/

Search URL Search Domain Scan URL

URL: http://scoopnewsgroup.com/?__hstc=143679850.936cb9501b5aa5756c1d8bb9a8bb8604.1649697398729.1649697398729.1649697398729.1&__hssc=143679850.1.1649697398729&__hsfp=1541009889
Title: Brought to you by

Search URL Search Domain Scan URL

URL: https://www.mandiant.com/resources/evolution-of-fin7
Title: according to researchers at security firm Mandiant

Search URL Search Domain Scan URL

URL: https://therecord.media/cybercrime-gang-sets-up-fake-company-to-hire-security-experts-to-aid-in-ransomware-attacks/
Title: researchers at Recorded Future

Search URL Search Domain Scan URL

URL: https://www.wsj.com/articles/ransomware-gang-masquerades-as-real-company-to-recruit-tech-talent-11634819400
Title: believe

Search URL Search Domain Scan URL

URL: https://www.facebook.com/cyberscoop

Search URL Search Domain Scan URL

URL: https://twitter.com/cyberscoopnews

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/4847467

Search URL Search Domain Scan URL

URL: https://www.instagram.com/cyberscoopnews

Search URL Search Domain Scan URL

URL: https://scoopnewsgroup.com/?__hstc=143679850.936cb9501b5aa5756c1d8bb9a8bb8604.1649697398729.1649697398729.1649697398729.1&__hssc=143679850.1.1649697398729&__hsfp=1541009889

Search URL Search Domain Scan URL

URL: https://fedscoop.com/?__hstc=143679850.936cb9501b5aa5756c1d8bb9a8bb8604.1649697398729.1649697398729.1649697398729.1&__hssc=143679850.1.1649697398729&__hsfp=1541009889

Search URL Search Domain Scan URL

URL: https://statescoop.com/?__hstc=143679850.936cb9501b5aa5756c1d8bb9a8bb8604.1649697398729.1649697398729.1649697398729.1&__hssc=143679850.1.1649697398729&__hsfp=1541009889

Search URL Search Domain Scan URL

URL: https://edscoop.com/?__hstc=143679850.936cb9501b5aa5756c1d8bb9a8bb8604.1649697398729.1649697398729.1649697398729.1&__hssc=143679850.1.1649697398729&__hsfp=1541009889

Search URL Search Domain Scan URL

URL: https://workscoop.com/?__hstc=143679850.936cb9501b5aa5756c1d8bb9a8bb8604.1649697398729.1649697398729.1649697398729.1&__hssc=143679850.1.1649697398729&__hsfp=1541009889

Search URL Search Domain Scan URL

URL: https://www.scoopnewsgroup.com/privacy?__hstc=143679850.936cb9501b5aa5756c1d8bb9a8bb8604.1649697398729.1649697398729.1649697398729.1&__hssc=143679850.1.1649697398729&__hsfp=1541009889
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://scoopnewsgroup.com/privacy?__hstc=143679850.936cb9501b5aa5756c1d8bb9a8bb8604.1649697398729.1649697398729.1649697398729.1&__hssc=143679850.1.1649697398729&__hsfp=1541009889
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

URL: https://jetpack.com/search?utm_source=poweredby
Title: Search powered by Jetpack

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://www.cyberscoop.com/advertising/?id=leaderboard&page=article&parent_id=ad-ruX3FXOYPk-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk HTTP 301
https://www.cyberscoop.com/advertising/?id=leaderboard&parent_id=ad-ruX3FXOYPk-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Request Chain 36

https://www.cyberscoop.com/advertising/?id=article&page=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk HTTP 301
https://www.cyberscoop.com/advertising/?id=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Request Chain 37

https://www.cyberscoop.com/advertising/?id=skyscraper&page=article&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk HTTP 301
https://www.cyberscoop.com/advertising/?id=skyscraper&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Request Chain 42

https://www.cyberscoop.com/advertising/?id=billboard&page=article&position=bottom&parent_id=ad-KYv6hV90ia-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk HTTP 301
https://www.cyberscoop.com/advertising/?id=billboard&position=bottom&parent_id=ad-KYv6hV90ia-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Request Chain 78

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649697397428&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D50036%26time%3D1649697397428%26url%3Dhttps%253A%252F%252Fwww.cyberscoop.com%252Ffin7-ransomware-mandiant%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649697397428&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649697397428&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&liSync=true&e_ipv6=AQKT1izTLIvavwAAAYAZoJzDxpvC6bFbhBz0h5rUVLaW85LaafOjCbPgV9Nk4wGrH2HNs00Y

Request Chain 188

https://verizon.demdex.net/event?d_event=imp&d_src=125851&d_site=6067357&d_creative=169312970&d_bu=9847203&d_placement=330983427&d_campaign=27401599 HTTP 302
https://verizon.demdex.net/firstevent?d_event=imp&d_src=125851&d_site=6067357&d_creative=169312970&d_bu=9847203&d_placement=330983427&d_campaign=27401599

Request Chain 203

https://fw.adsafeprotected.com/rfw/st/982525/62068902/skeleton.js?adsafe_url=https%3A%2F%2Fwww.cyberscoop.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.cyberscoop.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:c3b5fa77-aca1-50b9-ab35-a5ce01309aab,c:9uVxqs,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-785cc8cc8c-q2q7m,rg:ie,pt:1-5-15,br:c,abv:na,an:n,oam:0,nbld:0,mtim:162,fm:t2Iya9K+111*.982525-62068902%7C11111%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:IMG.qs,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:176,oid:25bdc81f-b9bb-11ec-9f3d-caed9f4a2d1a,v:19.8.299,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

247 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.cyberscoop.com/fin7-ransomware-mandiant/ 66 KB
17 KB 413ms
361ms Document
text/html 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx / WordPress VIP <https://wpvip.com>
Resource Hash: 02da53bc9617720d65752f031132e403fa05c3c9c2458ad3aa63285fb0b1fd58

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:16:36 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://www.cyberscoop.com/wp-json/>; rel="https://api.w.org/" <https://www.cyberscoop.com/wp-json/wp/v2/posts/64077>; rel="alternate"; type="application/json" <https://www.cyberscoop.com/?p=64077>; rel=shortlink
server: nginx
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
x-amz-cf-id: E9Cap3VPTNDDxkyxbo49yfMvxN8N38OV5JwN-G6zAJK4KXu6-qJm0A==
x-amz-cf-pop: HAM50-C2
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: hhn1 0 4 9980

GET
H2 200 /
www.cyberscoop.com/_static/ 96 KB
14 KB 47ms
44ms Stylesheet
text/css 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/_static/??-eJyNy0EKgCAQheELZVMkQYvoLKZDTI0WjhHePjdB7Vr+vPfBdSgKlk+HAlYEHEmCmXe7KaY5mphBUmasPYW6HCp4i1XAoyODjB5D+sTBJmNUjIux+R8v27sfNPmx7fWgddO13Q2HlkGk
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: 061473d06c676e692148c9e53870122e472f133abc759c56e871a162e79b9376

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:36 GMT
x-rq: hhn1 0 4 9980
last-modified: Fri, 08 Apr 2022 17:51:53 GMT
server: nginx
age: 254029
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css;charset=utf-8
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-encoding: gzip
content-length: 14166
x-amz-cf-id: Vr3D7OdkYq6EKjOm9_RnR9s2YCVptI81WGEKvUSz8yMR07BjUbIF3Q==

GET
H2 200 /
www.cyberscoop.com/_static/ 168 KB
27 KB 48ms
45ms Stylesheet
text/css 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: 5c701ab2009c0c01911be3dbb373cea9edd337b25e43cd2a917caf28486ff83c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:36 GMT
x-rq: hhn1 0 4 9980
last-modified: Tue, 05 Apr 2022 15:39:00 GMT
server: nginx
age: 417819
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css;charset=utf-8
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-encoding: gzip
content-length: 27224
x-amz-cf-id: kitIvrFMofvEraxJZy0V_c9Zrtok2GiOrgSDlBYFFCHnLsqwlL2FCA==

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 138ms
49ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Fira+Sans%3A300%2C400%2C500%2C700&subset=latin-ext&ver=5.9.3

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3097429612cadf41c8c2f08d5cbe3bce1a77aaf73296e1217ad3b29949d6deb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 17:16:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 11 Apr 2022 17:16:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 11 Apr 2022 17:16:36 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
643 B 139ms
49ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald%3A300%2C400%2C700&subset=latin-ext&ver=5.9.3

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

932fb1ec913f2d1071db9656b9bc7e8c4fc150d7d8b48d8b4b66c3d82a2e020e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 16:46:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 11 Apr 2022 17:16:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 11 Apr 2022 17:16:36 GMT

GET
H2 200 /
www.cyberscoop.com/_static/ 88 KB
17 KB 53ms
50ms Stylesheet
text/css 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/_static/??/wp-content/plugins/add-to-any/addtoany.min.css,/wp-content/mu-plugins/jetpack-10.8/css/jetpack.css?m=1649689594
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: e8aa641f970d7f8010d991990de0cac0ed2f8136c931b5a14cbe8607c6c7fb9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:36 GMT
x-rq: hhn1 0 4 9980
last-modified: Mon, 11 Apr 2022 15:06:34 GMT
server: nginx
age: 6693
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css;charset=utf-8
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-encoding: gzip
content-length: 17254
x-amz-cf-id: 1pp46RXsrmZnm7i-FCEUMJXnWm3dm6WG5LY7NlRuH904-1Oj0Gh_wg==

GET
H2 200 / Show response
www.cyberscoop.com/_static/ 265 KB
82 KB 55ms
52ms Script
application/javascript 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/_static/??-eJyVkWFOwzAMhS9EFsYqJH4gLsEF0sTr3KZ2sZ1NuT3ZxAQ/oKKSJT/F73uKbH9ZHFLMJYH6sdVHAalfbTcj7UZ98GsmN+MgweCnOTIZkHk7wdyQ9nJTLtYeRCPzco3pM9L0jpZhG6dIQwaNwjlvJA3jVHs0/e23Sy4D0g0uCuLCOVgQH1TB1B9zsKXh8q22hyhkiPZ072sBISVn7ALVqzRu4q97JFTzZ6DE4gUGIGgHYXFSyHCG/2BttHCuR2wrXbOfmKf78t7m1/1z99J1j4f9YfwEnLrbkw==
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: 62ef6ff7641456aa2d94443dff7578d154236f12dcbb2e3dea4e519b0153a468

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:36 GMT
x-rq: hhn1 0 4 9980
last-modified: Fri, 08 Apr 2022 17:51:53 GMT
server: nginx
age: 254029
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-encoding: gzip
content-length: 83160
x-amz-cf-id: Ud9yKgl6WxSy4pkl74aR6GCbDoz_Sr-CKXJgdrh6EONDnlVzCi90RA==

GET
H2 200 i18n.min.js Show response
www.cyberscoop.com/wp-includes/js/dist/ 10 KB
4 KB 50ms
47ms Script
application/javascript 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: 22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:36 GMT
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
age: 1811668
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 3968
x-rq: hhn1 0 4 9980
last-modified: Fri, 18 Mar 2022 14:57:07 GMT
server: nginx
etag: W/"62349dc3-28a7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
x-amz-cf-id: 53WHZf3WcP6DGMu-jwBbgZzHxHiUBVboc_Ymwprd2QFQHeLsAvT3dw==
expires: Tue, 11 Apr 2023 17:16:36 GMT

GET
H2 200 i18n-loader.js Show response
www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-assets/build/ 6 KB
3 KB 49ms
47ms Script
application/javascript 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-assets/build/i18n-loader.js?minify=true&ver=7b3aca48d6809a4527c8a9bc9c7a1d1c
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: 40905beca0f8b5ff867fa2f103e951dd2416853df1e8f7d7453a74708d779277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:36 GMT
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
age: 344466
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 2428
x-rq: hhn1 0 4 9980
last-modified: Thu, 07 Apr 2022 17:16:16 GMT
server: nginx
etag: W/"624f1c60-17ac"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
x-amz-cf-id: kcTiJvR4IZWz0S-br7gJuHED9AP-gcRbspRwKB0bDT4NxRVknR_Mtw==
expires: Tue, 11 Apr 2023 17:16:36 GMT

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/fedscoop-sc/ 55 KB
17 KB 42ms
16ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/fedscoop-sc/tfa.js?ver=5.9.3
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: db236586fe21257e3d9b959bdeb2e6883f01a09718c3ab73728e21f7a96c5ba0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: hD7ihgKeI7jv_ka6ffTkMBHiSWVwlMGH
content-encoding: gzip
etag: "b6d806962ac8eecdcdb3343909aebea8"
age: 146
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 17361
x-amz-id-2: 3A3gQLYGhq8/gfCsoMph0h1S9zTOvAgzMIKHJb6iTHrL19bsbMorbms5h6D2XM9CIYkeJEaeUSM=
x-served-by: cache-hhn4046-HHN
last-modified: Sun, 10 Apr 2022 11:16:14 GMT
server: AmazonS3
x-timer: S1649697397.883701,VS0,VE1
date: Mon, 11 Apr 2022 17:16:36 GMT
vary: Accept-Encoding
x-amz-request-id: NAJDYWYBZ3102GJS
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 53
x-cache-hits: 1

GET
H2 200 / Show response
www.cyberscoop.com/_static/ 151 KB
47 KB 32ms
31ms Script
application/javascript 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/_static/??-eJzTLy/QTc7PK0nNK9EvyUjNTS3WB4qAWbrJlUmpRcXJ+fkF+lnF+pl5mSW6JYlJ+fk5iXpZxTr6ROtMLCggTUNual4pUId9rq2hmYmlobmxoYlBFgBj/z5I
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: ef06bc5e3cc158037771e3ed0d13f75694ffe052cc8b442e02082e85cf85aec2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:36 GMT
x-rq: hhn1 0 4 9980
last-modified: Tue, 05 Apr 2022 15:39:00 GMT
server: nginx
age: 417819
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-encoding: gzip
content-length: 48037
x-amz-cf-id: 5kQJMvmFxpEHfxZe9k5dACp4CERc5qnqSdy1R--Hq_h6ICvFvrrLKw==

GET
H2 404 ads.js
www.cyberscoop.com/wp-content/themes/cyberscoop/js/ 0
0 49ms
48ms Script
text/html 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/themes/cyberscoop/js/ads.js
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:36 GMT
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
x-rq: hhn1 0 4 9980
server: nginx
age: 6
x-cache: Error from cloudfront
content-type: text/html
x-amz-cf-pop: HAM50-C2
content-length: 146
x-amz-cf-id: fsh7dCKxwZ-r6mQ3b35IpJRe4KWxhhLcFlZp0XpS6THjOUA8oM_Aig==

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 82 KB
28 KB 123ms
47ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

05a7c7b8afab781586d1052479ccb01ed38a11d57f8a79e1e44fdfc9f2f69ce1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28347
x-xss-protection: 0
server: sffe
etag: "1184 / 240 of 1000 / last-modified: 1649675379"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H/1.1 200
OK cyberscoop-interstitial.svg
s3.amazonaws.com/sng-global-web-assets/logo/ 2 KB
3 KB 424ms
120ms Image
image/svg+xml 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/cyberscoop-interstitial.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b534f367f11c24f3709e27fdb539f308475d495eaafed8f7681a5c96dfacc537

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Wed, 10 Feb 2021 15:47:32 GMT
Server: AmazonS3
x-amz-request-id: F52Z95052116564Z
ETag: "b3250d52680549abc7222f71b2dce836"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 2375
x-amz-id-2: l+9fNyLF7ivB2BSaqxHDgTq4jsy3++we5Tbqy7XpnAutYjGlQm5cwoAMqgCd+cagxdNDiO20/itUXCCW0uI2bw==

GET
H/1.1 200
OK closex.png
s3.amazonaws.com/sng-global-web-assets/logo/ 5 KB
5 KB 426ms
122ms Image
image/png 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/closex.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5d4228a3e80d57bcf6ee1f6080fbc4c65dba96e81d2364535fa49e3d27e9131

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Tue, 12 May 2020 13:43:08 GMT
Server: AmazonS3
x-amz-request-id: F52SR4C9T5WPKBDB
ETag: "6fa9505df4b1d86476aef77673f3b330"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 4658
x-amz-id-2: hz9hZZx9i3935fZjFl58s9o08L5WdqrYUBJYNTB+maV6PK15yYGkQzzmhBpcm7uckq9vA8l+7smtJDhx9n2LBw==

GET
H/1.1 200
OK twitter.svg
s3.amazonaws.com/sng-global-web-assets/images/shared-icons/ 2 KB
2 KB 428ms
123ms Image
image/svg+xml 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/images/shared-icons/twitter.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca2e99ffb3730e887ee7389e499993e912e5e47ec6f28c991a692cd78746edf5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Wed, 24 Oct 2018 21:24:01 GMT
Server: AmazonS3
x-amz-request-id: F52N0QK11A88TTD7
ETag: "0bab5422023490b09b2590482b10e983"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 2172
x-amz-id-2: MP3nBvRcuYnUb3Y61bfhO1jOWkptyLrq0Xwnp5mtwGTiZVrjLoomdfgDeBl7vIVFr1YQyBOScr9P73ol/CHN8w==

GET
H/1.1 200
OK facebook.svg
s3.amazonaws.com/sng-global-web-assets/images/shared-icons/ 1 KB
2 KB 532ms
112ms Image
image/svg+xml 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/images/shared-icons/facebook.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 51c40fb52547a14a895a2425e94a53886ced172e90c70d5418890fb67517701b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Wed, 24 Oct 2018 21:24:01 GMT
Server: AmazonS3
x-amz-request-id: F52T2TKTWXYJEA0T
ETag: "0bb97e47c732a1645d42198a7b8b1397"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1272
x-amz-id-2: 8yqYfqq3L06DwnUVnK3DbaLXU1+r8Y0iOOLYuHj1iCvTQcJfiRxutwrLZNL6oes9Bk3fPQbYLfWSquPBrVvTUg==

GET
H/1.1 200
OK linkedin.svg
s3.amazonaws.com/sng-global-web-assets/images/shared-icons/ 2 KB
2 KB 529ms
109ms Image
image/svg+xml 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/images/shared-icons/linkedin.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4d8d48a3f00d424f5083a310bcfbcc1ad35d02e02793a9f459e9938879d8a675

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Wed, 24 Oct 2018 21:24:01 GMT
Server: AmazonS3
x-amz-request-id: F52YVBD7JNT9SN4E
ETag: "b05a15a980fa7ad56a297860e33c6327"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1857
x-amz-id-2: M14sxcCCW2T0Ok25ZsS7tt6zO9B+kQzVnUUxKTSxDcAp/fsgEV8zVmO27Z4EMQP0/UzQFwpUYR6u10Q8DxCaBg==

GET
H/1.1 200
OK reddit.svg
s3.amazonaws.com/sng-global-web-assets/images/shared-icons/ 6 KB
7 KB 542ms
111ms Image
image/svg+xml 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/images/shared-icons/reddit.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 55de2f543e24f0c3655be2f344491b2e73ae61350f58a2bb9ebf4ad1326e8fba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Wed, 24 Oct 2018 21:24:01 GMT
Server: AmazonS3
x-amz-request-id: F52JW83PZ4TKXDAM
ETag: "8095452e62fa3cbcbdaf4ed982477485"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 6390
x-amz-id-2: fFkXLfDCSQKDgmdUcZkmsjUguGqwtqiUMlBJmTzNBjx1+oEco+nJX1Ud21rq7eIlE9LIImZHCitcx5/vRJGsPw==

GET
H/1.1 200
OK gmail.svg
s3.amazonaws.com/sng-global-web-assets/images/shared-icons/ 1 KB
2 KB 252ms
117ms Image
image/svg+xml 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/images/shared-icons/gmail.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0d281aa7b07dfcb1bc05e2cdd051aa34fb915616590b834374148a1768ce3440

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Wed, 24 Oct 2018 21:24:01 GMT
Server: AmazonS3
x-amz-request-id: F52RZPVA1J295MEA
ETag: "e5d4decd16518b9f60451876256ea22f"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1181
x-amz-id-2: yzWkTq5cj2/kKdhkw1xn6ZRb8mRVKF0k0TM+g4RHu+P6HBF1g+XyopB1wF/7OV/VrpaImSOeAPBg5lVpczIMxg==

GET
H/1.1 200
OK close_purple.svg
s3.amazonaws.com/sng-global-web-assets/logo/ 991 B
1 KB 114ms
112ms Image
image/svg+xml 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/close_purple.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fe9df7af9647a824fe66cae1f452ecb318d9f9ad3b2e09ef0623f0c6af50a0ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Fri, 22 Jan 2021 00:05:15 GMT
Server: AmazonS3
x-amz-request-id: F52Y7FA5TSFZZSCV
ETag: "cde4ecef61a0a35571e737da5276b5e7"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 991
x-amz-id-2: l5LZmm6cWiOkg6ePphGg1BQ+GQ7MKNQkNwyc+7gtvAfYErp3VgFYMs2Ya6zYWj2qVL/doQ6G6NeIObO4Y9uZPQ==

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 567 KB
145 KB 91ms
49ms Script
application/javascript 2606:4700::6811:b749
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b749 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a79363f0bf9c3752bb3c339d84e951de983be806af2ed5b9d618ff0b46f95559

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
via: 1.1 9557da2570df16242f84a67f254d7f30.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 490
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 08 Apr 2022 02:21:29 UTC
server: cloudflare
etag: W/"081e8e8c4e2f30556d358396fe1eb009"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mp1AK0wQkcdG8PGN3gklJ6DRig4f1r426pSD879g3H0KyrbzZFG4r%2Bw8%2FyQM%2BL8Jbs8wLv528JB5gcEWMRcRZCZYl1RKqOw8mIXXD%2BevtY0rUS9WpUfEZ%2FBrZAjdoidC4XtNixPBE8IH%2Fr2N"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: Qil8tmwOgih4NDI1ZUYfrWspr.py6EWB
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
cf-ray: 6fa55efb79f190c1-FRA
x-amz-cf-id: hmBDtfN1FWkcc62QlwoPgL7YqHQeKAON3SPtLdZSMh8d0KvMqOLboQ==
x-hs-target-asset: FormsNext/static-5.474/bundles/project_with_deps.js

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 82 KB
28 KB 149ms
47ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b9d57be73aa8f7f41bee396a02038d1e5433481622916854268481040e2c63b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28348
x-xss-protection: 0
server: sffe
etag: "1184 / 814 of 1000 / last-modified: 1649675564"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H2 200 / Show response
www.cyberscoop.com/_static/ 10 KB
3 KB 26ms
26ms Script
application/javascript 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/_static/??/wp-content/themes/wp-theme-cyberscoop/js/ads.js,/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?m=1649173140j
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: 14c742642de9c8f39467c54a34b08f124d3eb6ae49356d9b9f8a158424e77192

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
x-rq: hhn1 0 4 9980
last-modified: Tue, 05 Apr 2022 15:39:00 GMT
server: nginx
age: 417789
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-encoding: gzip
content-length: 2703
x-amz-cf-id: 1Thd0JP3VDYPKp8Nl0pN2glPkH7rENn8hIBdDDLqTtNvpjBC_KfE-w==

GET
H2 200 jp-search.js Show response
www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/ 7 KB
3 KB 63ms
59ms Script
application/javascript 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=8654f1efea7bf1b79584c07f1d458382
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: fe1bd3df8f20fe537d1ad985ecd7b169c10e1d0e2cc0860bc4b4c326d152420f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
age: 344466
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 3036
x-rq: hhn1 0 4 9980
last-modified: Thu, 07 Apr 2022 17:16:17 GMT
server: nginx
etag: W/"624f1c61-1c38"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
x-amz-cf-id: eoLRQqn7vyVcf7FcK2WkX-NYGE1Ewaj0Wx3wEJEGQdyXdY0AaY71dA==
expires: Tue, 11 Apr 2023 17:16:37 GMT

GET
H2 200 w.js Show response
stats.wp.com/ 11 KB
4 KB 24ms
6ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/w.js?ver=202215
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ec7c4c90e31092c6253cddb718655a1e3ac5f4f83425b1e16d54b25ff80f263f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
server: nginx
etag: W/"61dc645f-2a3d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Thu, 06 Apr 2023 06:09:45 GMT

GET
H2 200 e-202215.js Show response
stats.wp.com/ 9 KB
3 KB 6ms
6ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202215.js
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc: HIT hhn
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 03 Apr 2023 07:40:23 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 166 KB
60 KB 146ms
61ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8789a53b86736707596730a77d4a9c2d5716479a1e534765bcf7aaaa699f66e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61185
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 16:39:32 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.cyberscoop.com/wp-includes/js/ 18 KB
5 KB 34ms
32ms Script
application/javascript 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
age: 417819
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 4926
x-rq: hhn1 0 4 9980
last-modified: Tue, 05 Apr 2022 23:38:53 GMT
server: nginx
etag: W/"624cd30d-4705"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
x-amz-cf-id: ujYZ_ZrQtwVlDKdVqPt5GZch7DCZqpowGiRXfKKkjju0mGwHePvToQ==
expires: Tue, 11 Apr 2023 17:16:37 GMT

GET
H2 200 lightslider.min.css
www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/css/ 5 KB
2 KB 29ms
29ms Stylesheet
text/css 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/css/lightslider.min.css
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: a060aca1def4e45da8730e2c6052fb1efbe9b1bdd305c14ea86c8c5152ebd593

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:36 GMT
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
age: 1811668
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 1360
x-rq: hhn1 0 4 9980
last-modified: Mon, 14 Mar 2022 21:37:55 GMT
server: nginx
etag: W/"622fb5b3-14b3"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
x-amz-cf-id: pElEaFr_-0LRU2PKcRhRGtZTzoOC1-mV2oPG-UjdocKyRqSJBYcITg==
expires: Tue, 11 Apr 2023 17:16:36 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 72 KB
26 KB 46ms
25ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117509
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 01 Dec 2021 08:23:25 GMT
server: cloudflare
etag: W/"11ee2-5d2116348919c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=172800
cf-ray: 6fa55efbe9dd5b9e-FRA
cf-bgj: minify

GET
H/1.1 200
OK CyberScoop_Color.svg
s3.amazonaws.com/sng-global-web-assets/logo/ 2 KB
3 KB 414ms
123ms Image
image/svg+xml 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/CyberScoop_Color.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b534f367f11c24f3709e27fdb539f308475d495eaafed8f7681a5c96dfacc537

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Thu, 21 Jan 2021 21:02:05 GMT
Server: AmazonS3
x-amz-request-id: F52G15DXWR1N1MAP
ETag: "b3250d52680549abc7222f71b2dce836"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 2375
x-amz-id-2: fv3lT1DaPVfAxcq58TWe0JQ0arcicJ5CBbByQJs0JTaTFE6C7UcpkRKOF95HGMhCbrmk4lfH7i1lkdFAcbYw3Q==

GET
H/1.1 200
OK SNG-RGB-Color.svg
s3.amazonaws.com/sng-global-web-assets/logo/ 5 KB
6 KB 409ms
117ms Image
image/svg+xml 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/SNG-RGB-Color.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4b8dd50e462d914dd8609e8a566ce6bce0ab94088a4bf958b57c4cdb6ab54868

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Thu, 21 Jan 2021 21:02:05 GMT
Server: AmazonS3
x-amz-request-id: F52Q8HCB510EE0FY
ETag: "61428dbcecc23b1679236e221c5228d4"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 5545
x-amz-id-2: mqSJeqo3zlb1uSYRI+DtmK3mKnPgZ3bCMcyEy06UyBDGRK9ay3w4OZUT2SaP2RsNHQmp8rHqzOwveGfMEBbq5A==

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb6a7f39d0982d1605492df9ffaa28989d1829fdf91037053e4af527ae5ed797

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2
fonts.gstatic.com/s/firasans/v15/ 22 KB
23 KB 129ms
40ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/firasans/v15/va9B4kDNxMZdWfMOD5VnZKveRhf6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fira+Sans%3A300%2C400%2C500%2C700&subset=latin-ext&ver=5.9.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a90f9c307d889844f7286c11a9e8596c9a41b2e91123ab49cca0fbaa4b48dc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyberscoop.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 19:33:04 GMT
x-content-type-options: nosniff
age: 423813
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22760
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:05:58 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 06 Apr 2023 19:33:04 GMT

GET
H2 200 PuristaMedium.woff
www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/fonts/ 37 KB
37 KB 27ms
26ms Font
font/woff 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/fonts/PuristaMedium.woff
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: c0758721ba3b41bf0236a10348f8ad1ceb3336894bfbaca0b9d77fb366b585c1

Request headers

Referer: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Origin: https://www.cyberscoop.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
age: 72
x-cache: Miss from cloudfront
content-length: 37579
x-rq: hhn1 0 4 9980
last-modified: Tue, 05 Apr 2022 15:39:00 GMT
server: nginx
etag: W/"624c6294-9340"
access-control-allow-methods: GET, HEAD
content-type: font/woff
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
access-control-allow-origin: *
x-amz-cf-id: Y1c7PLoygbQkT1zDeNAz6akHohXkpTFTsLk54cIGQ3fOge9AtHNDmw==
expires: Tue, 11 Apr 2023 17:16:37 GMT

GET
H2

200

/ Show response
www.cyberscoop.com/advertising/ Frame 802B
Redirect Chain

https://www.cyberscoop.com/advertising/?id=leaderboard&page=article&parent_id=ad-ruX3FXOYPk-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cra...
https://www.cyberscoop.com/advertising/?id=leaderboard&parent_id=ad-ruX3FXOYPk-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

2 KB
1 KB

270ms
270ms

Document
text/html

52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/advertising/?id=leaderboard&parent_id=ad-ruX3FXOYPk-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx / WordPress VIP <https://wpvip.com>
Resource Hash: fcd8750f5c12ba2f9850049c6014c8fc5f3f8633256e76385c6e89515890bfaa

Request headers

Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:16:37 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://www.cyberscoop.com/wp-json/>; rel="https://api.w.org/" <https://www.cyberscoop.com/wp-json/wp/v2/pages/5054>; rel="alternate"; type="application/json" <https://www.cyberscoop.com/?p=5054>; rel=shortlink
server: nginx
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
x-amz-cf-id: HfPxwn8ZSSBCvVkm_Hlju4jlLcW4X8J4ZE7PPzGmbf41I-ctU4pdhA==
x-amz-cf-pop: HAM50-C2
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: hhn1 0 4 9980

Redirect headers

age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:16:37 GMT
host-header: a9130478a60e5f9135f765b23f26593b
location: https://www.cyberscoop.com/advertising/?id=leaderboard&parent_id=ad-ruX3FXOYPk-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
server: nginx
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
x-amz-cf-id: II76TuCewYbogvZ7vEOQv8vm5gm29slL9ilgyxchUBR_jHNFanzxYQ==
x-amz-cf-pop: HAM50-C2
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-redirect-by: WordPress
x-rq: hhn1 0 4 9980

GET
H2

200

/ Show response
www.cyberscoop.com/advertising/ Frame 905B
Redirect Chain

https://www.cyberscoop.com/advertising/?id=article&page=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
https://www.cyberscoop.com/advertising/?id=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

1 KB
1 KB

284ms
283ms

Document
text/html

52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/advertising/?id=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx / WordPress VIP <https://wpvip.com>
Resource Hash: 91a964487ecdaf0bf35faf0abd1b59ecc875f724b761c38046309f47b58d37da

Request headers

Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:16:37 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://www.cyberscoop.com/wp-json/>; rel="https://api.w.org/" <https://www.cyberscoop.com/wp-json/wp/v2/pages/5054>; rel="alternate"; type="application/json" <https://www.cyberscoop.com/?p=5054>; rel=shortlink
server: nginx
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
x-amz-cf-id: u0xgMr3ez0yLl_E2UB-YIuoMZqnKkIoPJJrPodwShzYwKLwYxCF2kA==
x-amz-cf-pop: HAM50-C2
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: hhn1 0 4 9980

Redirect headers

age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:16:37 GMT
host-header: a9130478a60e5f9135f765b23f26593b
location: https://www.cyberscoop.com/advertising/?id=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
server: nginx
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
x-amz-cf-id: 1gjQ8FaJcmlld8d6gYwfoMzfBjG__I_7-sJg2Fq6hD1yNbkhq-S4Zw==
x-amz-cf-pop: HAM50-C2
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-redirect-by: WordPress
x-rq: hhn1 0 4 9980

GET
H2

200

/ Show response
www.cyberscoop.com/advertising/ Frame EF7C
Redirect Chain

https://www.cyberscoop.com/advertising/?id=skyscraper&page=article&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
https://www.cyberscoop.com/advertising/?id=skyscraper&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

2 KB
1 KB

247ms
247ms

Document
text/html

52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/advertising/?id=skyscraper&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx / WordPress VIP <https://wpvip.com>
Resource Hash: 0b6a75c8a008114b5b09931e2e66fbe56e85f0043d653393dac6e38b91b3bded

Request headers

Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:16:37 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://www.cyberscoop.com/wp-json/>; rel="https://api.w.org/" <https://www.cyberscoop.com/wp-json/wp/v2/pages/5054>; rel="alternate"; type="application/json" <https://www.cyberscoop.com/?p=5054>; rel=shortlink
server: nginx
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
x-amz-cf-id: UWYwP1s2yHMQahGqHmL2GcvzG1YNcqHovjZg96fLKenjKpuZaygLOw==
x-amz-cf-pop: HAM50-C2
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: hhn1 0 4 9980

Redirect headers

age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:16:37 GMT
host-header: a9130478a60e5f9135f765b23f26593b
location: https://www.cyberscoop.com/advertising/?id=skyscraper&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
server: nginx
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
x-amz-cf-id: GKJCwvDkJTAN1X2lrieojTjZ9AaRZHrL8OT_eD4qS9Z9okAlUufqrw==
x-amz-cf-pop: HAM50-C2
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-redirect-by: WordPress
x-rq: hhn1 0 4 9980

GET
H2 200 GettyImages-1188634858.jpg
www.cyberscoop.com/wp-content/uploads/sites/3/2019/12/ 205 KB
206 KB 27ms
26ms Image
image/webp 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/uploads/sites/3/2019/12/GettyImages-1188634858.jpg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: c443762880d9d8b4faabb5d63205228757c7e6c9eeaaa404ac801f3046e80589

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
x-rq: hhn1 109 139 443
last-modified: Mon, 04 Apr 2022 19:08:40 GMT
server: nginx
x-amz-cf-pop: HAM50-C2
etag: "7fd20b7048fa3985"
x-cache: Miss from cloudfront
content-type: image/webp
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 209898
x-amz-cf-id: mm0uP6M8z6EjbKG3se1mfAZEyUJZvEL0Z_oZE-aY8YYkj1KULbIVpQ==
expires: Tue, 04 Apr 2023 19:08:40 GMT

GET
H2 200 va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2
fonts.gstatic.com/s/firasans/v15/ 23 KB
23 KB 184ms
115ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/firasans/v15/va9B4kDNxMZdWfMOD5VnLK3eRhf6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fira+Sans%3A300%2C400%2C500%2C700&subset=latin-ext&ver=5.9.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51aa1f55f3d344d82ece24055a31012cf77d10cc4a2f9307f5dea293118d40f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyberscoop.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 19:32:11 GMT
x-content-type-options: nosniff
age: 423866
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23724
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:06:37 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 06 Apr 2023 19:32:11 GMT

GET
H2 200 TK3iWkUHHAIjg752GT8G.woff2
fonts.gstatic.com/s/oswald/v47/ 25 KB
25 KB 145ms
76ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v47/TK3iWkUHHAIjg752GT8G.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald%3A300%2C400%2C700&subset=latin-ext&ver=5.9.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63e0f1d4d244fa557ae96c648168b0620a4f5ad3dbb653fc979a1b3ea0000699

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyberscoop.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 23:27:02 GMT
x-content-type-options: nosniff
age: 323375
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25384
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 07 Apr 2023 23:27:02 GMT

GET
H2 200 va9E4kDNxMZdWfMOD5Vvl4jL.woff2
fonts.gstatic.com/s/firasans/v15/ 22 KB
22 KB 164ms
95ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/firasans/v15/va9E4kDNxMZdWfMOD5Vvl4jL.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fira+Sans%3A300%2C400%2C500%2C700&subset=latin-ext&ver=5.9.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea03bd5d723c75f6d0a9419d4f9651afd78ea2a4abfcee7f926cbde0681a2671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyberscoop.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 06 Apr 2022 19:32:11 GMT
x-content-type-options: nosniff
age: 423866
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22592
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:05:52 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 06 Apr 2023 19:32:11 GMT

GET
H2

200

/ Show response
www.cyberscoop.com/advertising/ Frame 0049
Redirect Chain

https://www.cyberscoop.com/advertising/?id=billboard&page=article&position=bottom&parent_id=ad-KYv6hV90ia-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2...
https://www.cyberscoop.com/advertising/?id=billboard&position=bottom&parent_id=ad-KYv6hV90ia-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cranso...

2 KB
1 KB

276ms
276ms

Document
text/html

52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/advertising/?id=billboard&position=bottom&parent_id=ad-KYv6hV90ia-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx / WordPress VIP <https://wpvip.com>
Resource Hash: 5d2537391205a79b8e556549d0ec25f7b3dee4036bfc8f424b7c13fd626d43e5

Request headers

Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:16:37 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://www.cyberscoop.com/wp-json/>; rel="https://api.w.org/" <https://www.cyberscoop.com/wp-json/wp/v2/pages/5054>; rel="alternate"; type="application/json" <https://www.cyberscoop.com/?p=5054>; rel=shortlink
server: nginx
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
x-amz-cf-id: ThADgLrNbZ_C4VhDCHZrf9HNT5G1GqyQiPNT4nhTgT4HUWeePRn_SQ==
x-amz-cf-pop: HAM50-C2
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: hhn1 0 4 9980

Redirect headers

age: 0
content-encoding: gzip
content-length: 20
content-type: text/html; charset=UTF-8
date: Mon, 11 Apr 2022 17:16:37 GMT
host-header: a9130478a60e5f9135f765b23f26593b
location: https://www.cyberscoop.com/advertising/?id=billboard&position=bottom&parent_id=ad-KYv6hV90ia-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk
server: nginx
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
x-amz-cf-id: EASxoJzSYezdZwF87OXH4RMoN9k7osLLYrblzlen-_xAE_2QL3lYJw==
x-amz-cf-pop: HAM50-C2
x-cache: Miss from cloudfront
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-redirect-by: WordPress
x-rq: hhn1 0 4 9980

GET
H2 200 GettyImages-1186593421.jpg
www.cyberscoop.com/wp-content/uploads/sites/3/2022/04/ 21 KB
22 KB 31ms
30ms Image
image/webp 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/uploads/sites/3/2022/04/GettyImages-1186593421.jpg?w=257
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: deafbabde299246dad329a0f8ce7ec682ef8a1de7926811e7a2db9a27b745a24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
x-rq: hhn1 109 195 443
last-modified: Mon, 11 Apr 2022 13:55:57 GMT
server: nginx
x-amz-cf-pop: HAM50-C2
etag: "5b1255fbb44b3134"
x-cache: Miss from cloudfront
content-type: image/webp
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 21602
x-amz-cf-id: HizhmaiFuMURMsiZSEWU_Ax0TYIS6Lu__CRxW-BfR_9FbWhwVZvhkw==
expires: Tue, 11 Apr 2023 13:55:57 GMT

GET
H2 200 GettyImages-1389898678.jpg
www.cyberscoop.com/wp-content/uploads/sites/3/2022/04/ 15 KB
15 KB 32ms
27ms Image
image/webp 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/uploads/sites/3/2022/04/GettyImages-1389898678.jpg?w=257
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: 4be6258bf1ecf7fc9af2fd62a01c10ebc029b3973932838a7b32d51e395ba519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
x-rq: hhn1 109 83 443
last-modified: Mon, 11 Apr 2022 13:00:13 GMT
server: nginx
x-amz-cf-pop: HAM50-C2
etag: "a87a9d537963acaf"
x-cache: Miss from cloudfront
content-type: image/webp
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 15160
x-amz-cf-id: hfYx3iqfOB5ig61j3J1XbDs7KMWwymZnAeYtVLJPixw4QEjXi-lgLw==
expires: Tue, 11 Apr 2023 13:00:13 GMT

GET
H2 200 GettyImages-1239829997.jpg
www.cyberscoop.com/wp-content/uploads/sites/3/2022/04/ 10 KB
10 KB 37ms
33ms Image
image/webp 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/uploads/sites/3/2022/04/GettyImages-1239829997.jpg?w=257
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: 5d0bcf86bdafd80020b30534c6f961807989c12f56226dc0dadcb7785f619393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
x-rq: hhn1 109 83 443
last-modified: Fri, 08 Apr 2022 18:28:20 GMT
server: nginx
x-amz-cf-pop: HAM50-C2
etag: "b4cdc7e1041e7770"
x-cache: Miss from cloudfront
content-type: image/webp
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 9804
x-amz-cf-id: qrSay_ceKu2DN6XC03TiHNtxLw_uiuF52G6nwy62BZAc2Z3pndX49Q==
expires: Sat, 08 Apr 2023 18:28:20 GMT

GET
H2 200 facebook_logo_white.png
www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/ 361 B
746 B 32ms
30ms Image
image/png 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/facebook_logo_white.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: 34b8701fdcbd5b7f4b776178cf1c52b3754f60027bf85af5a8573c3208f77890

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
x-rq: hhn1 0 4 9980
last-modified: Mon, 14 Mar 2022 21:37:55 GMT
server: nginx
age: 1811613
etag: "622fb5b3-169"
x-cache: Miss from cloudfront
content-type: image/png
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-length: 361
x-amz-cf-id: HYwHqH0vDyMIxXkMbPEhq-F5ti0b6DxkGWcFSwu2_YxPHnvdjWNupg==
expires: Tue, 11 Apr 2023 17:16:37 GMT

GET
H2 200 twitter_logo_white.png
www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/ 481 B
864 B 31ms
29ms Image
image/png 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/twitter_logo_white.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: ea7c3c1fb429c64a75b15bc3d82e99987c40229c3275a5d0c37deb6143e4cf6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
x-rq: hhn1 0 4 9980
last-modified: Mon, 14 Mar 2022 21:37:55 GMT
server: nginx
age: 1811613
etag: "622fb5b3-1e1"
x-cache: Miss from cloudfront
content-type: image/png
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-length: 481
x-amz-cf-id: 3o_bL6yEgUEG6e6kECiSjE87_n7TU7azPuUjUP5gUtWDThy03u-tZw==
expires: Tue, 11 Apr 2023 17:16:37 GMT

GET
H2 200 linkedin_logo_white.png
www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/ 946 B
1 KB 35ms
33ms Image
image/png 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/linkedin_logo_white.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: eecc78f834649472672438efb8854e77ac8571a4c901d3c102a2554c3059ba7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
age: 1811613
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 969
x-rq: hhn1 0 4 9980
last-modified: Mon, 14 Mar 2022 21:37:55 GMT
server: nginx
etag: W/"622fb5b3-3b2"
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
x-amz-cf-id: 3AK3P8k9t4UntMiKtBc6Waui3wZO_frr_r1tX33kzFhBHI4bpZ_c1w==
expires: Tue, 11 Apr 2023 17:16:37 GMT

GET
H2 200 instagram_logo_white.svg
www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/ 2 KB
1 KB 34ms
32ms Image
image/svg+xml 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cyberscoop.com/wp-content/themes/wp-theme-cyberscoop/images/icons/instagram_logo_white.svg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: e55b5cba1f8e7604687c4f99ab7b1c3bf971ab991ec0fae83fb221b98daf07c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
age: 266
x-cache: Miss from cloudfront
content-length: 669
x-rq: hhn1 0 4 9980
last-modified: Tue, 05 Apr 2022 15:39:00 GMT
server: nginx
etag: W/"624c6294-625"
content-type: image/svg+xml
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
x-amz-cf-id: elxL7Ip_uncbIqnbgJiUnrBhdapgv4gUxIdclLGOhFD29oTUrF30Mw==
expires: Tue, 11 Apr 2023 17:16:37 GMT

GET
H/1.1 200
OK Stacked_SNG.png
s3.amazonaws.com/sng-global-web-assets/logo/ 12 KB
12 KB 114ms
113ms Image
image/png 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/Stacked_SNG.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 942e44b1cef3a0678c306625f42ea1cd180d9ee9fbe443ed98fc1076c07493a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Thu, 21 Jan 2021 23:37:33 GMT
Server: AmazonS3
x-amz-request-id: F52QSTT7V7NDBAN3
ETag: "793107aa127f2349e0bb9d0df99cd240"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 11864
x-amz-id-2: AIXMqEml57SAMDO0ijy+7iJsVCKykHaoAlYPUrRt7CCy2d/+5Dv/Y5VfxBRc+9jBVbGZiJm40szm8hx88VcPLQ==

GET
H/1.1 200
OK Stacked_CyberScoop.png
s3.amazonaws.com/sng-global-web-assets/logo/ 5 KB
5 KB 109ms
109ms Image
image/png 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/Stacked_CyberScoop.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 96b8a4481da526ff5a1a77c312a2aa83df0d0821e90dc91ccfad3fa53526a163

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Thu, 21 Jan 2021 23:37:33 GMT
Server: AmazonS3
x-amz-request-id: F52QAYPYB3ASC289
ETag: "6b8717aa8156bf0573b498232d63b71f"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 5199
x-amz-id-2: SPyYLefbhXrYN1nWZ27rEDwWd0WiCpAKyG+VzJXpvWb+mugkTPiLdrX/i+uuOSxHim2svwDQ4LGxExlls4XovQ==

GET
H/1.1 200
OK Stacked_FedScoop.png
s3.amazonaws.com/sng-global-web-assets/logo/ 4 KB
4 KB 112ms
111ms Image
image/png 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/Stacked_FedScoop.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9146f6ec02b7c1db65d152424e1d5e5f3a5d7d6ca91d1282a7e678150683876f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Thu, 21 Jan 2021 23:37:33 GMT
Server: AmazonS3
x-amz-request-id: F52PE5351EHKA7SW
ETag: "da067ed314fa2f647e16efb7331759de"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 4000
x-amz-id-2: R9dvBuvyofEBvpJKkU8QtykTur0l2AGIc2fslyVkQHTjTH9NCvIyz/4ND5aFXYkoTYIKplB3Pi8kKDBqZQiqNw==

GET
H/1.1 200
OK Stacked_StateScoop.png
s3.amazonaws.com/sng-global-web-assets/logo/ 5 KB
5 KB 112ms
111ms Image
image/png 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/Stacked_StateScoop.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ccd21ebd19b259d979d4ddf5af0751f6fae149746ae2e7a164beec2a600682be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Thu, 21 Jan 2021 23:37:33 GMT
Server: AmazonS3
x-amz-request-id: F52ZPSABKNZPCDAV
ETag: "62c167ae878c0c3b3a41b50025cacba7"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 4872
x-amz-id-2: etZmQxN6oAQLmsOw9/Nw0CeZVcR2hymQ13D5TvNTUj6oRNEmlRp8p5pA3bpG4musJ1ZpcecQtuZBf4PW+hbSFw==

GET
H/1.1 200
OK Stacked_EdScoop.png
s3.amazonaws.com/sng-global-web-assets/logo/ 4 KB
4 KB 121ms
121ms Image
image/png 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/Stacked_EdScoop.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7f134de2e6859c8b9a8acb3f07c54f04c9fbe04c3381e137d85e2f0cb08a526b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Wed, 25 Aug 2021 20:12:45 GMT
Server: AmazonS3
x-amz-request-id: F52JSASX5YZ4ZGWB
ETag: "779a62747ba1fe2dfac41aa83a03313c"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 3934
x-amz-id-2: 6daF8mQ/n/4b8nOTm1wvfZX+32z2HHEl2Qx7Vd44zhb/ZjaXTmq5tDn8+t4b7xJcHPTtGOhmdN9teiZEHAsgCA==

GET
H/1.1 200
OK Stacked_WorkScoop.png
s3.amazonaws.com/sng-global-web-assets/logo/ 5 KB
6 KB 112ms
112ms Image
image/png 3.5.9.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/sng-global-web-assets/logo/Stacked_WorkScoop.png
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/_static/??-eJydjM0KwkAMhF/IbVwtigfxWdKY6uL+kaRK3966IF48iKf5GGY+eFRHJRtngxqnS8gKSzUpi8M7GgqgKpsCqcIobXruUsjdUqzg5/sY0Wqgm3zoD4tyZLLNO78a7MqJm6CRo3lgUSqlgtoc+XU4paPf9Qe/3/p+/QR3QmD3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.9.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3046ab26982b61a2fc0f0fae7ed7f416e9113f924db911efa97b5b80ae16726d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:38 GMT
Last-Modified: Wed, 25 Aug 2021 20:12:37 GMT
Server: AmazonS3
x-amz-request-id: F52MZX1P224E697E
ETag: "b5d5b8c0479b1963324ebca52c96a43b"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 5349
x-amz-id-2: /Vf8DGXAYFKdmD3/G4XLWuxhvW+vP9MkDBmNAQr+cInenWgnguL9oGeS2KTGUdyLqqavQkXKXz62zSuF4EolhA==

GET
H2 200 20762415-8082-48f0-b243-36443c93d852 Show response
forms.hsforms.com/embed/v3/form/2153467/ 20 KB
5 KB 175ms
145ms Script
application/javascript 2606:4700::6810:5505
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/2153467/20762415-8082-48f0-b243-36443c93d852?callback=hs_reqwest_0&hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5505 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55b94d6f0aeb3b60698a1fc65de26907cf486e6e2c56236e0d027f1eadc6c271

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-origin-hublet: na1
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 6f7f84cb-62c0-4c3e-8909-4fe4d6369812
content-disposition: attachment; filename=no-rfd.txt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-robots-tag: none
server: cloudflare
x-trace: 2B20B0AF4A840A0AE77489BA5DADE397B958F52365000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 6fa55efc8d8f9061-FRA
access-control-expose-headers: X-Origin-Hublet

GET
H2 200 g.gif
pixel.wp.com/ 50 B
75 B 7ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.23007417372371175
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 6ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.8&blog=200379745&post=64077&tz=-4&srv=www.cyberscoop.com&hp=vip&host=www.cyberscoop.com&ref=&rand=0.25226798387607574
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 454.js Show response
www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/ 50 KB
18 KB 32ms
32ms Script
application/javascript 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/454.js?minify=false&ver=948c2c9d7b88a153508e
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=8654f1efea7bf1b79584c07f1d458382
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: 3d5c432ac1f87c116b88388348b78c08278195f455202173393b9c0576bfb6ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
age: 344466
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 17719
x-rq: hhn1 0 4 9980
last-modified: Thu, 07 Apr 2022 17:16:17 GMT
server: nginx
etag: W/"624f1c61-c704"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
x-amz-cf-id: 6bZwRWzpGBb4TUwLm_waxKJpyTGnLW8aJqwr424VLj5Gd_RB5nKduA==
expires: Tue, 11 Apr 2023 17:16:37 GMT

GET
H2 200 jp-search.chunk-main-payload.css
www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/ 31 KB
5 KB 30ms
30ms Stylesheet
text/css 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.css?minify=false&ver=aaceb2477698617460cf
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=8654f1efea7bf1b79584c07f1d458382
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: c8c35e0f00ccdca409b0b7340bb4c008649529b40a786a51e6d732cbf4f845e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
age: 344466
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 4299
x-rq: hhn1 0 4 9980
last-modified: Thu, 07 Apr 2022 17:16:17 GMT
server: nginx
etag: W/"624f1c61-7d7c"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
x-amz-cf-id: KY5-5r8PhGQRV0O8X0IgAYi_fNYwVltpTvq3ox83VLeMxHlm6HbY0g==
expires: Tue, 11 Apr 2023 17:16:37 GMT

GET
H2 200 jp-search.chunk-main-payload.js Show response
www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/ 74 KB
19 KB 29ms
29ms Script
application/javascript 52.222.186.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=6ffb9dd4678b2461bfeb
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.js?minify=false&ver=8654f1efea7bf1b79584c07f1d458382
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.186.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-186-77.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: e448366ba538d2d65714f62ae1af89f2f5dd3ccc64af549bb3a84d9cea541dcb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/fin7-ransomware-mandiant/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
via: 1.1 3db7f91696447b8891fcb8247d1ed788.cloudfront.net (CloudFront)
age: 344466
x-cache: Miss from cloudfront
content-encoding: gzip
content-length: 19052
x-rq: hhn1 0 4 9980
last-modified: Thu, 07 Apr 2022 17:16:17 GMT
server: nginx
etag: W/"624f1c61-1260c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
x-amz-cf-id: rYV3KF9UVpkeTvx7ThEBqIk6zQcZe9S20Z3nYTkLU9jIJxVyIy5tiw==
expires: Tue, 11 Apr 2023 17:16:37 GMT

GET
H2 200 sm.23.html Show response
static.addtoany.com/menu/ Frame D2BE 741 B
555 B 25ms
24ms Document
text/html 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.23.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1764978
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 6fa55efc7a7c5b9e-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 11 Apr 2022 17:16:37 GMT
etag: W/"2e5-5cc9e128a4c38"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Wed, 22 Sep 2021 23:42:51 GMT
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e4s
x-content-type-options: nosniff

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 icons.30.svg.js Show response
static.addtoany.com/menu/svg/ 77 KB
33 KB 23ms
23ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.30.svg.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6601679
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 10 Nov 2021 01:49:04 GMT
server: cloudflare
etag: W/"132a9-5d0656e4a26b3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 6fa55efc98fd8fd4-FRA
cf-bgj: minify

GET
H3 200 pubads_impl_2022040601.js Show response
securepubads.g.doubleclick.net/gpt/ 369 KB
125 KB 72ms
32ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

e39d8d1a1f8935d9609168b378a0caf1697fff05bfb0ade214447b65071f1f3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:13:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 204
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128287
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 09:49:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 11 Apr 2023 17:13:13 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 40 B
78 B 84ms
44ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

51e841ae906f8d9003aa8487c11792ceceaac3259e068c2cadceabfe7ede15b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54
x-xss-protection: 0
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 29ms
9ms Script
application/x-javascript 2a02:26f0:3500:7::17d8:4dca
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:7::17d8:4dca Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 11 Apr 2022 17:16:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 Mar 2022 23:45:34 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=66307
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3104

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 28ms
9ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
last-modified: Tue, 29 Mar 2022 00:09:12 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kjyo7100092-IAD, cache-hhn11583-HHN

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 24ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26311
x-xss-protection: 0
pragma: public
x-fb-debug: a2tjs6pd6thvUHWp9zOmewJ/SVnX8L2/gq5nc8gAsMP0yOH6Q42hj4kMCIeRDa5u747ahsACMikvAMmObG2ARQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 11 Apr 2022 17:16:37 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 2153467.js Show response
js.hs-scripts.com/ 857 B
862 B 55ms
22ms Script
application/javascript 2606:4700::6811:d2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/2153467.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 376a0df7dcce3d239b9db94ac3ddf85a27f8fbfeafba4d892c0b2212d1cbd3fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6
cf-polished: origSize=964
x-hubspot-correlation-id: 4b3c6742-f77d-4c58-bf74-c26481d694c0
last-modified: Mon, 11 Apr 2022 17:16:31 GMT
server: cloudflare
x-trace: 2B8575111F4D56039B2CDFEE1608885F7B308E390C000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.cyberscoop.com
expires: Mon, 11 Apr 2022 17:17:37 GMT
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 6fa55efd9a5a9158-FRA
cf-bgj: minify

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 126ms
39ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KR697BF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3566
date: Mon, 11 Apr 2022 16:17:11 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 11 Apr 2022 18:17:11 GMT

GET
H3 200 css
fonts.googleapis.com/ 2 KB
521 B 97ms
50ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9fc929f9d307cf53bea691c3794c5ee2874ff5e1d2c7d308d71120ae3aa8c788

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 16:44:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 11 Apr 2022 17:16:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 136ms
48ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 149ms
48ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 49 KB
19 KB 77ms
76ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=339976563065234&correlator=1976497533293531&eid=31066920&output=ldjh&gdfp_req=1&vrg=2022040601&ptt=17&impl=fif&iu_parts=18430785%2Ccswelcome&enc_prev_ius=%2F0%2F1&prev_iu_szs=640x480&ifi=1&adks=113530204&sfv=1-0-38&ecs=20220411&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1649697397410&lmt=1649697397&dlt=1649697396833&idt=555&biw=1600&bih=1200&adxs=480&adys=365&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=640x532&msz=640x480&fws=4&ohw=1600&ga_vid=971407664.1649697397&ga_sid=1649697397&ga_hid=1860001298&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

64485af5cc69080f6972dabed355ca821a62d0f8a16ca87a716878a3f15ecd3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19433
x-xss-protection: 0
google-lineitem-id: 5908512188
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138380260324
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 50 KB
19 KB 81ms
80ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=339976563065234&correlator=1976497533293531&eid=31066920&output=ldjh&gdfp_req=1&vrg=2022040601&ptt=17&impl=fif&iu_parts=18430785%2Ccswelcomemobile&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=2&adks=3498381169&sfv=1-0-38&ecs=20220411&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1649697397414&lmt=1649697397&dlt=1649697396833&idt=555&biw=1600&bih=1200&adxs=-12245933&adys=-12245933&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=640x532&msz=300x250&fws=132&ohw=1600&ga_vid=971407664.1649697397&ga_sid=1649697397&ga_hid=1860001298&ga_fc=false&btvi=-1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

584b68f5270ff22567c6664adae3a6a61754401225714742307351dc2797e02d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19842
x-xss-protection: 0
google-lineitem-id: 5944509791
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138383840985
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
da26b7b2d708a73695478cb8cd65eb22.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E995 6 KB
4 KB 162ms
47ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://da26b7b2d708a73695478cb8cd65eb22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:16:37 GMT
expires: Tue, 11 Apr 2023 17:16:37 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649697397428&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D50036%26time%3D1649697397428%26url%3Dhttps%253A%252F%252Fwww.cyberscoop.com%252Ff...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649697397428&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649697397428&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&liSync=true&e_ipv6=AQKT1izTLIvavwAAAYAZoJzDxpvC6bFbhB...

0
265 B

209ms
191ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649697397428&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&liSync=true&e_ipv6=AQKT1izTLIvavwAAAYAZoJzDxpvC6bFbhBz0h5rUVLaW85LaafOjCbPgV9Nk4wGrH2HNs00Y
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: D6ACE17CD28E4BE99669375B4EA74196 Ref B: FRAEDGE1206 Ref C: 2022-04-11T17:16:38Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXcZBtnUB9rTfAK2OLCqg==
x-li-fabric: prod-lor1

Redirect headers

date: Mon, 11 Apr 2022 17:16:37 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: CFCC8E9265A94BDB8892A843EEDA3A12 Ref B: FRAEDGE1410 Ref C: 2022-04-11T17:16:37Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=50036&time=1649697397428&url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&liSync=true&e_ipv6=AQKT1izTLIvavwAAAYAZoJzDxpvC6bFbhBz0h5rUVLaW85LaafOjCbPgV9Nk4wGrH2HNs00Y
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXcZBtkLu4FpskeQ3wwmw==

GET
H3 200 896395920528126 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 69ms
60ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/896395920528126?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

742d2f7f43e3eb8c7e5a12f24afcd4dcc03e11a31223060eb03d95b91ec07cc7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: fCew4NiE39MawxwhBFedlucckwNGQYWdbIet1jr714Ty4q3NvJS74IrPgixRxDVbuRQ43pIFI0x8TBEVR6KuyQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 11 Apr 2022 17:16:37 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
459 B 140ms
119ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nv8sr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=efabafff-2c5d-4ce8-96bc-64718c78ac79&tw_document_href=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time: 112
date: Mon, 11 Apr 2022 17:16:36 GMT
content-encoding: gzip
server: tsa_o
strict-transport-security: max-age=631138519
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0
x-connection-hash: fb760b7df15083e6b077d93223bc3cb186a470a6686150d6d6b5956ad33fb9e4
content-type: application/javascript;charset=utf-8
content-length: 57

GET
H2 200 adsct
t.co/i/ 43 B
337 B 136ms
115ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nv8sr&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=efabafff-2c5d-4ce8-96bc-64718c78ac79&tw_document_href=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time: 109
date: Mon, 11 Apr 2022 17:16:37 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 8384bda234d6798662204682e45213341d3191150044c0aa6e80a32edd4e4b4f
content-length: 43

GET
H2 200 2153467.js Show response
js.hs-analytics.net/analytics/1649697300000/ 62 KB
20 KB 190ms
158ms Script
text/javascript 2606:4700::6811:46b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1649697300000/2153467.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2153467.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:46b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e9ce5f71d5199340f9f109561dc1a65bcbba9d4d1ac51546e04ae69f2695784

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: F52G7W0J17WG3KHR
x-amz-server-side-encryption: AES256
cf-ray: 6fa55efe382e5c02-FRA
x-amz-id-2: +dLpBsofzoCc6h/VaEkHv2kx4PYw5HULMc12dHEkzr1QOAsSuDDChQDvEnbz0BWt8YIvTYu6Vew=
last-modified: Thu, 24 Feb 2022 12:07:10 GMT
server: cloudflare
etag: W/"1fa5c84f0d8dafc6fe327ea7de52c297"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Mon, 11 Apr 2022 17:21:37 GMT

GET
H2 200 2153467.js Show response
js.hs-banner.com/ 61 KB
16 KB 526ms
487ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/2153467.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2153467.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a2814888079619c511d69af17514a0c7bb4f942be94784bcbf85f68fcea6f7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: GJHF79D2QHFT6QED
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: cvFvT6k7JSpEJp1b8mAVOR+bn00jm4RiAZlOEfqvNS9VfDzXk4DoqHHTBMBOtvNXt7wPWjh+YGI=
timing-allow-origin: *
last-modified: Thu, 17 Feb 2022 20:45:11 GMT
server: cloudflare
etag: W/"fe1f8d01c1ccff5464f811298450eadd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: P7RL02J__oOn5v952CjOhmYEuyztTg7c
access-control-allow-origin: https://www.fedscoop.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 6fa55efe3b4e9c0a-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Mon, 11 Apr 2022 17:21:37 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 93ms
46ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1860001298&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&dp=%2Fwelcome%2Ffin7-ransomware-mandiant%2F&ul=en-us&de=UTF-8&dt=Notorious%20hacking%20group%20FIN7%20adds%20ransomware%20to%20its%20repertoire%20-%20CyberScoop&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAEABAAAAAC~&jid=1664023740&gjid=1220159107&cid=971407664.1649697397&tid=UA-80491860-1&_gid=1713778562.1649697397&_r=1&gtm=2wg3u0KR697BF&z=572994613

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberscoop.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6D44 0
0 68ms
67ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsugetHrdOUAL-A4zjD1KpJHtPdsjxTA0QrCROWR6C57qyE4VYbnusULdwdw2uu6tn_GiziJq4g0ZQDzbtEmEWX4QZRNYT7ghEOwoNrgCu4k2tFXdvqzCER2Gj1Ec4clW23SWP2dQizbyMi5rjf_GWnRKKkbu0HHfyLO9UjDoEbTQm-AyUa6yED7lsnShWt3OsJ5bOGDQzfeezghdHA2IYs10SjyWlH_870M5QOGq9W_KWC19RX2iFrJy0mXUt_PhI5cmDPNEHds7V36aWkxP6BRXE_1z8FmBggGjwR2gSVgxLEtnIafIPDh&sai=AMfl-YRkaqeG_M-ouE0ZKE83cL67qGJ23yvUxEt8ma2Wt6Pr7vx0oZMDlU9URBqAb1qLKtFbCTyYcD60WnKCo0TKW2xORe8zlZXxXpF9Axwx&sig=Cg0ArKJSzAZ3ZzVa_ZDWEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame 6D44 19 KB
8 KB 140ms
38ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:14:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
server: cafe
etag: 3330746967810570135
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:14:36 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 6D44 3 KB
1 KB 150ms
49ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:14:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:14:37 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6D44 119 KB
36 KB 102ms
53ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649247338736001"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6D44 0
0 135ms
48ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSDGy4iRiatpuxMI5EIxQ3V54FU5La7kUOHKkb57MRpmC3ljBIquVMMGn68c-TzEm_o07xt
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H2 200 17171698307552820954
tpc.googlesyndication.com/simgad/ Frame 6D44 298 KB
299 KB 143ms
52ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17171698307552820954

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15102f00c0b20cff64250b68bc217f41647feb7e76110f62d16234cbc49c63d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 16:23:21 GMT
x-content-type-options: nosniff
age: 3196
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 305541
x-xss-protection: 0
last-modified: Tue, 01 Feb 2022 14:48:39 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 11 Apr 2023 16:23:21 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5CD0 0
0 67ms
67ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvRune6Yb2gEbbcUHkMoLjAbbUHRmtA6aggPBHNwU-pRnqK_LRryYFlbNXeKeeHtFtfGQzYE6x0aAAZ0a-oM6TcJIxKGn9ufTpI8ucmCyKYY4XpKV1yPEsjUfIBfzoZnwB4Gtg1TtLEXdA-0l1NPO6AC3OiXGbTGXPlNLxx56bjDJEPwlI3oG1N0TDkuCPd3pbRVEqi9kqCwNHpaoyZqRqqicqjE4GgC4nmot_Kmxr7VhhdQTl8u5itsVM-FH7gnI69It20iFROcdHn_BZ-iBePLsmmJKKB_0VW9GNZzUjdyAOvCUn4_sQJ7lfrFUrS&sai=AMfl-YRrGZVvWjrRQQhoXjH7zglBufRkRdvjMe05UiOF2YdiS6cOYbkQ0DfPU9q77YcYpkBq_xL87DevtwPN3yRlBgD3zKiAaMLHhfKsoJRd04YT9M7ckJsQK_31MNLIgqdq&sig=Cg0ArKJSzNYnfAKxOv7QEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame 5CD0 19 KB
8 KB 138ms
44ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:14:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
server: cafe
etag: 3330746967810570135
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:14:36 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 5CD0 3 KB
1 KB 93ms
51ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:14:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:14:37 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5CD0 119 KB
36 KB 120ms
77ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649247338736001"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 5CD0 0
0 47ms
47ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSBOu6i_W3cThlx7iIzRMkJdHl-LJIsYEqOdGdZLWWF7FG9STdvNEr-GUs_TnU5wE5a01Gtg8ShIwdTuXnF4vYA6fjd0A
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H2 200 5108896164038838985
tpc.googlesyndication.com/simgad/ Frame 5CD0 17 KB
17 KB 180ms
179ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5108896164038838985

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e5210289b40153dcb9368735fa13d3c9e6be8599442250145b257460c628566

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 19:39:30 GMT
x-content-type-options: nosniff
age: 509827
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16976
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 15:17:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 05 Apr 2023 19:39:30 GMT

GET
H2 200 search Show response
public-api.wordpress.com/rest/v1.3/sites/200379745/ 11 KB
3 KB 244ms
223ms Fetch
application/json 192.0.78.22
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/rest/v1.3/sites/200379745/search?fields%5B0%5D=date&fields%5B1%5D=permalink.url.raw&fields%5B2%5D=tag.name.default&fields%5B3%5D=category.name.default&fields%5B4%5D=post_type&fields%5B5%5D=shortcode_types&highlight_fields%5B0%5D=title&highlight_fields%5B1%5D=content&highlight_fields%5B2%5D=comments&query=&sort=score_default&size=10

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/wp-content/mu-plugins/jetpack-10.8/jetpack_vendor/automattic/jetpack-search/build/instant-search/jp-search.chunk-main-payload.js?minify=false&ver=6ffb9dd4678b2461bfeb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.22 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a64b8e77b5bae1c5abdc7db40f8ec01c21f7a8da72beb480a1fbd27e4b6b8c60

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-hacker: Oh, Awesome: Opossum
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: false
x-ac: 1.hhn _dca
strict-transport-security: max-age=15552000
host-header: WordPress.com
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 24ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=896395920528126&ev=PageView&dl=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&rl=&if=false&ts=1649697397549&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1649697397548.306029051&it=1649697397434&coo=false&exp=p0&rqm=GET

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame EF7C 82 KB
28 KB 103ms
102ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/advertising/?id=skyscraper&position=sticky&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05a7c7b8afab781586d1052479ccb01ed38a11d57f8a79e1e44fdfc9f2f69ce1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28347
x-xss-protection: 0
server: sffe
etag: "1184 / 978 of 1000 / last-modified: 1649675379"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 11 Apr 2022 17:16:37 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
444 B 56ms
19ms XHR
text/plain 2a00:1450:400c:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-80491860-1&cid=971407664.1649697397&jid=1664023740&gjid=1220159107&_gid=1713778562.1649697397&_u=YAhAAEAAAAAAAC~&z=1805063039

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cyberscoop.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 11 Apr 2022 17:16:37 GMT
content-type: text/plain
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 905B 82 KB
28 KB 97ms
97ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/advertising/?id=article&position=static&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe17479e7a7f66da1bcae6679c2b230b8bb9f36ac2025f2833ef46944219335

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28341
x-xss-protection: 0
server: sffe
etag: "1184 / 23 of 1000 / last-modified: 1649675379"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 0049 82 KB
28 KB 68ms
68ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/advertising/?id=billboard&position=bottom&parent_id=ad-KYv6hV90ia-billboard&category=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13cec7b80effcf5f705c615043d81274bebf1e9af6ea8fc711cfc95a2e136e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28348
x-xss-protection: 0
server: sffe
etag: "1184 / 899 of 1000 / last-modified: 1649675564"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 802B 82 KB
28 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/advertising/?id=leaderboard&parent_id=ad-ruX3FXOYPk-leaderboard&categories=threats&tags=blackcat%2Ccolonial-pipeline%2Cdarkside%2Cfin7%2Cmandiant%2Cmaze%2Cransomware%2Cryuk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13cec7b80effcf5f705c615043d81274bebf1e9af6ea8fc711cfc95a2e136e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28348
x-xss-protection: 0
server: sffe
etag: "1184 / 783 of 1000 / last-modified: 1649675564"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
324 B 112ms
110ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-80491860-1&cid=971407664.1649697397&jid=1664023740&_u=YAhAAEAAAAAAAC~&z=1259574480

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 164ms
77ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-80491860-1&cid=971407664.1649697397&jid=1664023740&_u=YAhAAEAAAAAAAC~&z=1259574480

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 6D44 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e14f14e7f66a928803c8780bae40f3b3d143114d4ba539ed6ee16c8094c1c9c0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pubads_impl_2022040601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame EF7C 369 KB
125 KB 32ms
32ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

e39d8d1a1f8935d9609168b378a0caf1697fff05bfb0ade214447b65071f1f3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:13:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 204
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128287
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 09:49:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 11 Apr 2023 17:13:13 GMT

GET
H3 200 pubads_impl_2022040601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 905B 369 KB
125 KB 37ms
37ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

e39d8d1a1f8935d9609168b378a0caf1697fff05bfb0ade214447b65071f1f3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:13:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 204
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128287
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 09:49:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 11 Apr 2023 17:13:13 GMT

GET
H3 200 pubads_impl_2022040701.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 0049 368 KB
125 KB 46ms
45ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

4eba10304f45a9ca7d6b3b882e564a5dd00d3900dc515fbe6137765ed0fb45a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 15:15:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7276
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127673
x-xss-protection: 0
last-modified: Thu, 07 Apr 2022 08:34:53 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 11 Apr 2023 15:15:21 GMT

GET
H3 200 pubads_impl_2022040701.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 802B 368 KB
125 KB 46ms
45ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

4eba10304f45a9ca7d6b3b882e564a5dd00d3900dc515fbe6137765ed0fb45a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 15:15:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7276
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127673
x-xss-protection: 0
last-modified: Thu, 07 Apr 2022 08:34:53 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 11 Apr 2023 15:15:21 GMT

GET
H3 200 TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
fonts.gstatic.com/s/oswald/v47/ 10 KB
10 KB 87ms
40ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v47/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a354f3d28b56276cc1c16d970f65ddb3ecec48cb1b79a1a32e0e3929e584607

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cyberscoop.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 07 Apr 2022 23:35:55 GMT
x-content-type-options: nosniff
age: 322842
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9828
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:03:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 07 Apr 2023 23:35:55 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame EF7C 107 B
122 B 97ms
49ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame EF7C 107 B
122 B 96ms
49ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EF7C 51 KB
20 KB 80ms
80ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4273016630362020&correlator=1061547930832714&eid=31064018&output=ldjh&gdfp_req=1&vrg=2022040601&ptt=17&impl=fif&iu_parts=18430785%2CCyberScoop_HalfPage_300x600&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&ifi=1&adks=2863372106&sfv=1-0-38&ecs=20220411&fsapi=false&prev_scp=Tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&sc=1&cookie=ID%3Dcd6132755c65c14d-2249681c74cd00d8%3AT%3D1649697397%3AS%3DALNI_MY1GT-ZWT-3Am0_NEOchLio7gX6ZA&cdm=www.cyberscoop.com&abxe=1&dt=1649697397799&lmt=1649697397&dlt=1649697397570&idt=220&biw=1600&bih=1200&isw=300&ish=600&adxs=983&adys=1605&ucis=fwzo6q3yxa4c&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fwww.cyberscoop.com%2Fadvertising%2F%3Fid%3Dskyscraper%26position%3Dsticky%26categories%3Dthreats%26tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&ref=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&top=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&frm=23&vis=1&scr_x=0&scr_y=0&psz=300x600&msz=300x-1&fws=256&ohw=0&ea=0&ga_vid=971407664.1649697397&ga_sid=1649697398&ga_hid=1127187583&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

56ff87fd044ab9f1eba06b27434b12e9449ce194cecfd15a2a984618bfbb0d93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20155
x-xss-protection: 0
google-lineitem-id: 5944509791
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138383843502
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
25545f8df5becf54e5054b470f0cc97e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9976 0
0 61ms
47ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://25545f8df5becf54e5054b470f0cc97e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:16:37 GMT
expires: Tue, 11 Apr 2023 17:16:37 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6D44 0
0 69ms
69ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstCSC9v4KmQ49b4-ztQoxIc8ghZ_saAVd83kx-xpCysDe4rmORnIZfJWl6pmJy7Wga2s7M9I9TYzMtAnUK0cJ3_wEJd1EVywuGPfUQmatacB_DBMgzE_pOyO18xvVtrotoJMKECCZyuN6UBIQyK85mOTqoNcrlVFSb3at9O9OAYrEWmBt1eM5O-75AFUU7aTjPx9HTsNwuhU1gkBjeCh-GRjD9A4J2RvMelKGrLC5q4baXTs1-T02P4zBjoAZxQLu5L0-PiGiX_qOuMzoXkjdDA5le_mdo5P7TcY56LUuY4ZJ3c39GT37VrpYU&sai=AMfl-YRQmcuyGroda-Cz3XfqVyj1Bczkmslwrsv6S2sJz2zXJ-HEj3RV4-BH8Oae3F4TOqX4fwh4r_p4Q2Ay2MZCx2KQUeeJfamEXB7deUC4&sig=Cg0ArKJSzFiEwxC_nxJyEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5CD0 0
0 69ms
69ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvU-l-elBcoMT5WlDViQju43ZXcjR6MJx37fQhammalFfTyfLbhdvWs6P0q8IFCzdOGj98Q0iqTjOwfOGho9M6ZNjl5Yj48kwi7H__asUVbPIt8_m-V3PSzxjyK4cYxJO8nKy2eVJyrFXgt1qtFDh39boCKx2OSZ0Wo_Xs6uwBUQtdNjai2LRXmPGhVZ61g2UwK5UjE74gRa2iTOAL2unyVuHx5UO_CGjBRWoZ1QzeY7FxV0ZAcQQ4eUu6dtSyw6ecj65FPkUy0C9Z1twBBlKUS1L_Z3b4jGGoSevybWAFrIhi3qwPxVJdDIWOqc_B5YaY&sai=AMfl-YRlgz41-fJfRyMxF8MOnH2xUcdlbP_cF9btrCadvoCwDy59hoJBQEGOqwk5SSCMg1vlBnnlIxHrsIftWwGZAFOhp8zgoF_YO_ObK_BuBhT2dk1SuR2zm0nUpKQmLMID&sig=Cg0ArKJSzJeIc_cfvMpeEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 0049 107 B
122 B 55ms
55ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 0049 107 B
122 B 53ms
53ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0049 51 KB
20 KB 97ms
97ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2531004075779497&correlator=280799370291594&eid=31063377%2C31067023%2C31067026&output=ldjh&gdfp_req=1&vrg=2022040701&ptt=17&impl=fif&iu_parts=18430785%2CCyberScoop_Cat_Art_Bottom_980x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=980x250%7C970x250%7C728x90%7C970x90&ifi=1&adks=3048910702&sfv=1-0-38&ecs=20220411&fsapi=false&prev_scp=position%3Dbottom%26categories%3Dthreats%26Tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&sc=1&cookie=ID%3Dcd6132755c65c14d-2249681c74cd00d8%3AT%3D1649697397%3AS%3DALNI_MY1GT-ZWT-3Am0_NEOchLio7gX6ZA&cdm=www.cyberscoop.com&abxe=1&dt=1649697397852&lmt=1649697397&dlt=1649697397628&idt=206&biw=1600&bih=1200&isw=980&ish=250&adxs=0&adys=3374&ucis=68q046dl1ltu&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fwww.cyberscoop.com%2Fadvertising%2F%3Fid%3Dbillboard%26position%3Dbottom%26parent_id%3Dad-KYv6hV90ia-billboard%26category%3Dthreats%26tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&ref=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&top=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&frm=23&vis=1&scr_x=0&scr_y=0&psz=980x250&msz=980x-1&fws=256&ohw=0&ea=0&ga_vid=971407664.1649697397&ga_sid=1649697398&ga_hid=543534709&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

d1516267f5a6ea176d78b81d83efd6ef2df9981c746cb0d05db536a162a29397

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20630
x-xss-protection: 0
google-lineitem-id: 5980680458
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138387850311
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
6a35763cb171b771b1d17407e9702dbf.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B4A6 6 KB
3 KB 61ms
46ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6a35763cb171b771b1d17407e9702dbf.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:16:37 GMT
expires: Tue, 11 Apr 2023 17:16:37 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 905B 107 B
122 B 47ms
47ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 905B 107 B
122 B 48ms
48ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 905B 51 KB
20 KB 91ms
91ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1297824338914498&correlator=2425019181971590&eid=31065847%2C31066961&output=ldjh&gdfp_req=1&vrg=2022040601&ptt=17&impl=fif&iu_parts=18430785%2CCyberScoop_Article_Left_Rail_300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=1&adks=4064999910&sfv=1-0-38&ecs=20220411&fsapi=false&prev_scp=position%3Dstatic%26Tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk%26categories%3Dthreats&sc=1&cookie=ID%3Dcd6132755c65c14d-2249681c74cd00d8%3AT%3D1649697397%3AS%3DALNI_MY1GT-ZWT-3Am0_NEOchLio7gX6ZA&cdm=www.cyberscoop.com&abxe=1&dt=1649697397870&lmt=1649697397&dlt=1649697397598&idt=265&biw=1600&bih=1200&isw=310&ish=250&adxs=983&adys=1340&ucis=8ase8mte9pev&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fwww.cyberscoop.com%2Fadvertising%2F%3Fid%3Darticle%26position%3Dstatic%26category%3Dthreats%26tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&ref=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&top=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&frm=23&vis=1&scr_x=0&scr_y=0&psz=310x250&msz=300x-1&fws=256&ohw=0&ea=0&ga_vid=971407664.1649697397&ga_sid=1649697398&ga_hid=971625844&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

3433916e194f9b69f192b3b157656c87e84e3062b3a00caf10188612550103c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20140
x-xss-protection: 0
google-lineitem-id: 5980680458
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138388341709
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
f4c3b1a256be7aa05a907a2640858998.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8A0C 6 KB
3 KB 63ms
46ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f4c3b1a256be7aa05a907a2640858998.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:16:37 GMT
expires: Tue, 11 Apr 2023 17:16:37 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 802B 107 B
122 B 49ms
49ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 802B 107 B
122 B 48ms
48ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.cyberscoop.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 802B 0
442 B 162ms
74ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_paw&pvsid=2040315316652528&vrg=2022040701&nw_id=18430785&nslots=1&eid=31067023%2C31067029%2C31061829%2C21065724%2C31064019&pub_url=https%3A%2F%2Fwww.cyberscoop.com%2Fadvertising%2F%3Fid%3Dleaderboard%26parent_id%3Dad-ruX3FXOYPk-leaderboard%26categories%3Dthreats%26tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&sig=0&req=0&req_cnt=1&dm=8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 802B 20 KB
9 KB 79ms
79ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2040315316652528&correlator=1205782366063568&eid=31067023%2C31067029%2C31061829%2C21065724%2C31064019&output=ldjh&gdfp_req=1&vrg=2022040701&ptt=17&impl=fif&iu_parts=18430785%2CCyberScoop_Article_Leaderboard_970x90&enc_prev_ius=%2F0%2F1&prev_iu_szs=980x250%7C970x250%7C728x90%7C970x90&ifi=1&adks=13849420&sfv=1-0-38&ecs=20220411&fsapi=false&prev_scp=Tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&sc=1&cookie=ID%3Dcd6132755c65c14d-2249681c74cd00d8%3AT%3D1649697397%3AS%3DALNI_MY1GT-ZWT-3Am0_NEOchLio7gX6ZA&cdm=www.cyberscoop.com&abxe=1&dt=1649697397888&lmt=1649697397&dlt=1649697397637&idt=244&biw=1600&bih=1200&isw=1600&ish=150&adxs=0&adys=170&ucis=jek0ci6exjw6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fwww.cyberscoop.com%2Fadvertising%2F%3Fid%3Dleaderboard%26parent_id%3Dad-ruX3FXOYPk-leaderboard%26categories%3Dthreats%26tags%3Dblackcat%252Ccolonial-pipeline%252Cdarkside%252Cfin7%252Cmandiant%252Cmaze%252Cransomware%252Cryuk&ref=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&top=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&frm=23&vis=1&scr_x=0&scr_y=0&psz=1600x150&msz=970x-1&fws=0&ohw=0&ga_vid=971407664.1649697397&ga_sid=1649697398&ga_hid=1997164241&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

f6e20df425f54d8401412c434251747ab0a221b7dd5c08f55470148267073ada

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9168
x-xss-protection: 0
google-lineitem-id: 5978757319
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138387680889
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.cyberscoop.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3BB1 0
0 61ms
46ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:16:37 GMT
expires: Tue, 11 Apr 2023 17:16:37 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2F5A 0
0 67ms
67ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsveZI7_Vzb0akab-VDQV-rWsOnjhsqXuzYOYAoSuEhF_3oBHOMxH1qbkTVLXAtI0_eZ8KxGCuGBQse3M13jpk6oW3HmDVmQDwhbfZSAVFnA6DVPMG4N10EnMxoIfQfTzzI4SxdUkD7VrhSSK9Z90gKEjPEPKAdf3OJSmtwDQJtGsJfCWg27xWyd-_9FBHmId3ZLDcmH5b4MWkc7qLy46ER5oxEd3UADCbbdM_N2SVZmEhJgFy-8KrUz_qymvdQqUfTjgmP3gc5_j0tIDwwtS0Ur-SOd8MjBsxIi3Y9zM9bHzk8NzdlQ94mjDtBzIwjdRiJ8wbouiwfOSuwU&sig=Cg0ArKJSzLz_Ymnp7djyEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame 2F5A 19 KB
8 KB 90ms
41ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:14:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
server: cafe
etag: 3330746967810570135
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:14:36 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 2F5A 3 KB
1 KB 177ms
129ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:14:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:14:37 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2F5A 119 KB
36 KB 64ms
64ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649247338736001"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:16:37 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2F5A 0
0 96ms
47ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT8YllnD1mpHVkh4-1lSZ9436d-noe5tvvIwGuZFfOjB-EC3agKHqmiXu_EUIPfcG1E7a0yejq0aC9LUvyyrzb4HwFLdg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 15653601486498292857
tpc.googlesyndication.com/simgad/ Frame 2F5A 37 KB
37 KB 99ms
51ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15653601486498292857

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

986378981490df7cae6b96a791c2e93a0a01a0c4f0e0338133aa597bbedea295

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 05 Apr 2022 19:39:30 GMT
x-content-type-options: nosniff
age: 509827
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37717
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 15:18:19 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 05 Apr 2023 19:39:30 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0049 14 KB
11 KB 150ms
64ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022040701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

338c877fb680e7689e5d6c50a91e68339f36f6f3b67c66b85a4ceb2ef8ebec6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10757
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 905B 14 KB
11 KB 133ms
54ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022040601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0cdcc8aaab25a31b97dd5392b7ecdae22225ef2504d82c3f7f50e156c16e09ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10680
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 792D 0
0 68ms
68ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuOlGjkEfAiCOluDUEcR44JnIf6DId_JeACw4Xdcy_K8svEMXpJGkoPbLjKTkg7Aa1q8wFWzzqP80lZxU2hUt7Vmbu_d25dOTf334-_hWC278YZBXqrEfzhxKC1BHoJN0WqzolCs3LTIFS6Kzdk7O4kW6ZBpBqJFs1wyNQjNy_aHqlIDcvywK2cRGwCz_eYP2ekvmr_NdcDncUedX6sFy5kY2aItFPiBGmjnYkl2vtj4-Ns0Db8VNvpYNRP8svnyrPslpbht5NVb2DAqok9LG-VYyGA45YRp1muK3eGHL87HYJa6vV83pOz_fxZjM51RV126AK8uSB12wLEsE8W85fs&sig=Cg0ArKJSzLnRizbti7rPEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame 792D 19 KB
8 KB 47ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:14:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
server: cafe
etag: 3330746967810570135
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:14:36 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 792D 3 KB
1 KB 136ms
128ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:14:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:14:37 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 792D 119 KB
36 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649247338736001"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:16:38 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 792D 0
0 56ms
48ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSKcfSLx7u_X6X-AH0pJvESkUipgbuVey9XFL5oPvFG7T4QwbQ7IkJPj6nrsgCzAD4q1_XovAxHIDu3P3YYe8it9r-31g
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 5138957994333475136
tpc.googlesyndication.com/simgad/ Frame 792D 81 KB
81 KB 74ms
67ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5138957994333475136

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c8e8a58e6941ad55e1c095ed8e91a8db95a9a98e3586318ccff7146c932b37d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 08:36:23 GMT
x-content-type-options: nosniff
age: 31214
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 82544
x-xss-protection: 0
last-modified: Fri, 08 Apr 2022 15:30:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 11 Apr 2023 08:36:23 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 203F 0
0 69ms
68ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuwbpmV5sLhlkv24VhswvtJ54Ko4z7D3rM1kWhmB635T2tTQFsd1Fa-Ps3rSAkjNP3C6x0Z-_sqfbWGL-bckmSqB960p3-PVzEIF6cDkp1d6XGnMH0rrRCyCbZfbPFlzV_T5E-RaUrCzClkYXk9B5qQFjC_GqfkJZJMdZdpdMLvmomqZjqj9tdHXyTKCrXu-doE6Tnxp1edEzWiiblmX0dnUyPOK6H-9_JxD9-n2ktfNiqWhJcwhNgUPoJhdP1ziOXQ5U0rHs2CsA3icdCRBVrixrS_yMiPxPlYIxprgkVtY0NJ-Wk27YBzSnRmuNrgsNY2gLBUcvby6-75-95Q6YZxkdJK&sig=Cg0ArKJSzAvRi-VpT_EjEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/ Frame 203F 19 KB
8 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:14:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8000
x-xss-protection: 0
server: cafe
etag: 3330746967810570135
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:14:36 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/ Frame 203F 3 KB
1 KB 118ms
118ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220406/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:14:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:14:37 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 203F 119 KB
36 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649247338736001"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:16:38 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 203F 0
0 47ms
47ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRn4cEnt_ioUPqN1OSdXXGtz1BoBZRD556v6HRF9o2eNQ_sIsqoaJNidyjRYirlo2CCR0PX0n4rhZR3gMyfArIuBwjbaA
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 8466634803301479601
tpc.googlesyndication.com/simgad/ Frame 203F 121 KB
121 KB 118ms
118ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8466634803301479601

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e10ddb1f8c51f2fadaafc4d5bceab61b3c7c3c543d82d26e9e7874d749dcc02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 06:06:53 GMT
x-content-type-options: nosniff
age: 40184
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123718
x-xss-protection: 0
last-modified: Fri, 08 Apr 2022 15:21:25 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 11 Apr 2023 06:06:53 GMT

GET
H3 200 container.html Show response
8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7D31 6 KB
3 KB 88ms
40ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:16:37 GMT
expires: Tue, 11 Apr 2023 17:16:37 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2F5A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: efb5246da9510c7825355c24516fe174bb3b030f83b6b9ee641b8ab26a76039f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 792D 0
0 67ms
67ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstdbS3N2VU7kLyp7ur_ZRoVtt_stQj7Z6qidCurkXm0D_-oHZbBwg3rlV9BX8kkHnz6fsifzQHLkKmk7m2-TIYN31wLm_b7FMqdvQMpZkcfYADLXp1wXvmhs6M8I9egZ3DbH9lMCgOkWm8KsMsGzK24dehFTiyAa624QqfC1BMfmRgR6Pgctu8AuXyP73MkHjbeaqyqviFMcCxeTK_TbuNJzJ3eD156Zlq5iJznpskDosv7KutPTNcLdpPiYC8cAcGuQx6vuMoIcDaCSoS6mMvuTfXFThRBEaRJiEdaUkm_mD_etRtR8FuclVgaSt7iCIMQkC3YD_z5jp08l9TlI5IG5oA&sig=Cg0ArKJSzGTt1DgGGm3TEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:16:38 GMT

GET
DATA 200
OK truncated
/ Frame 792D 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0ede7b5b1d37c7b1777edf22e87ce41bdf62243df9f3f4548a27af7daa5392f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 203F 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9f43b1d680f30f094882c6346709b029abc8c5e87376839089727001ecfce7f8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 / Show response
www.facebook.com/tr/ Frame D156 0
18 B 16ms
7ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.cyberscoop.com
Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.cyberscoop.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:16:38 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 905B 17 KB
6 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:16:38 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2F5A 0
0 69ms
68ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssRwtWbKNrvU1_F4_n_eESZcYohnNaYsC3SRtjh7QGxQ4d3Av49StZFFtBdcs4udxnzm9QVpWrE-AoOcn7D9SUniFOayM-F4II_TvCXwfk2cUWxECUqXceIVtMKWvt62sRnKuE5tnWDoAhYHJaVhJ3J44WOZbxnT2Z2__CffM9XaWUsbrwy6wrikPm8jOkR-BgAFfLJzNJue8VnKrdtKgiRE30I7LY8pN3xFiNBdzR19xWkDDvBwSl4KI_snlNO3IRSKGsMVgYPS_TURW85nOL7dQPwr0hOdWTH-Zx6dc_bH2YTZpmOviUylYzYebc2yPLx_VbUP2GeR9TxXAU&sig=Cg0ArKJSzPrThl1s484EEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:16:38 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 7D31 22 KB
7 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com
URL: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 08:13:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32618
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 11 Apr 2023 08:13:00 GMT

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 7D31 24 KB
9 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com
URL: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54a939394825575b171c8150a8da84dc9684f6a722835ffbfab7ab132032cec5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:13:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 218
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9367
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:04:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 11 Apr 2022 18:13:00 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7D31 119 KB
36 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com
URL: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649247338736001"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:16:38 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0049 17 KB
6 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:16:38 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame EF7C 14 KB
10 KB 100ms
54ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022040601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55e7864297779971c44154c07c4a9bdaa7b2cf1a142240280be0047bdef8b223

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10587
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7D31 0
0 67ms
67ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv0J63Nd56DQxiJk3opL4mPrjxJ5ogHsYpaNgZWzd4e3mndVQvFYiGlXNOKA9N70vWnBg_lEs_6DDHB3TeRAtxGzaogP9IqGuD-PDELtdYlHy8PMv0wR2soVoTrJgjsnOCaSx1R21ZGQIJqHIJbIAoSnxbvtvQpsDgMNUEodLxYz_JiLC7tuIDf1llFxLaaTj7oHiahC9BYx-vMwVB9Z75b2kHATv6Zkhbi0puNI8xmXmoUb_d8GWBkEKIjwBR1eVJZ4GWgKq3cGuBN00_3UBE2YNmj766JOPPOpm2VnBASleQXIasazIubsEqkraaNJ-PwUJR9kCF8UyGykFqZ99h0TFNTIw&sig=Cg0ArKJSzCHxfar0mPxREAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com
URL: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 impl_v85.js Show response
www.googletagservices.com/dcm/ Frame 7D31 42 KB
17 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v85.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 08:13:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32617
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17382
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 17:13:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 08:13:01 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 203F 0
0 67ms
67ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvgEYDINpUvi-iHUh0DlZD2UA2GJwkg-k2SBNRQOZ0LxowE-3wGRQ0XgYOcp_AvXbLyipPzPfvXQ-HBroG0NIjXe8bVAnb9EYBaPeXVNHwSc183XHCvJwpxuT-KAp7LxpxUQibylyKj5FmV2RUboq-ahESFNPs-7EWw1dO3SzzE_ucc0MQqfFjibH9IbiUKGh7WAPl8CokyIOWXXqEamipboseuhq2h_SwnsXUrNbynWO0mg1h-3Z8kYg18SQiKCz9Hbkc17kXw_zQzVakRCziZQH2HX6K-lYHFF4Egh3lHreTdmMMh0fpJlYFUKrUqjgddEujANNOsMA5AgAUbCWpPKlKCdhY&sig=Cg0ArKJSzH9kbsPHpuOcEAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:16:38 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BF3B 13 KB
5 KB 39ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 180
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:13:38 GMT
expires: Tue, 11 Apr 2023 17:13:38 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AE40 783 B
535 B 51ms
51ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

95bd18e861348f711aaa90cae1aa02bef40782501e238f2f688cd4a9c904bea1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ab6KGIoFQ2TqpUAI0GpEJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-ab6KGIoFQ2TqpUAI0GpEJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:16:38 GMT
expires: Mon, 11 Apr 2022 17:16:38 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E385 13 KB
5 KB 39ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 180
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:13:38 GMT
expires: Tue, 11 Apr 2023 17:13:38 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame FA83 783 B
533 B 50ms
50ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

330a33f161d4784af35b77dac190fcf56057926413b4ef01911da1571b092047

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hISo+oP+LSxYTFba6ucNfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-hISo+oP+LSxYTFba6ucNfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:16:38 GMT
expires: Mon, 11 Apr 2022 17:16:38 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 B27401599.330983427;dc_ver=85.249;sz=970x250;u_sd=1;u=u%3Dtv2_pai~dc_imi~_dsp~_bid~;dc_adk=2711260096;ord=s6bplv;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv8QspVy-fr... Show response
ad.doubleclick.net/ddm/adj/N2998.138004FEDSCOOP.COM/ Frame 7D31 60 KB
26 KB 150ms
64ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N2998.138004FEDSCOOP.COM/B27401599.330983427;dc_ver=85.249;sz=970x250;u_sd=1;u=u%3Dtv2_pai~dc_imi~_dsp~_bid~;dc_adk=2711260096;ord=s6bplv;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv8QspVy-friL_OI8lLefWRWc0QUs7ylnIwxh56QBa8ORtUOf5qft_JfFgO9Te3pjkw4LiMT1xva_5_mo63_j9TwehMKMmu1JUHtuRS0hU_95tV7vLrQWUsMyuhVAoelwyPHAwRbaL8z29YDab-xHLJpBfLWyIWF-GOGS5EMHu8F-fRn1v-q5XrHNLShUXW7G0dTr03aPOsCyBKSnGIcGJMLVffSBCF4fvTIDOy8zQJNx3WxQlghMLH1D0FMkuXVK9DkxAbFt65ZSWmKBN7TeV193mP8yQ6Zr_CJ207_Ho6vEV0Eued2uweiZsXeaCaM7KsUhWW2f0NcxhZqtZgQDUkog%26sig%3DCg0ArKJSzBS0_8Iu9q5XEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=2,https%3A%2F%2Fwww.cyberscoop.com$2,https%3A%2F%2Fwww.cyberscoop.com%2F$0;xdt=1;crlt=YiZvs8Osjd;sttr=55;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v85.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

6131769e08ca1b65193c7c4000920c9eee716e12b8f54eba7e5326b019745745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26543
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame EF7C 17 KB
6 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:16:38 GMT

GET
H3 200 yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js Show response
pagead2.googlesyndication.com/bg/ Frame BF3B 35 KB
13 KB 88ms
41ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f452a67982ee40951db3f91c960684568202756b3a36038528e1abb1a913f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 05:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41803
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13627
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 05:39:55 GMT

GET
H3 200 yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js Show response
pagead2.googlesyndication.com/bg/ Frame E385 35 KB
13 KB 85ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f452a67982ee40951db3f91c960684568202756b3a36038528e1abb1a913f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 05:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41803
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13627
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 05:39:55 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AE40 0
0 138ms
92ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022040601&jk=1297824338914498&rc=
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame FA83 0
0 149ms
104ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022040701&jk=2531004075779497&rc=
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7396 13 KB
5 KB 39ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 180
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:13:38 GMT
expires: Tue, 11 Apr 2023 17:13:38 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9BF6 783 B
534 B 49ms
49ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

dbcdc26541641257f4b81f00d507c5f6a78ba59212ce3d8cdaa7b889bfb9f7a1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1SwbAJsSRh3c7RkwGSSGeg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-1SwbAJsSRh3c7RkwGSSGeg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:16:38 GMT
expires: Mon, 11 Apr 2022 17:16:38 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js Show response
pagead2.googlesyndication.com/bg/ Frame 7396 35 KB
13 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f452a67982ee40951db3f91c960684568202756b3a36038528e1abb1a913f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 05:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41803
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13627
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 05:39:55 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9BF6 0
0 87ms
87ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022040601&jk=4273016630362020&rc=
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/982525/62068902/ Frame 7D31 46 KB
12 KB 116ms
29ms Script
application/javascript 52.213.82.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/982525/62068902/skeleton.js
Requested by: Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N2998.138004FEDSCOOP.COM/B27401599.330983427;dc_ver=85.249;sz=970x250;u_sd=1;u=u%3Dtv2_pai~dc_imi~_dsp~_bid~;dc_adk=2711260096;ord=s6bplv;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv8QspVy-friL_OI8lLefWRWc0QUs7ylnIwxh56QBa8ORtUOf5qft_JfFgO9Te3pjkw4LiMT1xva_5_mo63_j9TwehMKMmu1JUHtuRS0hU_95tV7vLrQWUsMyuhVAoelwyPHAwRbaL8z29YDab-xHLJpBfLWyIWF-GOGS5EMHu8F-fRn1v-q5XrHNLShUXW7G0dTr03aPOsCyBKSnGIcGJMLVffSBCF4fvTIDOy8zQJNx3WxQlghMLH1D0FMkuXVK9DkxAbFt65ZSWmKBN7TeV193mP8yQ6Zr_CJ207_Ho6vEV0Eued2uweiZsXeaCaM7KsUhWW2f0NcxhZqtZgQDUkog%26sig%3DCg0ArKJSzBS0_8Iu9q5XEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=2,https%3A%2F%2Fwww.cyberscoop.com$2,https%3A%2F%2Fwww.cyberscoop.com%2F$0;xdt=1;crlt=YiZvs8Osjd;sttr=55;prcl=s
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.213.82.127 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-213-82-127.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 012bbc64c81bed052883539347d24f7b03b6df98365d1564101824a8c381d077

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/elements/html/ Frame 7D31 8 KB
3 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220406/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N2998.138004FEDSCOOP.COM/B27401599.330983427;dc_ver=85.249;sz=970x250;u_sd=1;u=u%3Dtv2_pai~dc_imi~_dsp~_bid~;dc_adk=2711260096;ord=s6bplv;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv8QspVy-friL_OI8lLefWRWc0QUs7ylnIwxh56QBa8ORtUOf5qft_JfFgO9Te3pjkw4LiMT1xva_5_mo63_j9TwehMKMmu1JUHtuRS0hU_95tV7vLrQWUsMyuhVAoelwyPHAwRbaL8z29YDab-xHLJpBfLWyIWF-GOGS5EMHu8F-fRn1v-q5XrHNLShUXW7G0dTr03aPOsCyBKSnGIcGJMLVffSBCF4fvTIDOy8zQJNx3WxQlghMLH1D0FMkuXVK9DkxAbFt65ZSWmKBN7TeV193mP8yQ6Zr_CJ207_Ho6vEV0Eued2uweiZsXeaCaM7KsUhWW2f0NcxhZqtZgQDUkog%26sig%3DCg0ArKJSzBS0_8Iu9q5XEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=2,https%3A%2F%2Fwww.cyberscoop.com$2,https%3A%2F%2Fwww.cyberscoop.com%2F$0;xdt=1;crlt=YiZvs8Osjd;sttr=55;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:15:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Apr 2022 17:15:55 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7D31 0
575 B 168ms
68ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuRPLepvx5A6yY1YKs-TI3IVG4jNRXiMpFvZnb7VH6KckOI5KtBQecvgSmOKdwPa3xDWfaThhtKn8TXF4LAQCAWqU66NkOj3Ie_AxIOCOLp2a8lj_zR7nWwTF_ngWnR6PLwKWSBCC0haPWcovPinMeO1r8zecg&sig=Cg0ArKJSzLS66dUHSmzEEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220406.89326&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 7D31 47 KB
13 KB 115ms
31ms Script
application/javascript 34.243.58.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=925175&adsafe_par&uId=u=tv2_pai~dc_imi~_dsp~_bid~&advId=9847203&campId=27401599&pubId=6067357&chanId=169312970&placementId=330983427
Requested by: Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N2998.138004FEDSCOOP.COM/B27401599.330983427;dc_ver=85.249;sz=970x250;u_sd=1;u=u%3Dtv2_pai~dc_imi~_dsp~_bid~;dc_adk=2711260096;ord=s6bplv;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv8QspVy-friL_OI8lLefWRWc0QUs7ylnIwxh56QBa8ORtUOf5qft_JfFgO9Te3pjkw4LiMT1xva_5_mo63_j9TwehMKMmu1JUHtuRS0hU_95tV7vLrQWUsMyuhVAoelwyPHAwRbaL8z29YDab-xHLJpBfLWyIWF-GOGS5EMHu8F-fRn1v-q5XrHNLShUXW7G0dTr03aPOsCyBKSnGIcGJMLVffSBCF4fvTIDOy8zQJNx3WxQlghMLH1D0FMkuXVK9DkxAbFt65ZSWmKBN7TeV193mP8yQ6Zr_CJ207_Ho6vEV0Eued2uweiZsXeaCaM7KsUhWW2f0NcxhZqtZgQDUkog%26sig%3DCg0ArKJSzBS0_8Iu9q5XEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=2,https%3A%2F%2Fwww.cyberscoop.com$2,https%3A%2F%2Fwww.cyberscoop.com%2F$0;xdt=1;crlt=YiZvs8Osjd;sttr=55;prcl=s
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.58.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-58-169.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3fd2f6aa88a9cb00ea4b575b5acdaaf4ee8e36736553fdccaaa7c17c861ef795

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame 7D31 28 KB
8 KB 324ms
241ms Script
text/javascript 65.9.96.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=moxie01&aid=moxie_verizon01&cid=27401599&js=st0
Requested by: Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N2998.138004FEDSCOOP.COM/B27401599.330983427;dc_ver=85.249;sz=970x250;u_sd=1;u=u%3Dtv2_pai~dc_imi~_dsp~_bid~;dc_adk=2711260096;ord=s6bplv;click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv8QspVy-friL_OI8lLefWRWc0QUs7ylnIwxh56QBa8ORtUOf5qft_JfFgO9Te3pjkw4LiMT1xva_5_mo63_j9TwehMKMmu1JUHtuRS0hU_95tV7vLrQWUsMyuhVAoelwyPHAwRbaL8z29YDab-xHLJpBfLWyIWF-GOGS5EMHu8F-fRn1v-q5XrHNLShUXW7G0dTr03aPOsCyBKSnGIcGJMLVffSBCF4fvTIDOy8zQJNx3WxQlghMLH1D0FMkuXVK9DkxAbFt65ZSWmKBN7TeV193mP8yQ6Zr_CJ207_Ho6vEV0Eued2uweiZsXeaCaM7KsUhWW2f0NcxhZqtZgQDUkog%26sig%3DCg0ArKJSzBS0_8Iu9q5XEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=2,https%3A%2F%2Fwww.cyberscoop.com$2,https%3A%2F%2Fwww.cyberscoop.com%2F$0;xdt=1;crlt=YiZvs8Osjd;sttr=55;prcl=s
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-20.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 977170a0e3964a633c513391294624781d984e4c749e50e058979388d699d7cc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
server: nginx
x-amz-cf-pop: PRG50-C1
vary: Accept-Encoding, Origin
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 f3303a5632dc925c26253530523fa328.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 8074
x-amz-cf-id: dKenPaWQdPlQ7B7qhueV_W6DaeGQXBFQEg6DiIdQZMqehcq6Uqf9AQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7D31 41 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 08:13:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32615
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Apr 2023 08:13:03 GMT

GET
H2 200 CS_970X250_BS_PBS_RC_TRGTFED_SC_FED_SA_FED_LG_ENG_TI_NTRD_CM_MNGSRV_CV_MNGSRV_OF_NA_OD_NA_OV_NA_OP_NA_FM_STTB_TL_NO_PA_FEDSCOOP_FF_V1.jpg
s0.2mdn.net/9847203/ Frame 7D31 42 KB
43 KB 182ms
67ms Image
image/jpeg 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9847203/CS_970X250_BS_PBS_RC_TRGTFED_SC_FED_SA_FED_LG_ENG_TI_NTRD_CM_MNGSRV_CV_MNGSRV_OF_NA_OD_NA_OV_NA_OP_NA_FM_STTB_TL_NO_PA_FEDSCOOP_FF_V1.jpg

Requested by

Host: 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com
URL: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65e53b8ee6e85a11d1727d8783b3b87e2b28c1cb007b168c4f33f9bf5fc984ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43090
x-xss-protection: 0
last-modified: Wed, 06 Apr 2022 00:37:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 12 Apr 2022 17:16:38 GMT

GET
H/1.1

200
OK

firstevent
verizon.demdex.net/ Frame 7D31
Redirect Chain

https://verizon.demdex.net/event?d_event=imp&d_src=125851&d_site=6067357&d_creative=169312970&d_bu=9847203&d_placement=330983427&d_campaign=27401599
https://verizon.demdex.net/firstevent?d_event=imp&d_src=125851&d_site=6067357&d_creative=169312970&d_bu=9847203&d_placement=330983427&d_campaign=27401599

42 B
951 B

45ms
45ms

Image
image/gif

54.154.124.119
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://verizon.demdex.net/firstevent?d_event=imp&d_src=125851&d_site=6067357&d_creative=169312970&d_bu=9847203&d_placement=330983427&d_campaign=27401599

Requested by

Host: 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com
URL: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Server

54.154.124.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-124-119.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v030-091762659.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Pbbf16FpQZY=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v030-0b54c1326.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: BstlhAYLTss=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://verizon.demdex.net/firstevent?d_event=imp&d_src=125851&d_site=6067357&d_creative=169312970&d_bu=9847203&d_placement=330983427&d_campaign=27401599
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
DATA 200
OK truncated
/ Frame 7D31 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0c7028a7110404e873d2a4a776bfcf70e60a7b4a8259133dde9d409d532be4b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame BF3B 0
9 B 39ms
38ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?eC1ufg
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 51C7 22 KB
8 KB 39ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 32615
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 08:13:03 GMT
expires: Tue, 11 Apr 2023 08:13:03 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame E385 0
9 B 39ms
38ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?4mHkhw
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 main.gr.19.8.299.js Show response
static.adsafeprotected.com/ Frame 7D31 189 KB
60 KB 95ms
22ms Script
application/javascript 2600:9000:2093:5600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.299.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/982525/62068902/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2093:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 86a676d25a23c478b5064a3f6d9275179f67de2bbebe1bfa842719f73658650a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 07 Mar 2022 20:37:01 GMT
content-encoding: gzip
age: 3011978
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 01 Mar 2022 19:11:01 GMT
server: AmazonS3
etag: W/"587738d3e44b43a2620f42eb51d89fbf"
vary: Accept-Encoding
x-amz-version-id: kp2GPcLunARmvxyYiu0RKpd0_UaoR.nW
via: 1.1 04545073f97f94a6b7b4580892eff70c.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: HAM50-C1
content-type: application/javascript
x-amz-cf-id: hAqYirGiGwO2VaOPbNCSqqWbA9ig8qhdxSzlg5kHX53s-e_GuRnm2w==

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7396 0
9 B 39ms
38ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?w4Nicw
Requested by: Host: www.cyberscoop.com
URL: https://www.cyberscoop.com/fin7-ransomware-mandiant/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 204 unip Show response
trc-events.taboola.com/1035174/log/3/ 0
249 B 73ms
15ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1035174/log/3/unip?en=pre_d_eng_tb&tos=1582&scd=30&ssd=1&est=1649697397013&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1649697398594&mrir=u&vi=1649697397011&ref=null&cv=20220410-1-RELEASE&item-url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/fedscoop-sc/tfa.js?ver=5.9.3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: https://www.cyberscoop.com
pragma: no-cache
date: Mon, 11 Apr 2022 17:16:38 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H3 200 UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js Show response
pagead2.googlesyndication.com/bg/ Frame 51C7 35 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/UUQTj9cPGsMVMqvEOxLdokHV79mACYo3jc0rpEwmHZs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5144138fd70f1ac31532abc43b12dda241d5efd980098a378dcd2ba44c261d9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 11:03:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22402
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13701
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 11:03:16 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7D31 0
26 B 110ms
69ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7D31 0
0 67ms
67ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst9MZ67PRicEjUTt_e5RnG5VL2mmGMUiqtjqmYNBLZHQBDsQY7PvDbILaCD-K4A4zX2wZSqHM09UrpJsmc0nlQdE9HEaNcW5VY8mTgTs9YxioCCD4VfsXEjHRiTd7KNG7aidjICQESUl_hwkKXgZLpa5tZ9rU3YBdze6biZcYUiE0zvr4maNCLSFC-SDy9zcF91YCj_f7UywfsEtGLpuH0BGZyquaab5i1ETyFrkt-YBKvyT0-3HQGyoJY41lkVf3oPdVSJLOVy7KfD7kWBzpwaZEftdJ-vGfjAK1p-kkKib6hnkx6-JXHCkGwpPYSKep6Nx1qUz5Be0YdQzJa70CcZiv3SsAw2&sig=Cg0ArKJSzM5sEp3v3EttEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 11 Apr 2022 17:16:38 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 802B 14 KB
10 KB 52ms
52ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022040701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0537aa91d8b773926810a33f2c96957c1924ac6282f5398b3c09d3bef8467c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10693
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 52ms
52ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022040601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7715e4aea326ae75ad1c9eae24a3764f9941afbd652e58ab89bb500cccbfaa70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10636
x-xss-protection: 0

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
554 B 196ms
164ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=20762415-8082-48f0-b243-36443c93d852&fci=2e9e5e99-77e9-4900-90ff-18902af88c17&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1541009889&v=1.1&a=2153467&rcu=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&pu=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&t=Notorious+hacking+group+FIN7+adds+ransomware+to+its+repertoire+-+CyberScoop&cts=1649697398733&vi=936cb9501b5aa5756c1d8bb9a8bb8604&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: e375c587-a630-410b-b7d3-6c2ef481ed33
cf-ray: 6fa55f0649819be8-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gk4Vo7g6NQzNiDdVEXKs%2FreiOayZeaUrCmOwCaCRNySLNhRmIwvUopF3Vqn3e7hV5AE9nH8Sr5FT%2FxybUHhewvZXHasijpBv5ZWviLzcP64wzZpMN98cb3ciUFDxn1iyQjLgp15NfoGkgr94YIpt"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
968 B 169ms
137ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1541009889&v=1.1&a=2153467&rcu=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&pu=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F&t=Notorious+hacking+group+FIN7+adds+ransomware+to+its+repertoire+-+CyberScoop&cts=1649697398734&vi=936cb9501b5aa5756c1d8bb9a8bb8604&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: fac0f6e6-4507-4786-ab1a-a8f1b0db861c
cf-ray: 6fa55f0649859be8-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fgrerGln8lb%2Fi%2F5CpRgKRi3rXwoPnwNksC0Z7%2FR1Yo70KKf4aIQohXGDtJtyGHvjMieY2aSjLye2zkMg%2FAp3RET5M8Ya3u%2FTU%2FfpxrCtP%2FVujV7xWQwZzZBpUb%2B2luQ2ezKGstLjbx9EJHUSLrie"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 7D31
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/982525/62068902/skeleton.js?adsafe_url=https%3A%2F%2Fwww.cyberscoop.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.cyberscoop.com%2F&adsafe_type=e&adsafe_url=h...
https://static.adsafeprotected.com/skeleton.js

17 B
465 B

20ms
19ms

Script
application/javascript

2600:9000:2093:5600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Protocol: H2
Server: 2600:9000:2093:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
via: 1.1 04545073f97f94a6b7b4580892eff70c.cloudfront.net (CloudFront)
age: 4763915
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
cache-control: max-age=315360000
x-amz-cf-pop: HAM50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: Soy2-xxPhCZZiDO5taAXUXsIv5NPvqfs8Oe5wgH50wnZ-8_a2mUA-Q==

Redirect headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:38 GMT
x-server-name: app15.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame F981 80 KB
21 KB 22ms
21ms Script
application/javascript 2600:9000:2093:5600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com
URL: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2093:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
content-encoding: gzip
age: 4763915
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 04545073f97f94a6b7b4580892eff70c.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: HAM50-C1
content-type: application/javascript
x-amz-cf-id: GXE0qja4lm9iBTDfgtxqV8NTp01C11vyUAOywyiZJx4ECFiiVErxoA==

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 4606 80 KB
21 KB 22ms
21ms Script
application/javascript 2600:9000:2093:5600:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com
URL: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2093:5600:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
content-encoding: gzip
age: 4763915
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 04545073f97f94a6b7b4580892eff70c.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: HAM50-C1
content-type: application/javascript
x-amz-cf-id: JKSeSETlE4chrVAnP9nR0H1lMfBy5K7NePLpNQvcuQK4VwSbe-z3lA==

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame 7D31 43 B
216 B 32ms
31ms Image
image/gif 34.243.58.169
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=925175&adsafe_par&uId=u=tv2_pai~dc_imi~_dsp~_bid~&advId=9847203&campId=27401599&pubId=6067357&chanId=169312970&placementId=330983427&adsafe_url=https%3A%2F%2Fwww.cyberscoop.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwww.cyberscoop.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:724dc5c5-5bf4-4890-81f9-2db6691b15c6,c:9uVxqJ,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-785cc8cc8c-287nl,rg:ie,pt:1-5-15,br:c,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:186,fm:t2Iya9M+111*.925175%7C11111%7C1112%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:IMG.qs,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:191,oid:25be160f-b9bb-11ec-b996-d6fd479582c7,v:19.8.299,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.58.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-58-169.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:38 GMT
x-server-name: app05.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 313ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=724dc5c5-5bf4-4890-81f9-2db6691b15c6&tv=%7Bc:9uVxqK,pingTime:-8,time:192,type:l,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:0,n:192,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:191,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5~1%5D,as:%5B5~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:jload,dtt:0,fm:t2Iya9M+111*.925175%7C11111%7C1112%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt40.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 301ms
97ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=c3b5fa77-aca1-50b9-ab35-a5ce01309aab&tv=%7Bc:9uVxr4,pingTime:-3,time:214,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:970,h:250,t:176%7D,%7Bpiv:0,vs:o,r:l,t:213%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:214,n:213,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:175,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B47~1,0~0%5D,as:%5B47~970.250%5D%7D%7D,%7Bsl:o,t:213,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t2Iya9K+111*.982525-62068902%7C11111%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt45.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 298ms
97ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=c3b5fa77-aca1-50b9-ab35-a5ce01309aab&tv=%7Bc:9uVxr4,pingTime:-6,time:214,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:214,n:213,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:175,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B47~1,0~0%5D,as:%5B47~970.250%5D%7D%7D,%7Bsl:o,t:213,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t2Iya9K+111*.982525-62068902%7C11111%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111*,rmeas:1,rend:1,renddet:IMG.qs%7D&tpiLookup=ao:www.cyberscoop.com*%2Cwww.cyberscoop.com*&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt55.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 802B 17 KB
6 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040701.js?cb=31067023

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:16:38 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 73ms
72ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022040601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Apr 2022 17:16:38 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 296ms
98ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=724dc5c5-5bf4-4890-81f9-2db6691b15c6&tv=%7Bc:9uVxr9,pingTime:-3,time:217,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:970,h:250,t:191%7D,%7Bpiv:0,vs:o,r:l,t:217%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:217,n:217,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:191,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B30~1,0~0%5D,as:%5B30~970.250%5D%7D%7D,%7Bsl:o,t:217,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B0~0%5D,as:%5B0~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:t2Iya9K+111*.925175%7C11111%7C1112%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.c3b5fa77-aca1-50b9-ab35-a5ce01309aab.31_982525-62068902%7C111*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt50.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 294ms
97ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=724dc5c5-5bf4-4890-81f9-2db6691b15c6&tv=%7Bc:9uVxr9,pingTime:-6,time:217,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:217,n:217,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:191,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B30~1,0~0%5D,as:%5B30~970.250%5D%7D%7D,%7Bsl:o,t:217,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:t2Iya9K+111*.925175%7C11111%7C1112%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.c3b5fa77-aca1-50b9-ab35-a5ce01309aab.31_982525-62068902%7C111*,rmeas:1,rend:1,renddet:IMG.qs%7D&tpiLookup=ao:www.cyberscoop.com*%2Cwww.cyberscoop.com*&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt42.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 313ms
105ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=c3b5fa77-aca1-50b9-ab35-a5ce01309aab&tv=%7Bc:9uVxri,pingTime:-2,time:228,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:386,bdZ:524,beA:581,beZ:582,mfA:743,cmA:745,inA:745,inZ:749,prA:749,prZ:753,si:757,poA:757,poZ:768,cmZ:768,mfZ:768,loA:795,loZ:796,ltA:809,ltZ:809%7D%7D,sca:%7Bdfp:%7Bdf:2,sz:970.250,dom:img%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:970,h:250,t:176%7D,%7Bpiv:0,vs:o,r:l,t:213%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:228,n:213,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:175,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B47~1,0~0%5D,as:%5B47~970.250%5D%7D%7D,%7Bsl:o,t:213,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B15~0%5D,as:%5B15~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t2Iya9K+111*.982525-62068902%7C11111%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.724dc5c5-5bf4-4890-81f9-2db6691b15c6.26_925175%7C111*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:IMG.qs,sinceFw:51,readyFired:true%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt58.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 97ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=724dc5c5-5bf4-4890-81f9-2db6691b15c6&tv=%7Bc:9uVxrk,pingTime:0,time:228,type:pf,im:%7Bsf:0%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:970,h:250,t:191%7D,%7Bpiv:0,vs:o,r:l,t:217%7D,%7Bpiv:100,vs:i,r:,t:228%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:228,n:217,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:191,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B30~1,0~0%5D,as:%5B30~970.250%5D%7D%7D,%7Bsl:o,t:217,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B11~0%5D,as:%5B11~970.250%5D%7D%7D,%7Bsl:i,t:228,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B0~100%5D,as:%5B0~970.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:0,fm:t2Iya9K+111*.925175%7C11111%7C1112%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.c3b5fa77-aca1-50b9-ab35-a5ce01309aab.31_982525-62068902%7C111*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt50.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 99ms
98ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=724dc5c5-5bf4-4890-81f9-2db6691b15c6&tv=%7Bc:9uVxrk,pingTime:-2,time:228,type:a,im:%7Bpom:1,prf:%7BbeA:583,beZ:584,mfA:769,cmA:769,inA:769,inZ:770,prA:770,prZ:772,si:774,poA:775,poZ:781,cmZ:781,mfZ:781,loA:800,loZ:801,ltA:811,ltZ:811%7D%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:970,h:250,t:191%7D,%7Bpiv:0,vs:o,r:l,t:217%7D,%7Bpiv:100,vs:i,r:,t:228%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1,o:228,n:217,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:191,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B30~1,0~0%5D,as:%5B30~970.250%5D%7D%7D,%7Bsl:o,t:217,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B11~0%5D,as:%5B11~970.250%5D%7D%7D,%7Bsl:i,t:228,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~100%5D,as:%5B1~970.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:0,fm:t2Iya9K+111*.925175%7C11111%7C1112%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.c3b5fa77-aca1-50b9-ab35-a5ce01309aab.31_982525-62068902%7C111*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:IMG.qs,sinceFw:36,readyFired:true%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt42.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6D44 42 B
64 B 72ms
71ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssJHYZ9tziJAcDrA9IoKJuLbCazGbDY1N1ZOidK9e93NTniNnpNc38PF7SZjUUUQIIhxOtPvQebzMWK_k9wqvfA_GQstfZbKQ1c2bFWBCMS2a_gtnJx&sig=Cg0ArKJSzPQ70PPSC2B0EAE&id=lidar2&mcvt=1012&p=371,480,851,1120&mtos=1012,1012,1012,1012,1012&tos=1012,0,0,0,0&v=20220406&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=113530204&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649697397511&rpt=299&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 51C7 0
20 B 75ms
75ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BGJsodmJUYsCAE8WOjuwP_ayTyAEAAAAAOAHgBAI&bg=!pKelp-PNAAZAkm7qYJI7ACkAdvg8WjNJFdqC4blqMkmSpj9llb31tEpaleDxgf9BjOq0j28nF2uJDgIAAACFUgAAAAJoAQeZAv-IHOpRoB7pBm8dW7scgZUd7lMEm6MW8nx8iv3ahFS4gxhL-B7BLa0G6SW_GLBVDHL9GeVv8y5b_WcVGwjmow3RDIdqa1L0_tPB80CDF6G2fRdFl3l03xJ1NvzPEmZLzF1tEOLZS5CgeE4GY-l6_Q33V3EkXJyp7pH20iQewXCl_jLW5lJcEjMpcLDus-BRcpqSc5O0X_dqRJ4fCfT6kn8ui47BdYZU5GgUxSxTLepx2GDH05YmKbmjasIHvkdLNJofhiAFpnwtSNI-MsftyDZowyiMpBrCFZrPOQ9M-KVlS7mirQRgfhw0Sp4xQYKYlXwcLSepw6Q8QbQptSvI_1O4aOqxp4qoeKbiJiHE6eLztRoJfFGeJrMpUhQsaGi_QEUzO1ge_cwV28_wv3vsgMHi_6GBAWpGb3y9XpREMNkPA_jeBwrEEZ6p3aEINXsKcqAE0sBaS1aIX-ds73wsllqIQ-sizoJ5fVFMzFRUyiyqzFxxmyshiS5W6hTb_Hs4xvB93mABDG6tKSgNSCHZxUZ9L1J-l8WcJAUqjrWMydsSoYiOa33M96D6Rmch8w6jhCT3uFF4lIPwnNo1iv4OXbigc1NrDE2bEPInC2gfVmvgfml9Y5TFuiGGegar_f2zOWI35exE7hzHzpB153BpqK6x4XaYkRtOrb0MCakOAxQuj_QsJQZXbD-3NVJH2dmnV7yEIkDGvBhDwx-riSiFPuyWif0IKk1ioXclUw3PqAJA3twUIrzV0e7SZwzlAwL26orwkuha3mw-bEsgQTC6FHS-_EtxH5ohjIqQGGizsBXSKddvmAUwY9oLhJvb7123xxm0gNfEhODr3iVsitVFT-q7Bdpk0aghAnn-B8uBpLdpc8nT7Y_OyhUMt7Er-2AtWE1yZUBN4F1N_7AAfu5j3pnznqWs1rQccrrZiSCvUaU_-UYTpoEy9RDp_m1uPnumKWQ4Veh4R8fC9MAlObv_fhVxAdlJB7Rkc1jlkuq7J8AWOuNzZdmn7xa6O931WxzzNQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5E41 13 KB
5 KB 39ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 180
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:13:38 GMT
expires: Tue, 11 Apr 2023 17:13:38 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5728 783 B
534 B 49ms
48ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

19acfd475f42bf1c83c58c37035c1e73a98becc9a705d8ded0b991ef640845b1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1lA8RCp/wx4hbn87swG/Fg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-1lA8RCp/wx4hbn87swG/Fg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:16:38 GMT
expires: Mon, 11 Apr 2022 17:16:38 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 97ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=c3b5fa77-aca1-50b9-ab35-a5ce01309aab&tv=%7Bc:9uVxsh,time:289,type:e,im:%7Bimprf:%7Bttecl:451,ecd:65,tsecr:15%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:60,o:229,n:213,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:175,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B47~1,0~0%5D,as:%5B47~970.250%5D%7D%7D,%7Bsl:o,t:213,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B16~0%5D,as:%5B16~970.250%5D%7D%7D,%7Bsl:i,t:229,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B60~100%5D,as:%5B60~970.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t2Iya9K+111*.982525-62068902%7C11111%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.724dc5c5-5bf4-4890-81f9-2db6691b15c6.26_925175%7C111*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt45.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0251 13 KB
5 KB 39ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 180
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:13:38 GMT
expires: Tue, 11 Apr 2023 17:13:38 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1A2B 783 B
535 B 50ms
49ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cde70fb1f389a3f6531f84a3e5e0fce62a41472218c23a344039faaaf92f2cfa

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-byJrWRkJAIFrf6Qrpp001w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cyberscoop.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-byJrWRkJAIFrf6Qrpp001w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 17:16:38 GMT
expires: Mon, 11 Apr 2022 17:16:38 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js Show response
pagead2.googlesyndication.com/bg/ Frame 5E41 35 KB
13 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f452a67982ee40951db3f91c960684568202756b3a36038528e1abb1a913f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 05:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41803
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13627
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 05:39:55 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5728 0
0 88ms
87ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022040701&jk=2040315316652528&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js Show response
pagead2.googlesyndication.com/bg/ Frame 0251 35 KB
13 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/yPRSpnmC7kCVHbP5HJYGhFaCAnVrOjYDhSjhq7GpE_U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f452a67982ee40951db3f91c960684568202756b3a36038528e1abb1a913f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 05:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41803
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13627
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 11 Apr 2023 05:39:55 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1A2B 0
0 87ms
86ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022040601&jk=339976563065234&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5E41 0
9 B 39ms
38ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?7mhxtQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0251 0
9 B 38ms
38ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?xcRt1w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 17:16:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 96ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=724dc5c5-5bf4-4890-81f9-2db6691b15c6&tv=%7Bc:9uVxwe,pingTime:-10,time:532,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1649697399114%7C%7C0e0ee2948052f635161d88db68fc53e9%7C%7Ceb4f03ab9dc867f6a5bdb2294b85db99%7C%7C5d9f84f374293168f87de6ee4f4c6d68%7C%7Cb18a4ab7f8fdac32c5d4a9909ab97aac%7C%7C2e3a563bf141359f0f4acb12500e883d%7C%7C1594922e5ce211e4e981eafb81e4274f%7C%7C4bd6e262d904d9bc8476e167f9fd43d9%7C%7C1629390669%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt55.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 97ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=c3b5fa77-aca1-50b9-ab35-a5ce01309aab&tv=%7Bc:9uVxwl,pingTime:-10,time:541,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1649697399120%7C%7Ceabad31cdaa16f3ca976634fb8768c95%7C%7Ceb4f03ab9dc867f6a5bdb2294b85db99%7C%7C300e22c7b953d9753aaa06d941178c5d%7C%7C0aaf93cb1815ee0998d3442eaf422d02%7C%7C0c47be293d7a0a7021bf4858f3e03d20%7C%7C3139bcd570b4a43879ccdb9932785782%7C%7C19e54eb72244ae0b88a65cea9ccdfa3e%7C%7C1629390669%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt40.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 905B 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022040601&jk=1297824338914498&bg=!eHulez_NAAZAkm7qYJI7ACkAdvg8WkP5g8lEMcQjSf5u3niGILi78BadmHGJCNOaJWTXGtZ1RDJJbAIAAADoUgAAAAFoAQcKACokmFYQPhYA1h1ll-pKiw6pHd13-RR5o6NVFm-kr-bqs_5c13oHClrqlQOZAsheNI2MscAQPM3rsIn_a9NG7dgT4XBCMbPT6V_fMbwbh73PY63B05B6juqy3w0Q-cznEYkF9rKmxR5IMa47Wrw8g61GvHaTAylKMviznUluNN8kdBEPr4zSsnJ-xrXZlq55vOW97_AZ3RO2BO00kbkqHHCJfOKccpN5tuWdnWlPlPRrw1MvZZfoCURpmFlJDA0v-k9o3Oqwr0c6hfbsx7eD-z2lbfTfQHj6Al5r07O9evEDT91ynDbHzkawSpFrXwfbcDNzgpwjefhPE0v8jM6PmmxgGT5LcQ2pyg8fGtcm85yWtYuTMhTtmaU9Ak99rLn_S24eofcsyuPukxjclXNja4LN1K8Op1PGVhp_uvjhJtVqsIOAqbpjDQBCPDH2uFec2h7IeD0_MIZtcS2yoHMnF16VU3R__KfY0q61rxaY2leCsmMkxtame8AYTFvG9zOBDrk04Mx-pXhmJH9YAX-TSHxYk92w6XAXSooLwlcVieTSxosrT-bUVJFqS9a4ZA_EjDtToc_-ND95ppGBBI38xAk8WO2mADNvChgLBCjnhCrzsxmitwO8MNinwDuqZHoAFqXkXfuTxS-mAX53p01bJ2gfTNloOg54MrS5-3ndJnJc2FxHm9N15F_9TMSGC5tVNhKp_t5N-5C67cnGjwfFHGg0-V8qxguwg2MQTQZqEwqh1JqL8dOsv60prbSGqnb8V39Ao3iqYR8Yr7f3V2qOgJfa5pPx9fk8hH30V0vRM5NeAsA5n5wPBUFzEujHw56jJm7zlNbP9Du2-09b7Wk48IoetAglL9kQhfdJQA0Sy0yWUYng03-8WtxK1d2q53SWMOqxS6riWYu7CN6vdeqZWobVCtyCFsWcmFvuvCtU3LP58qaSUuyplgzbJzY_XaEyCG5P1MU3xwZPHGjmu89jrF-qHXV5senJuIMgdtDhbY0tpFu2G88f

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0049 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022040701&jk=2531004075779497&bg=!QEOlQwfNAAZAkm7qYJI7ACkAdvg8WuSTKcARCR32LIjdRQNVB0TI5FJFHzu37m6Al2F177ck_CMxKwIAAADuUgAAAAFoAQeZAracE9JZbi36PK8W4fDMxvii-GXbBDAAxW7ymHGvZy1ZZCj1sxQBoWB7MaGX2T0yff8ysFDp3sSPlsQrLYUKaxCjdKdIcJ93I-Gcvg67mbtEmkRMux2P_Njupqh0YH8HPp77ohns20k4KvOS1UtQmjNUO98YFe6ADoh9EJp7iPoBnVdS0cJG9gQWxnQDJnEyc1ykIPw853Y4IFQqpK0u9wQk54BwCUHAvG5yrSAOn8KOvI8wcF7v8C6CS5hfUpxQS18PY_ZL_H6FA2WwMsV8njWJ0gCODOKHKRtq0_Iy-wbps-nSvrOloZOb78OkAuD5mCSH9FPRvssvndpoB5BShBjPnql0C_IbChdAEikXPKRfvOLoxgXLYDXWwf_dcb0QuzWseSAAl_sQXEuqKw-PDxu7vlNajGzCU8D3P7OZpQxQSv-ev-3GzTNue4-k73oHKSeqjBKOQfIsM-eRIvJv8YaAd1d0HejqzYQ1gbDJltFZ5mVzBRMJUEHQL0dULuR9Tc-8Dv8fB4dfAonjv4bfHhI2WH_CuVTbKOEWydL39dKigaw_FD9dYFLjxc-zq7Iww4ZIwzy9ZmhPIVESlKvlw2MA03se_HwL_336TX8t5r5lstpC51Rotcy_S7vZM3SrO3C1VSsfYM1bPecFDMM5hOR9PAvcvWfYBhurxpWNj261tRUeXLD_ZQNRbyTZd1b3N_igMHyUy8IyZbw17jZThyVh_jsjpo49w65-7fc36E1_6hwYuyE5kM8XDAPX3XFvtrIVOEb6mSGr1M8O6jeFcuHwHxPckwOfgikrNRC-O_HzBi0UxBMEa-xdO0bpUtW4Zr98y2SBV7fA4i-o2ZmunSiAHyHV8jvsUVLAUvFDtmCM4TigLTLxbmcMe0fHKiOhhXxPITkBmehx8nldbx43EqclwOACQwWX

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EF7C 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022040601&jk=4273016630362020&bg=!YmGlYSXNAAZAkm7qYJI7ACkAdvg8Wi-utcAV_77Qn4mezp2J5QzWIrSyrmoLWeYOFYjKbwloeCBujAIAAADVUgAAAANoAQcKABIT4AttMoWXZbQc6A_oDl9BIMGZArCw_tV2jzU7aRxT_pcuG8vZgSnOsHQbGfEkho6qiliCZJqwe1kQGlIsvH0950AgbOiK2onp3W-n162c3DXTgCpcHX_YglQLEO9JpF49DAZxQw_N9W_AKyIhe5HlReyVRykmxOc6vBMfSPXPN6Scgfyh6g93urCEB4D3JKVp-9_dv5UzVfp-2wziTBAQfL6r1EGIE5hW_DpCUDRqC6fx55Va5GDP6PHJc81dWh4iwKWIvkpf7vevpnV-sPQ_GYwO-EqxuuggwPsUTHcO70O-WOg6ppS52lsYTpbKyXikUankSLpkQcErpVxs4clyA-IkhbruGNQ1QwVYzHzJfAi84jUW7dwvmpwGgKlcNu9B4lm3IgTQDVs_zy16gJTk-CRF5W1Ygg_3pSqfuXLJIRE2bhE9tKUxl_v_4BgMd7chW2fUSQZBBf8ciDOdVPZkleQSikh8Q_Rbj7g0k-zUkA1RDtsy9HfY4fB5pasYwZOt29DxpS3jlBufrVh2JxukGfdx8keW6OWg0sfC8_kH1ohAa2szDOezPvBZXMj8Yq9FrZZAHc1cTgK95Eax3IHoR6vXSwDVZWH5xBmyRbKJZoefsFoKTH3aEgwHucTVod-VO-xOLd6mBzw3fDr5i7s3wrY85rVu7Ov1LBG6hlmpP62Mfvya48k3fa1EAzjAk1D_0OE8B3CnuAuxwTmgC-1IwfKucw7rYx-dULLEGxOdaP0pY1al5MPog0H26mSlJAwid9QZFUU45auWDDTQvLLkk4n1rfbO8ztddYK07RUlZQ76hJB5_erHNUD65Zhcuxzx9WadqYmxyzUoSsQ2-9lAlVCPDukWaDHPy1BpRKoKTYI0lDanNDZz8H_XU2umsC6_bYoC-k-8BP1oh_i5sDpu4RQv4X6O813NtaxAUnI1vcqclxet

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 7D31 6 KB
3 KB 377ms
313ms Script
text/javascript 65.9.96.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=moxie_verizon01&pid=moxie01&cid=27401599&js=st_1&sz=970x250&c=te-d868
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=moxie01&aid=moxie_verizon01&cid=27401599&js=st0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-70.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 77a37e1276c6f736bc54a2dc8ce6a5caac8b27a104a62755c3b3791b1b5bfc38

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:39 GMT
content-encoding: gzip
server: nginx
x-amz-cf-pop: PRG50-C1
vary: Accept-Encoding, Origin
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 2192
x-amz-cf-id: LUbNRstv-p-wD6PdbjYCQhJWgZTh6ejcqgVVIUPSXr_DWPrPHVNWWw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 7D31 38 KB
12 KB 102ms
38ms Script
text/javascript 65.9.96.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=moxie_verizon01&pid=moxie01&cid=27401599&js=st_2
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=moxie01&aid=moxie_verizon01&cid=27401599&js=st0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-70.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: ce02a171fe79c0155c0e09b826d4e6542ab09be711d05cf4d75d569622a9d24c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 11:32:58 GMT
content-encoding: gzip
server: nginx
age: 20621
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: 8s1js9IuKrjuLCVf-qcsChEDhYCVlI8pQwWcTi7nkn_hjIEi62DH0Q==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame 7D31 43 B
395 B 195ms
131ms Image
image/gif 65.9.96.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=moxie_verizon01&pid=moxie01&cid=27401599&w=970&h=250&c=c07a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-70.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:39 GMT
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: PRG50-C1
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: h6wWPyfF0XEhYzNuWVlABp9Ef2evpAwK9enxghm8OpN8fRISu0Qunw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 802B 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022040701&jk=2040315316652528&bg=!n5ylnNjNAAZAkm7qYJI7ACkAdvg8Ws-xJRjU0BpYPQiGiBlt6yyZufF7aaXLF_o-T3tL9im5DdqLpQIAAAB2UgAAAANoAQeZArvcz7IaG5MHGIQLUGxawQzNE9uTu0YirhRowdVc7XX1KXR7wFpYE0nVsGp9u60jXo0juv6p-Gxi2lTaubygkWLEdzSMW_3adcQvbOngMqbbGZIACGv9HgtYXFk4-jepVIE_Cg88nBHxM3giwBYmvfUg4bAa2nYxupgjnJ1lOM-3YpQtVpT5uf57YPpTtfdYnlEIhjJIfUL-45zvEjlDdjUh9FemZRcZn9p8PyUKNLthK1wIAkasEG5-dYYxWt40cbJwMzSl4oPTUVs_B0qbO8HIDTqWLGOGhhlZfsVMZSJFSoafRwKXS3m-HPnSpU-uyFpN8afj20D_r8tc7TTTkM09yYlt0-a4JCoKlY-bWlgJLhIcfaYdmbyHf7TAB6jnq8GJyScLkkWhjIsRuCm6QfF7UUwFpcu7xDliqkdgEEmW4R5JXhg6ojXU0DNSJsdlLsG8XZGFH742RS732LDexxMi1sgg8dB5arOS-z_DrA3B88AT84f6aZA62SWLyLjjpqo5g8jxBwdF9DWfOSC87yF7T8S31fixFuXGyiYaiiRjybYrPU3vK7EZWAci2P74574akIaAuRWbp_s-ZYjv5HYAguygsA6Noymg1CNsEr_afZVLndP-xUPC_zr4K3_iFM0z8XVD9RC_ssszuz-6QHpgglNGqHg3QRJM82FRmvCS2C7wJqqH0aScUbq5Bkcb7dcNwV-sJn3GOUvTDqbQ96qgfIO2wgz5V4Fn0A6nztSLrIyqWBfnuD8O9Mm3fp0x7zJN73n2Z_9OPlblA9wt93dWJA8i45pVtj7VIzKwzMR5BkQGWvb43urtIWZRbnQi7ShOTc6QG24CHslJyAtG0NQ4LadbVY5SXfn5H1qmnrak54Jr0iYAZp6bZNQSBDjB5irPfv0CtOsq_F_wesq7GUPDvImrCtR-_HM2r6A

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022040601&jk=339976563065234&bg=!SUqlSg7NAAZAkm7qYJI7ACkAdvg8Wm3fSZ3yfY_-vl8K3UpeG_0sDxnC76FPrO7okRApr4IPJSP7kAIAAABzUgAAAANoAQcKACtBMPtgFR7r5j4VIlTi6aD6UMrUsvyOjAzCsWAs9hmZElBlBBAmCY0ufmQWmQKlyFLlgkpM7Dur_NV0IzZCI3Ftwbr1xQ5bUKT0_DpLIoeEuR-jsDaIIT9sgusSHb7J9uGgiDAd8kgnx7Sl6lvNgSnCdoC9i7zSraJf2Y4oDU3QZT0idSk2kwDeUFCoxarHnrMmP-rXDbmu9yBmzJG9J-7jWE9eFptAanlwY6_ElBMztBwKEpGiZDJUiKudQHzW4hrJ-6DGr77CKV_1Nlc4lvvf812DoxQtnshXCyJfYYi3QiR7nGPk_zDq4g55_etQY7h3k5RZgaUvlRNwBALvi-p4wshZjCn81PddW5xk6qQBzHb6IsYqRfSS7vAITk8feY7zMRb66API4UdyQPLK_b5RF7NGLTqMH7vzg8deG30-Cnw2W6cVnYTESWp950osx3fPDgFHCYIvrLxBIibi5RneYKBNl9oRG9A4BSKdDNUjIkkVo557_0x0Aus7JIXBpQ-leua0wFX8YmYg2gZCNMTRHsKDAyja_U1pTPikOfdUD1B7uUATbjrij1-xrSovb2zg75ljuFR7X19FwSfGNuet7Kk54EN2RtjnoO58MPgGG2qLblPKONNh9P7Bj02kl0HLQivEOc-Ki9bOKb2mDP-szCUhDVZaLEk-WtQWygaiQ0I_m7vM9ygsHBocT1_UkhRjJtzvwL1nZOLxC0xKePNg-s-pzn6Mbp9dmoRVBl4ljJ-EMyyXMZ1QAxPef--Xk9JHnoVF1R3AWCtt28gJ0hHvFa4dYTVEyAhcNQ-2sZk0TxZH1z_GxDfhHHebzdsBfad2YEv-0vTN4UqDKNx1hx4zE4yvv28nlO7Ng-3Z2pQblH7fENNahXoTTPVpg1pQ-JAJTyJaudPW26nuqQzfI7Dowi8lWZ7BuaiBgTNvFGGj_SAOKietFjE--xw2UveXNe6cbhM

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7D31 42 B
64 B 74ms
73ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvfaegFUx5h4Ey35p8j9y9ieELnR5WopJbQA-pqvcGT5vguzOcqbfyk4cZNBvpSFEeIIpPBhJAgBcJS28J7UkxpWX9yJtv8Yak&sig=Cg0ArKJSzKp-EHVn35gsEAE&id=lidar2&mcvt=1000&p=0,0,250,970&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220406&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=2711260096&rs=6&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649697398000&rpt=652&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7D31 42 B
64 B 73ms
73ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvQVFAUV4nF23k8ljaTzkdC8DQemrrjuYFL-BXWjEfastNMkROKFKVlLoC85mTOXcHQ7LVjxC6WbXGxsKQcrF0AitB-kNJIuUm5yPoeSEh74dV-kXP9&sig=Cg0ArKJSzNrbZX_l8E42EAE&id=lidar2&mcvt=1003&p=170,315,420,1285&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20220406&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=13849420&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649697398000&rpt=649&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Apr 2022 17:16:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 96ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=c3b5fa77-aca1-50b9-ab35-a5ce01309aab&tv=%7Bc:9uVxHs,pingTime:1,time:1230,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:970,h:250,t:176%7D,%7Bpiv:0,vs:o,r:l,t:213%7D,%7Bpiv:100,vs:i,r:,t:229%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:229,n:213,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:175,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B47~1,0~0%5D,as:%5B47~970.250%5D%7D%7D,%7Bsl:o,t:213,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B16~0%5D,as:%5B16~970.250%5D%7D%7D,%7Bsl:i,t:229,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~970.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:99,fm:t2Iya9K+111*.982525-62068902%7C11111%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.724dc5c5-5bf4-4890-81f9-2db6691b15c6.26_925175%7C111*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt40.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 97ms
97ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=c3b5fa77-aca1-50b9-ab35-a5ce01309aab&tv=%7Bc:9uVxHt,pingTime:1,time:1231,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:970,h:250,t:176%7D,%7Bpiv:0,vs:o,r:l,t:213%7D,%7Bpiv:100,vs:i,r:,t:229%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1002,o:229,n:213,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:175,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B47~1,0~0%5D,as:%5B47~970.250%5D%7D%7D,%7Bsl:o,t:213,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B16~0%5D,as:%5B16~970.250%5D%7D%7D,%7Bsl:i,t:229,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~970.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:99,fm:t2Iya9K+111*.982525-62068902%7C11111%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.724dc5c5-5bf4-4890-81f9-2db6691b15c6.26_925175%7C111*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt55.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 97ms
97ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=724dc5c5-5bf4-4890-81f9-2db6691b15c6&tv=%7Bc:9uVxHu,pingTime:1,time:1230,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:970,h:250,t:191%7D,%7Bpiv:0,vs:o,r:l,t:217%7D,%7Bpiv:100,vs:i,r:,t:228%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1002,o:228,n:217,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:191,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B30~1,0~0%5D,as:%5B30~970.250%5D%7D%7D,%7Bsl:o,t:217,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B11~0%5D,as:%5B11~970.250%5D%7D%7D,%7Bsl:i,t:228,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~970.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:99,fm:t2Iya9K+111*.925175%7C11111%7C1112%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.c3b5fa77-aca1-50b9-ab35-a5ce01309aab.31_982525-62068902%7C111*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt42.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 96ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=724dc5c5-5bf4-4890-81f9-2db6691b15c6&tv=%7Bc:9uVxHv,pingTime:1,time:1231,type:c,clog:%5B%7Bpiv:-1,vs:n,r:,w:970,h:250,t:191%7D,%7Bpiv:0,vs:o,r:l,t:217%7D,%7Bpiv:100,vs:i,r:,t:228%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1003,o:228,n:217,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:191,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B30~1,0~0%5D,as:%5B30~970.250%5D%7D%7D,%7Bsl:o,t:217,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B11~0%5D,as:%5B11~970.250%5D%7D%7D,%7Bsl:i,t:228,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1003~100%5D,as:%5B1003~970.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:99,fm:t2Iya9K+111*.925175%7C11111%7C1112%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.c3b5fa77-aca1-50b9-ab35-a5ce01309aab.31_982525-62068902%7C111*,rmeas:1,rend:1,renddet:IMG.qs,metricId:publ1,cmr:t%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt45.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 96ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=724dc5c5-5bf4-4890-81f9-2db6691b15c6&tv=%7Bc:9uVxHv,pingTime:1,time:1231,type:c,clog:%5B%7Bpiv:-1,vs:n,r:,w:970,h:250,t:191%7D,%7Bpiv:0,vs:o,r:l,t:217%7D,%7Bpiv:100,vs:i,r:,t:228%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1003,o:228,n:217,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:191,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B30~1,0~0%5D,as:%5B30~970.250%5D%7D%7D,%7Bsl:o,t:217,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B11~0%5D,as:%5B11~970.250%5D%7D%7D,%7Bsl:i,t:228,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1003~100%5D,as:%5B1003~970.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:99,fm:t2Iya9K+111*.925175%7C11111%7C1112%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.c3b5fa77-aca1-50b9-ab35-a5ce01309aab.31_982525-62068902%7C111*,rmeas:1,rend:1,renddet:IMG.qs,metricId:grpm1,cmr:t%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:39 GMT
X-Server-Name: dt50.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 get
choices.trustarc.com/ Frame 814B 287 B
627 B 22ms
22ms Image
image/png 65.9.96.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-70.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Mar 2022 06:28:21 GMT
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
server: nginx
age: 2026098
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: PRG50-C1
timing-allow-origin: *
content-length: 287
x-amz-cf-id: Fs7CtpiVPnVwHli2ugSNeDjA1lJrLcFViMpEH1Q91QtfWQaWYdhZog==
expires: Mon, 18 Apr 2022 06:28:20 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 814B 739 B
1 KB 23ms
22ms Image
image/png 65.9.96.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-full-tr.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.96.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-96-70.prg50.r.cloudfront.net
Software: nginx /
Resource Hash: 093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: public
date: Sun, 13 Mar 2022 13:36:21 GMT
via: 1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
server: nginx
age: 2518818
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: PRG50-C1
timing-allow-origin: *
content-length: 739
x-amz-cf-id: Z_zl7a9ziGl1GCQXoLQ63Hz4vo-knqOtlrkg4X9D117gZOXMuXaQoA==
expires: Tue, 12 Apr 2022 13:36:20 GMT

GET
H2 204 unip Show response
trc-events.taboola.com/1035174/log/3/ 0
248 B 15ms
14ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1035174/log/3/unip?en=pre_d_eng_tb&tos=4583&scd=30&ssd=1&est=1649697397013&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1649697401596&mrir=u&vi=1649697397011&ref=null&cv=20220410-1-RELEASE&item-url=https%3A%2F%2Fwww.cyberscoop.com%2Ffin7-ransomware-mandiant%2F
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/fedscoop-sc/tfa.js?ver=5.9.3
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cyberscoop.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin: https://www.cyberscoop.com
pragma: no-cache
date: Mon, 11 Apr 2022 17:16:41 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 97ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=c3b5fa77-aca1-50b9-ab35-a5ce01309aab&tv=%7Bc:9uVyJY,pingTime:5,time:5230,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:970,h:250,t:176%7D,%7Bpiv:0,vs:o,r:l,t:213%7D,%7Bpiv:100,vs:i,r:,t:229%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5001,o:229,n:213,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:175,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B47~1,0~0%5D,as:%5B47~970.250%5D%7D%7D,%7Bsl:o,t:213,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B16~0%5D,as:%5B16~970.250%5D%7D%7D,%7Bsl:i,t:229,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5001~100%5D,as:%5B5001~970.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:99,fm:t2Iya9K+111*.982525-62068902%7C11111%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.724dc5c5-5bf4-4890-81f9-2db6691b15c6.26_925175%7C111*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:43 GMT
X-Server-Name: dt42.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 97ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=982525&asId=c3b5fa77-aca1-50b9-ab35-a5ce01309aab&tv=%7Bc:9uVyJZ,pingTime:5,time:5231,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:970,h:250,t:176%7D,%7Bpiv:0,vs:o,r:l,t:213%7D,%7Bpiv:100,vs:i,r:,t:229%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5002,o:229,n:213,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:175,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B47~1,0~0%5D,as:%5B47~970.250%5D%7D%7D,%7Bsl:o,t:213,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B16~0%5D,as:%5B16~970.250%5D%7D%7D,%7Bsl:i,t:229,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5002~100%5D,as:%5B5002~970.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:99,fm:t2Iya9K+111*.982525-62068902%7C11111%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.724dc5c5-5bf4-4890-81f9-2db6691b15c6.26_925175%7C111*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:43 GMT
X-Server-Name: dt50.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 7D31 43 B
301 B 97ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925175&asId=724dc5c5-5bf4-4890-81f9-2db6691b15c6&tv=%7Bc:9uVyK0,pingTime:5,time:5230,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:970,h:250,t:191%7D,%7Bpiv:0,vs:o,r:l,t:217%7D,%7Bpiv:100,vs:i,r:,t:228%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:5002,o:228,n:217,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:191,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B30~1,0~0%5D,as:%5B30~970.250%5D%7D%7D,%7Bsl:o,t:217,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B11~0%5D,as:%5B11~970.250%5D%7D%7D,%7Bsl:i,t:228,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:i,cc:NaN.NaN.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5002~100%5D,as:%5B5002~970.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:101,fm:t2Iya9K+111*.925175%7C11111%7C1112%7C121%7C122%7C123%7C131%7C132%7C133%7C141%7C142%7C143%7C15%7C16%7C17%7C18%7C19,idMap:111.c3b5fa77-aca1-50b9-ab35-a5ce01309aab.31_982525-62068902%7C111*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Apr 2022 17:16:43 GMT
X-Server-Name: dt45.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

Verdicts & Comments Add Verdict or Comment

139 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.cyberscoop.com/	1970-01-20 02:14:59	Name: ppwp_wp_session Value: a15afdbf92174eae42e078df60b2c19e%7C%7C1649699196%7C%7C1649698836
www.cyberscoop.com/	1970-01-20 02:16:23	Name: sng_interstitial Value: true
.cyberscoop.com/	1970-01-21 22:02:57	Name: tk_ai Value: gu%2Bn46WJUu%2BiDTjoYPT1EHJl
.cyberscoop.com/	1970-01-20 19:46:09	Name: _ga Value: GA1.2.971407664.1649697397
.cyberscoop.com/	1970-01-20 02:16:23	Name: _gid Value: GA1.2.1713778562.1649697397
.cyberscoop.com/	1970-01-20 02:14:57	Name: _gat_UA-80491860-1 Value: 1
.cyberscoop.com/	1970-01-20 04:24:33	Name: _fbp Value: fb.1.1649697397548.306029051
.t.co/	1970-01-20 19:46:09	Name: muc_ads Value: 1b23bfda-9ed2-4ba3-bb91-7f0dd2859140
.twitter.com/	1970-01-20 19:46:09	Name: personalization_id Value: "v1_adrsU9PO5Zpu7bKcIWbzEg=="
.doubleclick.net/	1970-01-20 11:36:33	Name: IDE Value: AHWqTUkNY_xr7Ai1yklNgFt5a65qEb_80rF1BgBUy8gy34SIGCXHh7Z-L3aZ08CI31E
.linkedin.com/	1970-01-20 02:58:09	Name: UserMatchHistory Value: AQJ8aX3CkAO7GAAAAYAZoJs31ehJ2CsrTBbTi7LGlVG757hFlMe3dug9kuYUqz0HWr5nH_vTdD-niA
.linkedin.com/	1970-01-20 02:58:09	Name: AnalyticsSyncHistory Value: AQJUzIzDCUVqHgAAAYAZoJs3M49XmP472pyT3v68Y2JyTeZYuHeYC2yGYOnaVFlczKHxZlyklrHJo28DyFnHkg
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 19:46:51	Name: bcookie Value: "v=2&761af1e2-8f40-46ea-83ed-bf8c5219fb28"
.linkedin.com/	1970-01-20 02:16:23	Name: lidc Value: "b=OGST04:s=O:r=O:a=O:p=O:g=2597:u=1:x=1:i=1649697397:t=1649783797:v=2:sig=AQFm4uOBN2np0cil_OdGKFR3IyAisYFk"
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 19:46:51	Name: bscookie Value: "v=1&20220411171637eeddddb7-afbf-44ea-8fd1-8829cd0196adAQEChSG2mwsCAzkIRoTwQs8r_-dErNuL"
.linkedin.com/	1970-01-20 19:37:53	Name: li_gc Value: MTswOzE2NDk2OTczOTc7MjswMjFPPJm+cpxlQ0Kt59YxkXBBbpmKFI/GLucCnT/Bj7VBSQ==
.cyberscoop.com/	1970-01-20 11:36:33	Name: __gads Value: ID=cd6132755c65c14d:T=1649697397:S=ALNI_Mb8oxASpsLHv1NGDnX5Ju_SxChk-g
.demdex.net/	1970-01-20 06:34:09	Name: demdex Value: 70159230021409342503926694622928532140
.verizon.demdex.net/	1970-01-20 06:34:09	Name: verizon Value: 70159230021409342503926694622928532140
.cyberscoop.com/	1970-01-20 06:34:09	Name: __hstc Value: 143679850.936cb9501b5aa5756c1d8bb9a8bb8604.1649697398729.1649697398729.1649697398729.1
.cyberscoop.com/	1970-01-20 06:34:09	Name: hubspotutk Value: 936cb9501b5aa5756c1d8bb9a8bb8604
.cyberscoop.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cyberscoop.com/	1970-01-20 02:14:59	Name: __hssc Value: 143679850.1.1649697398729
.hubspot.com/	1970-01-20 02:14:59	Name: __cf_bm Value: 3vqxgOFDFK0W.VIfb1h46ups2YIVqLV1agoWWv1SCQs-1649697398-0-AcikFqFqy9iia/9uBD0+kRSkX99nnRLaB62tfnaOI4TGLBlYyPnXx6vMvqOAPhvNednSq9hSXV5DPKkM+e5NI9I=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.cyberscoop.com/wp-content/themes/cyberscoop/js/ads.js Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

25545f8df5becf54e5054b470f0cc97e.safeframe.googlesyndication.com
6a35763cb171b771b1d17407e9702dbf.safeframe.googlesyndication.com
8ed2c15a08b7af7b84f580a34f95de2d.safeframe.googlesyndication.com
ad.doubleclick.net
adservice.google.com
adservice.google.de
analytics.twitter.com
cdn.taboola.com
choices.trustarc.com
choices.truste.com
connect.facebook.net
da26b7b2d708a73695478cb8cd65eb22.safeframe.googlesyndication.com
dt.adsafeprotected.com
f4c3b1a256be7aa05a907a2640858998.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
fw.adsafeprotected.com
googleads4.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsforms.net
pagead2.googlesyndication.com
pixel.adsafeprotected.com
pixel.wp.com
public-api.wordpress.com
px.ads.linkedin.com
px4.ads.linkedin.com
s0.2mdn.net
s3.amazonaws.com
securepubads.g.doubleclick.net
snap.licdn.com
static.addtoany.com
static.ads-twitter.com
static.adsafeprotected.com
stats.g.doubleclick.net
stats.wp.com
t.co
tpc.googlesyndication.com
track.hubspot.com
trc-events.taboola.com
verizon.demdex.net
www.cyberscoop.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.linkedin.com
104.244.36.20
104.244.42.133
104.244.42.3
13.107.42.14
141.226.228.48
142.250.185.66
142.250.186.134
142.250.186.98
151.101.129.44
192.0.76.3
192.0.78.22
199.232.136.157
2600:9000:2093:5600:8:48e:53c0:93a1
2606:4700:10::6816:47c5
2606:4700::6810:5505
2606:4700::6811:46b0
2606:4700::6811:b749
2606:4700::6811:d2cc
2606:4700::6812:14bf
2606:4700::6813:9b53
2620:1ec:21::14
2a00:1450:4001:801::2002
2a00:1450:4001:801::2008
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:813::200a
2a00:1450:4001:827::2003
2a00:1450:4001:828::2001
2a00:1450:4001:828::2004
2a00:1450:4001:829::200e
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2006
2a00:1450:4001:830::2001
2a00:1450:4001:830::2002
2a00:1450:400c:c08::9c
2a02:26f0:3500:7::17d8:4dca
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.5.9.157
34.243.58.169
52.213.82.127
52.222.186.77
54.154.124.119
65.9.96.20
65.9.96.70
012bbc64c81bed052883539347d24f7b03b6df98365d1564101824a8c381d077
02da53bc9617720d65752f031132e403fa05c3c9c2458ad3aa63285fb0b1fd58
0537aa91d8b773926810a33f2c96957c1924ac6282f5398b3c09d3bef8467c54
05a7c7b8afab781586d1052479ccb01ed38a11d57f8a79e1e44fdfc9f2f69ce1
061473d06c676e692148c9e53870122e472f133abc759c56e871a162e79b9376
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e
0b6a75c8a008114b5b09931e2e66fbe56e85f0043d653393dac6e38b91b3bded
0b9d57be73aa8f7f41bee396a02038d1e5433481622916854268481040e2c63b
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0cdcc8aaab25a31b97dd5392b7ecdae22225ef2504d82c3f7f50e156c16e09ab
0d281aa7b07dfcb1bc05e2cdd051aa34fb915616590b834374148a1768ce3440
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13cec7b80effcf5f705c615043d81274bebf1e9af6ea8fc711cfc95a2e136e1b
14c742642de9c8f39467c54a34b08f124d3eb6ae49356d9b9f8a158424e77192
15102f00c0b20cff64250b68bc217f41647feb7e76110f62d16234cbc49c63d0
19acfd475f42bf1c83c58c37035c1e73a98becc9a705d8ded0b991ef640845b1
1a2814888079619c511d69af17514a0c7bb4f942be94784bcbf85f68fcea6f7f
1e5210289b40153dcb9368735fa13d3c9e6be8599442250145b257460c628566
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
214a4e6d1b76b8f804bf74ddd53aba8493b4d61e9609d75d8923a34ed97b80e5
22c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2c8e8a58e6941ad55e1c095ed8e91a8db95a9a98e3586318ccff7146c932b37d
3046ab26982b61a2fc0f0fae7ed7f416e9113f924db911efa97b5b80ae16726d
3097429612cadf41c8c2f08d5cbe3bce1a77aaf73296e1217ad3b29949d6deb4
330a33f161d4784af35b77dac190fcf56057926413b4ef01911da1571b092047
338c877fb680e7689e5d6c50a91e68339f36f6f3b67c66b85a4ceb2ef8ebec6b
3433916e194f9b69f192b3b157656c87e84e3062b3a00caf10188612550103c9
34b8701fdcbd5b7f4b776178cf1c52b3754f60027bf85af5a8573c3208f77890
376a0df7dcce3d239b9db94ac3ddf85a27f8fbfeafba4d892c0b2212d1cbd3fc
3d5c432ac1f87c116b88388348b78c08278195f455202173393b9c0576bfb6ad
3fd2f6aa88a9cb00ea4b575b5acdaaf4ee8e36736553fdccaaa7c17c861ef795
40905beca0f8b5ff867fa2f103e951dd2416853df1e8f7d7453a74708d779277
4a354f3d28b56276cc1c16d970f65ddb3ecec48cb1b79a1a32e0e3929e584607
4b8dd50e462d914dd8609e8a566ce6bce0ab94088a4bf958b57c4cdb6ab54868
4be6258bf1ecf7fc9af2fd62a01c10ebc029b3973932838a7b32d51e395ba519
4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080
4d8d48a3f00d424f5083a310bcfbcc1ad35d02e02793a9f459e9938879d8a675
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4eba10304f45a9ca7d6b3b882e564a5dd00d3900dc515fbe6137765ed0fb45a3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5144138fd70f1ac31532abc43b12dda241d5efd980098a378dcd2ba44c261d9b
51aa1f55f3d344d82ece24055a31012cf77d10cc4a2f9307f5dea293118d40f1
51c40fb52547a14a895a2425e94a53886ced172e90c70d5418890fb67517701b
51e841ae906f8d9003aa8487c11792ceceaac3259e068c2cadceabfe7ede15b9
54a939394825575b171c8150a8da84dc9684f6a722835ffbfab7ab132032cec5
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b94d6f0aeb3b60698a1fc65de26907cf486e6e2c56236e0d027f1eadc6c271
55de2f543e24f0c3655be2f344491b2e73ae61350f58a2bb9ebf4ad1326e8fba
55e7864297779971c44154c07c4a9bdaa7b2cf1a142240280be0047bdef8b223
56ff87fd044ab9f1eba06b27434b12e9449ce194cecfd15a2a984618bfbb0d93
584b68f5270ff22567c6664adae3a6a61754401225714742307351dc2797e02d
5c701ab2009c0c01911be3dbb373cea9edd337b25e43cd2a917caf28486ff83c
5d0bcf86bdafd80020b30534c6f961807989c12f56226dc0dadcb7785f619393
5d2537391205a79b8e556549d0ec25f7b3dee4036bfc8f424b7c13fd626d43e5
5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c
6131769e08ca1b65193c7c4000920c9eee716e12b8f54eba7e5326b019745745
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62ef6ff7641456aa2d94443dff7578d154236f12dcbb2e3dea4e519b0153a468
63e0f1d4d244fa557ae96c648168b0620a4f5ad3dbb653fc979a1b3ea0000699
64485af5cc69080f6972dabed355ca821a62d0f8a16ca87a716878a3f15ecd3a
65e53b8ee6e85a11d1727d8783b3b87e2b28c1cb007b168c4f33f9bf5fc984ff
7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3
742d2f7f43e3eb8c7e5a12f24afcd4dcc03e11a31223060eb03d95b91ec07cc7
7715e4aea326ae75ad1c9eae24a3764f9941afbd652e58ab89bb500cccbfaa70
77a37e1276c6f736bc54a2dc8ce6a5caac8b27a104a62755c3b3791b1b5bfc38
7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f
7f134de2e6859c8b9a8acb3f07c54f04c9fbe04c3381e137d85e2f0cb08a526b
821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86a676d25a23c478b5064a3f6d9275179f67de2bbebe1bfa842719f73658650a
8789a53b86736707596730a77d4a9c2d5716479a1e534765bcf7aaaa699f66e9
8a90f9c307d889844f7286c11a9e8596c9a41b2e91123ab49cca0fbaa4b48dc7
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8f7894603292731a56692b1348b0b39871cdf248aa9f5b6a4c00e7de41f1a668
9146f6ec02b7c1db65d152424e1d5e5f3a5d7d6ca91d1282a7e678150683876f
91a964487ecdaf0bf35faf0abd1b59ecc875f724b761c38046309f47b58d37da
932fb1ec913f2d1071db9656b9bc7e8c4fc150d7d8b48d8b4b66c3d82a2e020e
942e44b1cef3a0678c306625f42ea1cd180d9ee9fbe443ed98fc1076c07493a5
95bd18e861348f711aaa90cae1aa02bef40782501e238f2f688cd4a9c904bea1
96b8a4481da526ff5a1a77c312a2aa83df0d0821e90dc91ccfad3fa53526a163
977170a0e3964a633c513391294624781d984e4c749e50e058979388d699d7cc
986378981490df7cae6b96a791c2e93a0a01a0c4f0e0338133aa597bbedea295
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9e9ce5f71d5199340f9f109561dc1a65bcbba9d4d1ac51546e04ae69f2695784
9f43b1d680f30f094882c6346709b029abc8c5e87376839089727001ecfce7f8
9fc929f9d307cf53bea691c3794c5ee2874ff5e1d2c7d308d71120ae3aa8c788
a060aca1def4e45da8730e2c6052fb1efbe9b1bdd305c14ea86c8c5152ebd593
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a64b8e77b5bae1c5abdc7db40f8ec01c21f7a8da72beb480a1fbd27e4b6b8c60
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a79363f0bf9c3752bb3c339d84e951de983be806af2ed5b9d618ff0b46f95559
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b0ede7b5b1d37c7b1777edf22e87ce41bdf62243df9f3f4548a27af7daa5392f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b534f367f11c24f3709e27fdb539f308475d495eaafed8f7681a5c96dfacc537
bb6a7f39d0982d1605492df9ffaa28989d1829fdf91037053e4af527ae5ed797
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
c0758721ba3b41bf0236a10348f8ad1ceb3336894bfbaca0b9d77fb366b585c1
c443762880d9d8b4faabb5d63205228757c7e6c9eeaaa404ac801f3046e80589
c8c35e0f00ccdca409b0b7340bb4c008649529b40a786a51e6d732cbf4f845e1
c8f452a67982ee40951db3f91c960684568202756b3a36038528e1abb1a913f5
ca2e99ffb3730e887ee7389e499993e912e5e47ec6f28c991a692cd78746edf5
ccd21ebd19b259d979d4ddf5af0751f6fae149746ae2e7a164beec2a600682be
cde70fb1f389a3f6531f84a3e5e0fce62a41472218c23a344039faaaf92f2cfa
ce02a171fe79c0155c0e09b826d4e6542ab09be711d05cf4d75d569622a9d24c
d1516267f5a6ea176d78b81d83efd6ef2df9981c746cb0d05db536a162a29397
d5d4228a3e80d57bcf6ee1f6080fbc4c65dba96e81d2364535fa49e3d27e9131
db236586fe21257e3d9b959bdeb2e6883f01a09718c3ab73728e21f7a96c5ba0
dbcdc26541641257f4b81f00d507c5f6a78ba59212ce3d8cdaa7b889bfb9f7a1
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
deafbabde299246dad329a0f8ce7ec682ef8a1de7926811e7a2db9a27b745a24
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e0c7028a7110404e873d2a4a776bfcf70e60a7b4a8259133dde9d409d532be4b
e10ddb1f8c51f2fadaafc4d5bceab61b3c7c3c543d82d26e9e7874d749dcc02a
e14f14e7f66a928803c8780bae40f3b3d143114d4ba539ed6ee16c8094c1c9c0
e39d8d1a1f8935d9609168b378a0caf1697fff05bfb0ade214447b65071f1f3b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e448366ba538d2d65714f62ae1af89f2f5dd3ccc64af549bb3a84d9cea541dcb
e55b5cba1f8e7604687c4f99ab7b1c3bf971ab991ec0fae83fb221b98daf07c4
e8aa641f970d7f8010d991990de0cac0ed2f8136c931b5a14cbe8607c6c7fb9a
ea03bd5d723c75f6d0a9419d4f9651afd78ea2a4abfcee7f926cbde0681a2671
ea7c3c1fb429c64a75b15bc3d82e99987c40229c3275a5d0c37deb6143e4cf6f
ebe17479e7a7f66da1bcae6679c2b230b8bb9f36ac2025f2833ef46944219335
ec7c4c90e31092c6253cddb718655a1e3ac5f4f83425b1e16d54b25ff80f263f
eecc78f834649472672438efb8854e77ac8571a4c901d3c102a2554c3059ba7d
ef06bc5e3cc158037771e3ed0d13f75694ffe052cc8b442e02082e85cf85aec2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb5246da9510c7825355c24516fe174bb3b030f83b6b9ee641b8ab26a76039f
f22120d1591b5397235fec8a01ffcc7d45fa6bd0b4cd6f93b8999c9365b359f1
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f6e20df425f54d8401412c434251747ab0a221b7dd5c08f55470148267073ada
fcd8750f5c12ba2f9850049c6014c8fc5f3f8633256e76385c6e89515890bfaa
fe1bd3df8f20fe537d1ad985ecd7b169c10e1d0e2cc0860bc4b4c326d152420f
fe9df7af9647a824fe66cae1f452ecb318d9f9ad3b2e09ef0623f0c6af50a0ed

www.cyberscoop.com Open in urlscan Pro 52.222.186.77 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

247 Requests

99 %HTTPS

58 %IPv6

33 Domains

51 Subdomains

45 IPs

5 Countries

3433 kBTransfer

8330 kBSize

26 Cookies

18 Outgoing links

Redirected requests

247 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cyberscoop.com Open in urlscan Pro
52.222.186.77 Public Scan

Screenshot
Live screenshot

Full Image

247
Requests

99 %
HTTPS

58 %
IPv6

33
Domains

51
Subdomains

45
IPs

5
Countries

3433 kB
Transfer

8330 kB
Size

26
Cookies

247 HTTP transactions
7 data transactions