urlscan.io logo urlscan.io
SecurityTrails logo

www.zdnet.com Open in urlscan Pro
2a04:4e42:4d::666  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channe...
Submission: On November 27 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 50 IPs in 5 countries across 39 domains to perform 317 HTTP transactions. The main IP is 2a04:4e42:4d::666, located in United States and belongs to FASTLY, US. The main domain is www.zdnet.com.
TLS certificate: Issued by R3 on October 26th 2021. Valid for: 3 months.
This is the only time www.zdnet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
53 2a04:4e42:4d:... 54113 (FASTLY)
4 2606:4700:303... 13335 (CLOUDFLAR...)
4 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 3 2600:1901:1:c... 15169 (GOOGLE)
2 34.199.156.235 14618 (AMAZON-AES)
3 151.101.66.154 54113 (FASTLY)
1 34.120.203.121 15169 (GOOGLE)
4 151.101.193.194 54113 (FASTLY)
35 142.250.186.34 15169 (GOOGLE)
7 2a04:4e42:62:... 54113 (FASTLY)
47 2.18.235.40 16625 (AKAMAI-AS)
1 34.120.195.249 15169 (GOOGLE)
1 2600:1901:0:5... 15169 (GOOGLE)
1 18.171.9.184 16509 (AMAZON-02)
2 3.10.67.38 16509 (AMAZON-02)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
4 2600:1901:1:5... 15169 (GOOGLE)
1 151.101.2.137 54113 (FASTLY)
2 162.247.243.146 13335 (CLOUDFLAR...)
3 65.9.71.18 16509 (AMAZON-02)
18 23.21.227.9 14618 (AMAZON-AES)
2 34.226.100.11 14618 (AMAZON-AES)
1 2600:9000:223... 16509 (AMAZON-02)
2 184.51.8.191 16625 (AKAMAI-AS)
1 54.164.74.135 14618 (AMAZON-AES)
2 34.225.249.141 14618 (AMAZON-AES)
4 13.32.21.201 16509 (AMAZON-02)
5 2602:803:c004... 26667 (RUBICONPR...)
1 185.64.189.112 62713 (AS-PUBMATIC)
1 185.33.220.241 29990 (ASN-APPNEX)
1 2.17.5.147 16625 (AKAMAI-AS)
1 35.244.159.8 15169 (GOOGLE)
7 52.28.203.152 16509 (AMAZON-02)
1 35.211.168.6 19527 (GOOGLE-2)
1 178.162.133.150 60781 (LEASEWEB-...)
1 13.35.253.70 16509 (AMAZON-02)
1 143.204.207.44 16509 (AMAZON-02)
1 35.227.208.151 15169 (GOOGLE)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:215... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
28 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
18 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
317 50
53    2a04:4e42:4d::666 (United States)

ASN54113 (FASTLY, US)
www.zdnet.com
4    2606:4700:3030::ac43:b431 (United States)

ASN13335 (CLOUDFLARENET, US)
static.myfinance.com
www.myfinance.com
4    2a02:26f0:6c00:1b8::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
c.go-mpulse.net
3    2600:1901:1:c36:: (United States)

ASN15169 (GOOGLE, US)
open.spotify.com
2    34.199.156.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-156-235.compute-1.amazonaws.com
a.myfidevs.io
3    151.101.66.154 (United States)

ASN54113 (FASTLY, US)
at.adtech.redventures.io
1    34.120.203.121 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 121.203.120.34.bc.googleusercontent.com
urs.zdnet.com
4    151.101.193.194 (United States)

ASN54113 (FASTLY, US)
confiant-integrations.global.ssl.fastly.net
35    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
securepubads.g.doubleclick.net
7    2a04:4e42:62::760 (United States)

ASN54113 (FASTLY, US)
open.scdn.co
i.scdn.co
47    2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com
z.moatads.com
px.moatads.com
redventuresgamdisplay60805146916.s.moatpixel.com
1    34.120.195.249 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o22381.ingest.sentry.io
1    2600:1901:0:524d:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
apresolve.spotify.com
1    18.171.9.184 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-171-9-184.eu-west-2.compute.amazonaws.com
mb.moatads.com
2    3.10.67.38 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-10-67-38.eu-west-2.compute.amazonaws.com
geo.moatads.com
2    2a02:26f0:6c00:2b9::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
684dd32f.akstat.io
4    2600:1901:1:5ca:: (United States)

ASN15169 (GOOGLE, US)
gew1-spclient.spotify.com
1    151.101.2.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
2    162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)
bam-cell.nr-data.net
3    65.9.71.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-71-18.fra56.r.cloudfront.net
cdn.cohesionapps.com
18    23.21.227.9 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-227-9.compute-1.amazonaws.com
ingest.make.rvapps.io
2    34.226.100.11 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-100-11.compute-1.amazonaws.com
taggy.cohesionapps.com
1    2600:9000:223c:6600:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)
static.chartbeat.com
2    184.51.8.191 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a184-51-8-191.deploy.static.akamaitechnologies.com
tags.tiqcdn.com
1    54.164.74.135 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-164-74-135.compute-1.amazonaws.com
ping.chartbeat.net
2    34.225.249.141 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-249-141.compute-1.amazonaws.com
monarch.cohesionapps.com
4    13.32.21.201 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-21-201.fra56.r.cloudfront.net
c.amazon-adsystem.com
5    2602:803:c004:200::140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
1    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
1    185.33.220.241 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
1    2.17.5.147 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a2-17-5-147.deploy.static.akamaitechnologies.com
htlb.casalemedia.com
1    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
cnet-d.openx.net
7    52.28.203.152 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
c2shb.ssp.yahoo.com
1    35.211.168.6 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 6.168.211.35.bc.googleusercontent.com
sofia.trustx.org
1    178.162.133.150 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com
apex.go.sonobi.com
1    13.35.253.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-70.fra6.r.cloudfront.net
ats.rlcdn.com
1    143.204.207.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-207-44.fra53.r.cloudfront.net
geo.privacymanager.io
1    35.227.208.151 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 151.208.227.35.bc.googleusercontent.com
web-sdk.urbanairship.com
2    2606:4700::6810:7aaf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    2a00:1450:4001:801::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
1    2600:9000:2156:6c00:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn-gl.imrworldwide.com
1    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
5    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
28    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
5    2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
b2b670beafe273e5e81b392c85999385.safeframe.googlesyndication.com
79629e85a59a81721c4a1f064cda3390.safeframe.googlesyndication.com
7edca1fca72b1154fd1f57ebf4ef6f99.safeframe.googlesyndication.com
a2522c8c84fc87b18861b23329d7437f.safeframe.googlesyndication.com
724d7a079cbae3d6b4fd0c83c80346c1.safeframe.googlesyndication.com
18    2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
8    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
7    2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
4    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
Apex Domain
Subdomains		 Transfer
54 zdnet.com
www.zdnet.com
urs.zdnet.com
890 KB
51 googlesyndication.com
pagead2.googlesyndication.com
b2b670beafe273e5e81b392c85999385.safeframe.googlesyndication.com
tpc.googlesyndication.com
79629e85a59a81721c4a1f064cda3390.safeframe.googlesyndication.com
7edca1fca72b1154fd1f57ebf4ef6f99.safeframe.googlesyndication.com
a2522c8c84fc87b18861b23329d7437f.safeframe.googlesyndication.com
724d7a079cbae3d6b4fd0c83c80346c1.safeframe.googlesyndication.com
267 KB
35 doubleclick.net
securepubads.g.doubleclick.net
795 KB
34 moatads.com
z.moatads.com
mb.moatads.com
geo.moatads.com
px.moatads.com
987 KB
18 rvapps.io
ingest.make.rvapps.io
2 KB
16 moatpixel.com
redventuresgamdisplay60805146916.s.moatpixel.com
4 KB
12 google.com
adservice.google.com
www.google.com
4 KB
8 googletagservices.com
www.googletagservices.com
291 KB
8 spotify.com
open.spotify.com
apresolve.spotify.com
gew1-spclient.spotify.com
11 KB
7 yahoo.com
c2shb.ssp.yahoo.com
843 B
7 cohesionapps.com
cdn.cohesionapps.com
taggy.cohesionapps.com
monarch.cohesionapps.com
32 KB
7 scdn.co
open.scdn.co
i.scdn.co
753 KB
5 google.de
adservice.google.de
1 KB
5 rubiconproject.com
fastlane.rubiconproject.com
6 KB
4 amazon-adsystem.com
c.amazon-adsystem.com
41 KB
4 fastly.net
confiant-integrations.global.ssl.fastly.net
182 KB
4 go-mpulse.net
c.go-mpulse.net
53 KB
4 myfinance.com
static.myfinance.com
www.myfinance.com
65 KB
3 redventures.io
at.adtech.redventures.io
179 KB
2 unpkg.com
unpkg.com
2 KB
2 tiqcdn.com
tags.tiqcdn.com
41 KB
2 nr-data.net
bam-cell.nr-data.net
1 KB
2 akstat.io
684dd32f.akstat.io
708 B
2 myfidevs.io
a.myfidevs.io
166 B
1 imrworldwide.com
cdn-gl.imrworldwide.com
5 KB
1 2mdn.net
s0.2mdn.net
123 KB
1 urbanairship.com
web-sdk.urbanairship.com
36 KB
1 privacymanager.io
geo.privacymanager.io
591 B
1 rlcdn.com
ats.rlcdn.com
57 KB
1 sonobi.com
apex.go.sonobi.com
825 B
1 trustx.org
sofia.trustx.org
307 B
1 openx.net
cnet-d.openx.net
379 B
1 casalemedia.com
htlb.casalemedia.com
330 B
1 adnxs.com
ib.adnxs.com
1 KB
1 pubmatic.com
hbopenbid.pubmatic.com
115 B
1 chartbeat.net
ping.chartbeat.net
201 B
1 chartbeat.com
static.chartbeat.com
23 KB
1 newrelic.com
js-agent.newrelic.com
17 KB
1 sentry.io
o22381.ingest.sentry.io
245 B
317 39
Domain Requested by
53 www.zdnet.com www.zdnet.com
35 securepubads.g.doubleclick.net www.zdnet.com
securepubads.g.doubleclick.net
www.googletagservices.com
28 pagead2.googlesyndication.com www.zdnet.com
tpc.googlesyndication.com
securepubads.g.doubleclick.net
www.googletagservices.com
22 px.moatads.com
18 tpc.googlesyndication.com www.zdnet.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
18 ingest.make.rvapps.io www.zdnet.com
16 redventuresgamdisplay60805146916.s.moatpixel.com
9 z.moatads.com www.zdnet.com
securepubads.g.doubleclick.net
8 www.googletagservices.com www.zdnet.com
securepubads.g.doubleclick.net
7 www.google.com www.zdnet.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
7 c2shb.ssp.yahoo.com www.zdnet.com
6 open.scdn.co open.spotify.com
5 adservice.google.com www.zdnet.com
securepubads.g.doubleclick.net
5 adservice.google.de www.zdnet.com
securepubads.g.doubleclick.net
5 fastlane.rubiconproject.com www.zdnet.com
4 c.amazon-adsystem.com www.zdnet.com
4 gew1-spclient.spotify.com open.scdn.co
4 confiant-integrations.global.ssl.fastly.net www.zdnet.com
4 c.go-mpulse.net www.zdnet.com
c.go-mpulse.net
3 cdn.cohesionapps.com www.zdnet.com
cdn.cohesionapps.com
3 at.adtech.redventures.io www.zdnet.com
3 open.spotify.com 1 redirects www.zdnet.com
open.scdn.co
2 unpkg.com 1 redirects
2 monarch.cohesionapps.com www.zdnet.com
2 tags.tiqcdn.com www.zdnet.com
2 taggy.cohesionapps.com www.zdnet.com
2 bam-cell.nr-data.net www.zdnet.com
2 684dd32f.akstat.io www.zdnet.com
c.go-mpulse.net
2 geo.moatads.com z.moatads.com
2 www.myfinance.com www.zdnet.com
2 a.myfidevs.io www.zdnet.com
2 static.myfinance.com www.zdnet.com
1 724d7a079cbae3d6b4fd0c83c80346c1.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 a2522c8c84fc87b18861b23329d7437f.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 7edca1fca72b1154fd1f57ebf4ef6f99.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 79629e85a59a81721c4a1f064cda3390.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 b2b670beafe273e5e81b392c85999385.safeframe.googlesyndication.com www.zdnet.com
1 cdn-gl.imrworldwide.com www.zdnet.com
1 s0.2mdn.net www.zdnet.com
1 web-sdk.urbanairship.com www.zdnet.com
1 geo.privacymanager.io www.zdnet.com
1 ats.rlcdn.com www.zdnet.com
1 apex.go.sonobi.com www.zdnet.com
1 sofia.trustx.org www.zdnet.com
1 cnet-d.openx.net www.zdnet.com
1 htlb.casalemedia.com www.zdnet.com
1 ib.adnxs.com www.zdnet.com
1 hbopenbid.pubmatic.com www.zdnet.com
1 ping.chartbeat.net
1 static.chartbeat.com www.zdnet.com
1 js-agent.newrelic.com www.zdnet.com
1 mb.moatads.com z.moatads.com
1 apresolve.spotify.com open.scdn.co
1 o22381.ingest.sentry.io open.scdn.co
1 i.scdn.co open.spotify.com
1 urs.zdnet.com www.zdnet.com
317 56
Subject Issuer Validity Valid
*.zdnet.com
R3		 2021-10-26 -
2022-01-24		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-18 -
2022-06-17		 a year crt.sh
akstat.io
DigiCert SHA2 Secure Server CA		 2021-06-08 -
2022-06-13		 a year crt.sh
*.spotify.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-03 -
2022-05-03		 a year crt.sh
*.myfidevs.io
Amazon		 2021-01-06 -
2022-02-04		 a year crt.sh
at.adtech.redventures.io
R3		 2021-10-05 -
2022-01-03		 3 months crt.sh
*.freetls.fastly.net
GlobalSign Atlas R3 DV TLS CA 2020		 2021-04-27 -
2022-05-29		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.scdn.co
DigiCert TLS RSA SHA256 2020 CA1		 2021-08-06 -
2022-09-02		 a year crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2021-01-21 -
2022-01-25		 a year crt.sh
*.ingest.sentry.io
R3		 2021-10-24 -
2022-01-22		 3 months crt.sh
*.moatads.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-25 -
2022-06-25		 a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-10-06 -
2022-11-07		 a year crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA		 2020-02-05 -
2022-02-08		 2 years crt.sh
cdn.cohesionapps.com
Amazon		 2021-01-17 -
2022-02-14		 a year crt.sh
ingest.make.rvapps.io
Amazon		 2021-09-26 -
2022-10-24		 a year crt.sh
*.taggy.cohesionapps.com
Amazon		 2021-02-27 -
2022-03-28		 a year crt.sh
*.chartbeat.com
Thawte RSA CA 2018		 2021-05-20 -
2022-06-03		 a year crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA		 2021-04-19 -
2022-04-27		 a year crt.sh
*.chartbeat.net
Thawte RSA CA 2018		 2020-12-01 -
2021-12-30		 a year crt.sh
*.monarch.cohesionapps.com
Amazon		 2021-10-11 -
2022-11-08		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2021-07-06 -
2022-06-27		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-04		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2021-08-04 -
2022-09-04		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-10-14 -
2022-04-06		 6 months crt.sh
sofia.trustx.org
Sectigo RSA Domain Validation Secure Server CA		 2020-12-15 -
2021-12-29		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2020-12-06 -
2022-01-07		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-25 -
2022-03-28		 a year crt.sh
*.privacymanager.io
Amazon		 2021-09-25 -
2022-10-24		 a year crt.sh
*.urbanairship.com
DigiCert SHA2 Secure Server CA		 2020-06-09 -
2022-07-14		 2 years crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.imrworldwide.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-01-28 -
2022-02-01		 a year crt.sh
*.google.de
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh

This page contains 27 frames:

Primary Page: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Frame ID: 6F797B5C8AC1ACB492CC78F29ABD1184
Requests: 172 HTTP requests in this frame

Frame: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Frame ID: D0A74759A5A478E4466A0DDAB7F4067A
Requests: 2 HTTP requests in this frame

Frame: https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
Frame ID: 69620A3499DBA14F0534C36D932BD98E
Requests: 13 HTTP requests in this frame

Frame: https://cdn.cohesionapps.com/cohesion/xs2.html
Frame ID: F71149B6EC8C715334CC61F12963C94F
Requests: 2 HTTP requests in this frame

Frame: https://b2b670beafe273e5e81b392c85999385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: FC4E769BBA0DAC352495950D4B26E887
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu62jTtyVPiNjwceh6v3rNoPcCz3M2weyg46YUENU_J77j6mTB-EQ9Zcr9hxZ-d2Wb5sML-PtGyUJj2rPUyPUHSL9qKX67M9NCqpP5GywPdjK_fKkcGtPq0gYAtwsCTfCXWJfBNOVfOgr-M6Il9-zHDEn9C9nUKuVIaGi0N14n8hfGrnopBssCxNultETfICCOwDOKUP-EP0AQ7p1L5Ofjp3xyJTN0JtbHv1GVP-rVAQXmogIBkpXfcbYtnaFI-arIf0pUc4YEidFInIdrmrLgckh8DFVdnXHATA7m_h1OAlDzhWUxdqjrGwUd4gjMU&sai=AMfl-YSnjSudmd-zUSVBETwr4PNkIdV_HryCddUDaSwscCsxiRhE5KB7qrLeQqU2eQzyDAQk4c0N_agOupvhNToCBwSd2UTFDRnL5Hf5cSDA6npKYNsub9e-rUcMCICoIG8&sig=Cg0ArKJSzMouhifN9xAPEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 455712B3E99712CB9BB9446EEABCA75A
Requests: 15 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuJDXhUFpSciqmwF1lWdFoDTi5O_CmaPGv6AbqRQ2Fzf53WRQ4oteS5HOdW2BvZ0q01bWYfOIL5Wj3b-8uAcKObdD522mObQSch-5RSCTV94TWpyvxo06mOT27Z2vbMZqDvhm4TK93lIcnrQdxnl0zTClDSImxPEQTGgTjd1iGrp83pMg0be8Q9CgEMsl1qi51CmhR_5N-pg5C7pGIcdvCZVF13kEt1i4_zOGPqzHVa_6_PJJ4Q510Gy9vX8sFnpNur4gX2fOJ3P652RvDBfUME_96Ksm6stUjkJi7RahcDwIB4RUPpF6cWB7zVi3zK&sai=AMfl-YQsINyNqj8jbsliEaPSCMviELj1Hmjk5sILMv2JEdHj6WEGlRT2BjfLS5gW4aauBtQ5CvotN4fbX00oGh0PzK6a9ia-b2t8YtgWgqzTxa78ON3a7qHcU2aA9ToD0s5Q&sig=Cg0ArKJSzNtThSZKnF1VEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: FBAEEF7E59A558C91C8583E780719F60
Requests: 14 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstc_lSCkNDc6ZRqrj_YbW4FYkFOtijHM8lnSu-7psHs1leH8UiIq1IbxWoaIdzbjI1G4IYwLysrqAylNSzhSYdcEMUTf_KuqADE1cfghaR2jEgLe4A7GU_PfBuWyLfA9RMXgranqFXic3X-nQ1VpW_ISZpFgULRQt8Z199nWa7zDC8uPFk62C4vqDiyfOjUWmuonYPb74NYueX1lIZxSBXjVDm04MrLpEDgsVdRVLy08VCRIU5mdoGI8lBXBdRBnGLLvivcPUvtcvl-fNqZoJPT1GOFXtGEeCsE_MXu93g4IyWJCxlscDJUdvXRJvER&sai=AMfl-YQNe94Ta7SuIy92fIM3XRjNcc7jaD__TzlFZu28xmd3UWgaEarHoPOc5yHyCb6w3TSs7YrLjrbf6R_lbEPzpTJSbWyNplPFg7g1ulxBPwdqiLbHWRuYkm6BQuxKwWQ&sig=Cg0ArKJSzMquGY7YE1VuEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: ACEFD0CCF4944E59B22035F98ABAF286
Requests: 14 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstZD9i85hUrzjMbeSG1wBqw_WDEJoa1PxB-IFQGqAgBu3SuTdxaOwzFrin6TdIw7NpnIBh9l95CIrPaGKNMZEZFcVzhU_CNeb2PixWv68gAs5loTRnTD9YtkYOH-SQ8SM9vWgrhP9h8IbEAolAV2G6RNs5OXxfyE5I8wigUFZL86qJR0cd4mPPHuNxYMnFz-jJ2nbAs4nr8eAX-p5uHXrZ8j5JKOYaH_tsS_0vsr1KEat1v2_4lA1pC4Mf7lSuiX7zEX088WMckqdUDcex2Osv5cjeuz9gwk8tLJ_NyVfSeq1EDdcu-7E83UYiUL4F7&sai=AMfl-YRWvL1Jswn7dH67wLvxcv3MpZtuzuUygT0dJlg2SiGc3hjECmBRcHSfmMgZNvmLvGjWKRt9R9hS2xlMWqreoJu2cgxr7A03rARcnmSGpW-8xA9RdeHVVosceCqO2bHb&sig=Cg0ArKJSzABF1x5isRMZEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: ECB4DC5BC133FC7D313507EEABC819D2
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 11AD7DFD2A3BF895BA6ED80306FA26C7
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 921C09796FA79B476D668FB9AFE1306D
Requests: 2 HTTP requests in this frame

Frame: https://79629e85a59a81721c4a1f064cda3390.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 9C81AE1054E8B984AEBEBC2E29DFDA0F
Requests: 1 HTTP requests in this frame

Frame: https://7edca1fca72b1154fd1f57ebf4ef6f99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: B595EDD23C4C3D45F6C87548B90DD5A1
Requests: 1 HTTP requests in this frame

Frame: https://a2522c8c84fc87b18861b23329d7437f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 21416A69101DEA51F049E936AC00D6C5
Requests: 1 HTTP requests in this frame

Frame: https://724d7a079cbae3d6b4fd0c83c80346c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 09327B7FB34E54F7E0FEE050DF83AD0E
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst066wyvwj4ZRLChTxCoYET8gGp4MhSu1jBjCwZdxXsLhG8986yCMdaETuN9RxJATGLq8XK7L3mpbi8c9J5rM3QGGxdVC67SdrnatBhYsjyblT1ZvEKurei_ufbrrVNuHBgxTEOV-jS5xiaqv2ZQa8OXWRdakVG3U_DMgST3mTVeVDUhSEpCgsgLKD1x1k-d6yvuT30pbNZXkpC4cVDI3qoAYf5fCrf4o9Ymza4cUKTyna7EavmYrsFussrQMZg9zyLU-kgpROhk1PYS8ntYNgXwpy9uskwkxf19VDuh579qrsGAVqTow&sig=Cg0ArKJSzPCrKawsOMY0EAE&uach_m=[UACH]&adurl=
Frame ID: 626D5B0DC80DEAE4C4C81160EF7C224D
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsug5MLpR0sK-ukvafol9BJ0sD3d3odRB0ZYIabUi2F5n_tLnKnqcKVeIXRQ4YyVWa1t6_JH2f1woCxLDCgV6pfvfkmat_aFtT9VLCMFUUid-igunWiXVmLyOGQ1XjLYYl-CFj5swSDC1TNxYjWOsIrpBvQrq9xuzUIklgG8PV2MfSWsViBP01THz-A4sLyIPEbchixUzQgwBsKndCz61X5Zlv1vz4_k8Fs-gkqVZr353Ary0eUISIhqNkUd1B1gLY4aZqbgBmgwKXcS9c7K4cMoA3tvJie5eaYyXbshiVWpgI1zAkzVYw&sig=Cg0ArKJSzC88_3k5sUaDEAE&uach_m=[UACH]&adurl=
Frame ID: 7ED7D379AD03E8726BC88485A498D8DF
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssgiXeiFyU7cDMLMAPrb8h4GTL-ELrfVm0Hhei9QkY-2JR393qUS-Y3qyRg0O7ivzCKfxHltka9_SXo5VpszkXbV2vkEaKS7ggEl3bjCTjDA5Z8WFjUjGf9G_mS5lV14DaAXfYeHGQkHSzm6fRiS3MWuPuGlfpprVts56dI9go3w-qVvBvv9sRipGWuAikWqqTbs0TbF1WqjXoY3JRIB3Es4CcrcZMrn7O_Tq4j4_QWQBwIi2cfrOZ9PP-PocAo5eR2um6P3wvTwCDNMqVKgWHU2-JEQJbk6YJsDofCJVkkmwa54VlJKw&sig=Cg0ArKJSzEsxmY-fkI5JEAE&uach_m=[UACH]&adurl=
Frame ID: 48D137360DE1A5A93C4BDA866E508D34
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu9ici-OJBMjviEFGD06zt5U4fifE0dL6p-ItxdMTJFhvMRAhjBrZ4AurBgXZ6GGNv8lfPHq03oghAa4yrD-WKAupRwiqxZbB2quQTp5WJquLEkbYMVZhVHygGOOnbtKo_wN0CC8U9g9xZpRDz2eJTVrOZ5OZAV_FiQGbf7ZO92fUjDDO8qxDs-F4KpyH041Gi-owIrNDq5cjikbUH9qvl_at4w-q2DLsz_cLOvf-uw-LNfpxTta_4hQe9R0eov8YyXXELYXoPCE5UawKS85NwwGhi5hoWwb6VkOovktz8tK9uScsvcuA&sig=Cg0ArKJSzMuqtQ_yPRHkEAE&uach_m=[UACH]&adurl=
Frame ID: 9803E3544D5B7E96F58E37F3A238D1AF
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 049041E149D886D60DFD90F33A597324
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C48B49C0CB329D1E63A72917F1D4B2CB
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 70F55772FDE8573A39406679DB18646C
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9346371CBD6BFE0386D9277FCB705FCB
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 7E8A61973857D8C09251EC405E541F47
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CD61806427451A8F81DABE32CE9DD808
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: BF8015B01104570AD1EE5C1770380B73
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F872F42186C4D6672D99DF42544F2182
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

This new phishing attack features a weaponized Excel file | ZDNet

Page Statistics

317
Requests

97 %
HTTPS

43 %
IPv6

39
Domains

56
Subdomains

50
IPs

5
Countries

4876 kB
Transfer

15180 kB
Size

41
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://open.spotify.com/embed/episode/447vSV1jxbZdJFGiNsvh6F HTTP 302
  • https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
Request Chain 143
  • https://unpkg.com/web-vitals/dist/web-vitals.iife.js HTTP 302
  • https://unpkg.com/web-vitals@2.1.2/dist/web-vitals.iife.js

317 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/ 		259 KB
98 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
46cd684b6576047de3563c2c63116fef4eda48db2ff9e801de325d75811e6010
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-type
text/html; charset=UTF-8
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
last-modified
Sat, 27 Nov 2021 11:27:27 GMT
link
<https://www.zdnet.com/a/fly/css/core/main-18d06c4f4a-rev.css>; rel="preload"; as="style"; nopush
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-tx-id
0014df17-e352-4ac8-8f68-50ab5d28301a
x-xss-protection
1; mode=block
date
Sat, 27 Nov 2021 11:27:27 GMT
via
1.1 varnish
cache-control
max-age=5400, private
expires
Sat, 27 Nov 2021 12:57:27 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
accept-ranges
bytes
vary
Accept-Encoding, User-Agent
content-length
99483
main-18d06c4f4a-rev.css
www.zdnet.com/a/fly/css/core/ 		318 KB
54 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/css/core/main-18d06c4f4a-rev.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
aca7d1a59ffc28087ff2e504cdeb2bd10fa3b1135cd6964c1c0b7d1690b5cf33
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
54520
x-xss-protection
1; mode=block
last-modified
Wed, 24 Nov 2021 18:22:39 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"77ea0fc9e4305e5aed98b11edb794a97"
strict-transport-security
max-age=31536000
content-type
text/css
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Dec 2021 18:24:16 GMT
inlineMedia_core.js
static.myfinance.com/widget/ 		184 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.myfinance.com/widget/inlineMedia_core.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
829c410a6b21a34e4127e1ae45f244189a83493c13712d9e5d98f1d2dc19c3f7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6877
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
PPE0TCCX8MS56HQ2
x-amz-id-2
ijmYvxrIQL9dPGG5er9wWMBSTgjdDuWZ1d9ZySmq5ugYeCB1xVv7t7sAfK1LYRkd3ima/wQsaYA=
last-modified
Tue, 16 Nov 2021 19:32:09 GMT
server
cloudflare
etag
W/"72763a8104cb9ae82dfbd403a0e82253"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WyJC5Yd7RBUfMhQeJbh8tvVquDvfgQBGu8NHlvR9Lv2C8aa%2Fi0BU5mV7vo3ZEWkX4UmHYqwIipYIrdTZ%2BiVw%2Fz5INb9Uzg3QXQadt74U2Yqy6tJiYoPFee3cG2hmz0pbWgpKUC6judmMA%2BU8FMt1aVPMzA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=14400
cf-ray
6b4b01e4f9856927-FRA
optanon-v1.1.0.js
www.zdnet.com/a/privacy/optanon/ 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/privacy/optanon/optanon-v1.1.0.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
10444
x-xss-protection
1; mode=block
last-modified
Thu, 04 Mar 2021 19:22:21 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"46e2aa30cbebb708b5fc468d57d56d8b"
strict-transport-security
max-age=31536000
content-language
en
via
1.1 varnish
cache-control
public, max-age=86400
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
content-type
application/javascript
expires
Thu, 18 Nov 2021 07:05:01 GMT
controls-9907033ccd-rev.css
www.zdnet.com/a/fly/css/video/htmlPlayerControls/ 		25 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/css/video/htmlPlayerControls/controls-9907033ccd-rev.css
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
7a9aa5ececdb05df914b3b0570b632620d5de5241ba6ad392b419930e5d7339e
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
4314
x-xss-protection
1; mode=block
last-modified
Wed, 24 Nov 2021 18:22:39 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"1011ad574498b9142eca19b78c8c7069"
strict-transport-security
max-age=31536000
content-type
text/css
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Dec 2021 18:24:17 GMT
inlineMedia.css
static.myfinance.com/widget/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.myfinance.com/widget/inlineMedia.css
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c50d5d10df377bd960648973b53891bfcaf48f457503eed023ad2c29f28e49b2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6472
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
RM9EMK8GHMB7NW7G
x-amz-id-2
rO4/tb/v63P6c/qJxa0JBYiRUj2pmFCIHFUoYyKlU+xVn/UKNLDsHpQEB0iQ2jT47cP+krHxRTQ=
last-modified
Mon, 12 Jul 2021 14:22:18 GMT
server
cloudflare
etag
W/"528a38ce39fc58a866c1226253bbb189"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cl0AKFU6Vx9HmBLi1lyBNrEwWsM0NvJCz5tUu%2BXlxzcTNxkgLhdHKnmysnb8ESa75QjS2Iz%2BZV%2Fy2Mw7OzjiWwj26qKi9li72d11iaoQobqfi1yJcyLInsin8kVMlsqckNu0JFvUS5u4KWOIxaRZ7CRTyA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
vary
Accept-Encoding
cache-control
max-age=14400
cf-ray
6b4b01e509886927-FRA
YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
c.go-mpulse.net/boomerang/ Frame D0A7 		205 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:6c00:1b8::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:27 GMT
Content-Encoding
br
Last-Modified
Thu, 14 Oct 2021 03:09:47 GMT
Server
Akamai Resource Optimizer
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800, s-maxage=604800
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
50393
truncated
/ 		31 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
liam-tung.jpg
www.zdnet.com/a/img/resize/5b224fc02a37f06a9e8d3f479d70ee0a088d8153/2014/07/22/b17789dd-1174-11e4-9732-00505685119a/ 		474 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/5b224fc02a37f06a9e8d3f479d70ee0a088d8153/2014/07/22/b17789dd-1174-11e4-9732-00505685119a/liam-tung.jpg?width=40&height=40&fit=crop&auto=webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
9f080854f9c827e28a9580fa8bdad0b0972d555ec3e1282b98712cb5cb5e9ec5
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
via
1.1 varnish
fastly-io-info
ifsz=10762 idim=350x250 ifmt=jpeg ofsz=474 odim=40x40 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation
1588631332891952
fastly-stats
io=1
content-length
474
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"eHxK9Rlm/qz8hIikm1KCxHkSDjqDP9sH/MkqdkTqQGI"
vary
Accept-Encoding, Accept
strict-transport-security
max-age=31536000
content-language
en
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
content-type
image/webp
expires
Tue, 16 Nov 2021 09:26:34 GMT
cybercrime-hackerforhire-group-uses-many-5f841dd147719e19b06ee91e-1-oct-13-2020-10-47-40-poster.jpg
www.zdnet.com/a/img/resize/4ff9b8ccec87cd13474b4af182673bb2aa54908c/2020/10/13/7e2bdf65-2565-4c8a-b8a8-aa598f940511/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/4ff9b8ccec87cd13474b4af182673bb2aa54908c/2020/10/13/7e2bdf65-2565-4c8a-b8a8-aa598f940511/cybercrime-hackerforhire-group-uses-many-5f841dd147719e19b06ee91e-1-oct-13-2020-10-47-40-poster.jpg?width=570&height=322&fit=crop&auto=webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
dcf19605ea7c52a1f66f1bb41f857a7f4215c2339d7801d7747abad2bf548208
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=20458 idim=960x540 ifmt=jpeg ofsz=5990 odim=570x322 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation
1602586123989313
fastly-stats
io=1
content-length
5990
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"OiA2p7u2Hj78qkUghT3vSeKtG8xVbjfaHIcLFWqThc0"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Tue, 16 Nov 2021 20:02:27 GMT
cybersecurity-lock-resized.jpg
www.zdnet.com/a/img/resize/b05bcf2dfce8fca541a3c09f410bfa25debb47bc/2020/10/27/db3c0325-2b86-435b-8efa-93828deb6b56/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/b05bcf2dfce8fca541a3c09f410bfa25debb47bc/2020/10/27/db3c0325-2b86-435b-8efa-93828deb6b56/cybersecurity-lock-resized.jpg?width=220&height=165&fit=bounds&auto=webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
0dd32795c388712b9e64473947ffd7c488f8795c4543b8255b261d37cae11fc5
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=204459 idim=1000x698 ifmt=jpeg ofsz=14174 odim=220x154 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation
1603803925430353
fastly-stats
io=1
content-length
14174
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"/oP4cgE6rY2KKwVptbEzTKHVANG7/VDit5HZz48eL74"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Tue, 16 Nov 2021 19:25:42 GMT
447vSV1jxbZdJFGiNsvh6F
open.spotify.com/embed-podcast/episode/ Frame 6962
Redirect Chain
  • https://open.spotify.com/embed/episode/447vSV1jxbZdJFGiNsvh6F
  • https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
38 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
af099e358ac26b455d43ac5534f7f9474d01710f59296b8e17f24ed0e2edda6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
spotify-request-id
d94c6299-f43a-42ad-b480-538dc5aee5a3
content-encoding
br
x-join-the-band
https://www.spotify.com/jobs/
sp-trace-id
0cb10508b03d23fd
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
server
envoy
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear

Redirect headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-type
text/html
location
https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
x-join-the-band
https://www.spotify.com/jobs/
sp-trace-id
8cb074384419431d
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
vary
Accept-Encoding
server
envoy
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear
require-2.1.2.js
www.zdnet.com/a/fly/js/libs/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/js/libs/require-2.1.2.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
6169
x-xss-protection
1; mode=block
last-modified
Mon, 22 Nov 2021 10:11:18 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"3345dfd23470c3ecbb5fba75e9cb6bad"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Nov 2021 18:20:58 GMT
mag-white01.png
www.zdnet.com/a/fly/1637778001-asset/bundles/zdnetcss/images/core/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/fly/1637778001-asset/bundles/zdnetcss/images/core/mag-white01.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/core/main-18d06c4f4a-rev.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/a/fly/css/core/main-18d06c4f4a-rev.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://*.zdnet.com:*
via
1.1 varnish
last-modified
Wed, 24 Nov 2021 18:22:43 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
date
Sat, 27 Nov 2021 11:27:27 GMT
vary
Accept-Encoding, Accept
content-type
image/png
cache-control
max-age=31536000
strict-transport-security
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
1265
x-xss-protection
1; mode=block
expires
Wed, 01 Dec 2021 18:24:29 GMT
ring-animated.svg
www.zdnet.com/a/fly/1637778001-asset/bundles/zdnetcss/images/video/ 		704 B
864 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/fly/1637778001-asset/bundles/zdnetcss/images/video/ring-animated.svg
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/video/htmlPlayerControls/controls-9907033ccd-rev.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
0025565f0cddfceb7ebdbc4b21d2552c894998e443153f97a6e8b353dfd9bebd
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/a/fly/css/video/htmlPlayerControls/controls-9907033ccd-rev.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
content-length
704
x-xss-protection
1; mode=block
last-modified
Wed, 24 Nov 2021 18:22:42 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"5f87ac7f571b5a0b1cdc101b49cdc8de"
strict-transport-security
max-age=31536000
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Dec 2021 18:24:18 GMT
logo.png
www.zdnet.com/a/fly/1637778001-asset/bundles/zdnetcss/images/core/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/fly/1637778001-asset/bundles/zdnetcss/images/core/logo.png
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/core/main-18d06c4f4a-rev.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/a/fly/css/core/main-18d06c4f4a-rev.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://*.zdnet.com:*
via
1.1 varnish
last-modified
Wed, 24 Nov 2021 18:22:43 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
date
Sat, 27 Nov 2021 11:27:27 GMT
vary
Accept-Encoding, Accept
content-type
image/png
cache-control
max-age=31536000
strict-transport-security
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
4105
x-xss-protection
1; mode=block
expires
Wed, 01 Dec 2021 18:23:25 GMT
Regular.woff2
www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/Regular.woff2
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Origin
https://www.zdnet.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
content-length
20256
x-xss-protection
1; mode=block
last-modified
Fri, 12 Nov 2021 15:35:30 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"2d636d9395b2da27ce67040250333ca4"
strict-transport-security
max-age=31536000
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Nov 2022 18:20:56 GMT
Semibold.woff2
www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/Semibold.woff2
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Origin
https://www.zdnet.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
content-length
20344
x-xss-protection
1; mode=block
last-modified
Fri, 12 Nov 2021 15:35:29 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"a96ff4477074c6395b7305d2d98fde8e"
strict-transport-security
max-age=31536000
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Nov 2022 18:20:56 GMT
record
a.myfidevs.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://a.myfidevs.io/record
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.156.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-199-156-235.compute-1.amazonaws.com
Software
Python/3.7 aiohttp/3.7.4.post0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-api-key
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
POST
access-control-allow-headers
*
server
Python/3.7 aiohttp/3.7.4.post0
v1.5
www.myfinance.com/api/au/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.myfinance.com/api/au/v1.5?imre=aHR0cHM6Ly93d3cuemRuZXQuY29tL2FydGljbGUvdGhpcy1wYXJ0aWN1bGFybHktZGFuZ2Vyb3VzLXBoaXNoaW5nLWF0dGFjay1mZWF0dXJlcy1hLXdlYXBvbml6ZWQtZXhjZWwtZmlsZS8=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-type
text/html; charset=utf-8
vary
Origin
access-control-allow-credentials
true
access-control-allow-origin
https://www.zdnet.com
access-control-allow-headers
x-requested-with, content-type, accept, origin, authorization, x-csrftoken, x-api-key, Access-Control-Allow-Origin
access-control-allow-methods
DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-max-age
86400
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NWLw3aDsk9CL9V1GAs7twqXrnWBjOiuChMG0YeDZWMBtX9JsSBiQFWlLVOZqRXkJqTkkF6hy%2FHzJk1nElo%2F%2B2Gr1edUuR5WdeR0bioI2rSdLPLF5gv10MIFYO4B1kJ7MpmOWwHxZqBAx4LYCdgcOAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15552000
x-content-type-options
nosniff
server
cloudflare
cf-ray
6b4b01e5cf3c4ab0-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
record
a.myfidevs.io/ 		0
166 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.myfidevs.io/record
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.156.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-199-156-235.compute-1.amazonaws.com
Software
Python/3.7 aiohttp/3.7.4.post0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-api-key
yuH27H1QId6afXAojow6Tafi7Vw9v1spaLD5Yznw
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Sat, 27 Nov 2021 11:27:28 GMT
access-control-allow-credentials
true
server
Python/3.7 aiohttp/3.7.4.post0
access-control-allow-headers
*
access-control-allow-methods
POST
v1.5
www.myfinance.com/api/au/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.myfinance.com/api/au/v1.5?imre=aHR0cHM6Ly93d3cuemRuZXQuY29tL2FydGljbGUvdGhpcy1wYXJ0aWN1bGFybHktZGFuZ2Vyb3VzLXBoaXNoaW5nLWF0dGFjay1mZWF0dXJlcy1hLXdlYXBvbml6ZWQtZXhjZWwtZmlsZS8=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:b431 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0f74413c98e4a8f6c6bee563c78f7a39b6c32005e20313512dfa672ceae6b3a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-type
application/json
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
allow
POST, GET
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ue7IBinbbWoIdahf16udREnypQyUIEDZTdsUQiEQ4iH36GZF9fKCgRQT8883jY4TX%2BYEr3N%2FKIl2Jnkpgl5k2H%2BRUx55vYk5YLbVYn19qF0RWzFUr0rSM37UcJtfAOSxTZiwEfNIRIpOIQnlfdRgrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en-us
access-control-allow-origin
https://www.zdnet.com
vary
Accept, Accept-Language, Origin, Cookie
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
6b4b01e688b64ab0-FRA
expires
Sat, 27 Nov 2021 11:27:28 GMT
main.default.js
www.zdnet.com/a/fly/f20691-fly/js/ 		223 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
7985d5ce5be24a80a61822dd20c9cb939daa6a64a0bd19e17b2461225e687bf6
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
71797
x-xss-protection
1; mode=block
last-modified
Wed, 24 Nov 2021 18:22:30 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"a6aaf309c2ba87beaabe7a12214d9521"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Dec 2021 18:24:19 GMT
config.json
c.go-mpulse.net/api/ Frame D0A7 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&d=www.zdnet.com&t=5460041&v=1.720.0&if=&sl=0&si=631363e8-7f17-40ad-81f2-5b367a08f2fb-r38ahr&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by
Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:6c00:1b8::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7fda344ed650daa7135e747a591c756120ae1df090ee7a0fc5be84f3a69e3eeb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:27 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
803
bidbarrel-zdnet-rv.min.js
at.adtech.redventures.io/lib/dist/prod/ 		607 KB
177 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://at.adtech.redventures.io/lib/dist/prod/bidbarrel-zdnet-rv.min.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6c0cd7b80611259d4ccce9165e8b5dd062aad43e3e3e19a404fe967c49795d03

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
via
1.1 e976f829f2d1c4787d42d0595ae7cf75.cloudfront.net (CloudFront), 1.1 varnish
age
558
x-cache
RefreshHit from cloudfront, HIT
content-encoding
gzip
content-length
180330
x-served-by
cache-fra19149-FRA
last-modified
Thu, 28 Oct 2021 17:15:17 GMT
server
AmazonS3
x-timer
S1638012448.668054,VS0,VE1
etag
"873be44731952ce6844f825d0be702dd"
vary
Accept-Encoding, Origin
content-type
application/javascript
cache-control
max-age=900, public, must-revalidate
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
x-amz-cf-id
KqiGzYXvkq-sZ9X2owtDoKbXylaqM_qrK3UwITN5loXw14XXiaO-AA==
x-cache-hits
1
urs.js
urs.zdnet.com/sdk/ 		50 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://urs.zdnet.com/sdk/urs.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.203.121 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
121.203.120.34.bc.googleusercontent.com
Software
/
Resource Hash
fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
via
1.1 google
last-modified
Tue, 12 Jan 2021 17:00:48 GMT
etag
"5ffdd5c0-c803"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
accept-ranges
bytes
alt-svc
clear
content-length
51203
mpulse-1.0.2.js
www.zdnet.com/a/fly/js/libs/ 		61 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/js/libs/mpulse-1.0.2.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
12449
x-xss-protection
1; mode=block
last-modified
Mon, 22 Nov 2021 10:11:18 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"03f37dbcdf50983b1fe5955ff1800ddf"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Nov 2021 05:39:10 GMT
config.json
c.go-mpulse.net/api/v2/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1638012447691&s=f5e9d370db3b65c20bd89d057dbfe340f8ff8c9b6eb935be3c204ee2fd203b44
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:6c00:1b8::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
d590d4c779594dce4f6791ca59d67e86fcbaf73773269bbb636cdd4519d33c07

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:27 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
879
diff
at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/diff?variant=core
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
cat,content-type,variant,version
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-type
text/html; charset=utf-8
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains
x-download-options
noopen
x-content-type-options
nosniff
x-xss-protection
1; mode=block
access-control-allow-origin
https://www.zdnet.com
access-control-allow-headers
*
allow
GET,HEAD
etag
W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
x-cloud-trace-context
e889e5c4254b46d6c1b8a035aa77aba7
server
Google Frontend
accept-ranges
bytes
date
Sat, 27 Nov 2021 11:27:27 GMT
via
1.1 varnish
x-served-by
cache-fra19155-FRA
x-cache
MISS
x-cache-hits
0
x-timer
S1638012448.751475,VS0,VE120
vary
Accept-Encoding, Origin
content-length
8
config.js
confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/ 		151 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/config.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
958d975aab813c9537d0eff13e69ca09e9007e1e199077b5ed638a218da335d1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:27 GMT
Content-Encoding
gzip
Age
2683
X-Cache
HIT
Connection
keep-alive
Content-Length
30549
x-amz-id-2
qRIZ5BzqfAS5cBk1IoFUoPDKhTaWaLcPHd5Dr/OLnjCTCivzDH5zuK8WBHU3MrG+UnYnazxmo2A=
X-Served-By
cache-fra19143-FRA
Last-Modified
Sat, 27 Nov 2021 10:24:50 GMT
Server
AmazonS3
X-Timer
S1638012448.739231,VS0,VE0
ETag
"72a1ace62e6b4efdca9b401d063c9b75"
x-amz-request-id
B49FEB798HDPAA9E
Via
1.1 varnish
Cache-Control
public, max-age=900, stale-while-revalidate=3600
Accept-Ranges
bytes
Content-Type
text/javascript
X-Cache-Hits
47
diff
at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/ 		25 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/diff?variant=core
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
5e152b85a299406269b1042ec40e9367fbcd39d148fcd41f8123daa77d38baa4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

cat
5zTciER5s
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
variant
core
version
rv2.25.6

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
age
194
x-dns-prefetch-control
off
x-cache
HIT
ttl
900s
content-length
2641
x-xss-protection
1; mode=block
x-served-by
cache-fra19155-FRA
access-control-allow-origin
*
server
Google Frontend
x-timer
S1638012448.878189,VS0,VE0
x-frame-options
SAMEORIGIN
date
Sat, 27 Nov 2021 11:27:27 GMT
x-download-options
noopen
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
via
1.1 varnish
x-cloud-trace-context
eb8e10cbf4f0e0e5fcd2e3c5f0dafc61
cache-control
max-age=900
etag
W/e7fb71ca085b706b3e28544f0f8f0d2ec48a5ada
accept-ranges
bytes
access-control-allow-headers
*
x-cache-hits
1
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		77 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
sffe /
Resource Hash
c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1056 / 57 of 1000 / last-modified: 1637708722"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26861
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 11:27:27 GMT
wrap.js
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/ 		189 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2c125e6a12e3dd1d1d1aec93292e90fb3c28f36646a954402702b1d9c25175b1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:27 GMT
Content-Encoding
gzip
Age
779
X-Cache
HIT
Connection
keep-alive
Content-Length
61293
x-amz-id-2
jzXf5usRbJR3PYvp69Big/B/XsVaN007aaf8DzTo4oE6Ozrfyzq3/rqhk6J2PTv5JM4jjOX3BWs=
X-Served-By
cache-fra19143-FRA
Last-Modified
Wed, 17 Nov 2021 21:29:49 GMT
Server
AmazonS3
X-Timer
S1638012448.764190,VS0,VE0
ETag
"cb7589d017ac65aecf6dc6f5ec17c4b7"
x-amz-request-id
KY5DB13GGJV0P5XQ
Via
1.1 varnish
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Content-Type
application/javascript; charset=utf-8
X-Cache-Hits
385
pubads_impl_2021111601.js
securepubads.g.doubleclick.net/gpt/ 		344 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
sffe /
Resource Hash
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118471
x-xss-protection
0
last-modified
Tue, 16 Nov 2021 09:34:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 11:27:27 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		217 B
153 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.zdnet.com
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
12717f96c61a500136a8564d666db9b960869a71dd3176a438b53fb08be5c7bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128
x-xss-protection
0
expires
Sat, 27 Nov 2021 11:27:27 GMT
CircularSpUIv3T-Bold.8d0a45cc.woff2
open.scdn.co/cdn/fonts/ Frame 6962 		71 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Bold.8d0a45cc.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda

Request headers

Referer
https://open.spotify.com/
Origin
https://open.spotify.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:27 GMT
Last-Modified
Thu, 28 Oct 2021 13:16:22 GMT
Age
2585143
ETag
"c147cc237b8b07e0a8875dfbbe857b29"
X-Served-By
cache-ord1730-ORD, cache-hhn11566-HHN
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
72840
X-Cache-Hits
1, 87513
spoticon_regular_2.d319d911.woff2
open.scdn.co/cdn/fonts/ Frame 6962 		56 KB
56 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/spoticon_regular_2.d319d911.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1

Request headers

Referer
https://open.spotify.com/
Origin
https://open.spotify.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:27 GMT
Last-Modified
Tue, 02 Nov 2021 15:32:22 GMT
Age
2001627
ETag
"3b7bbfac9ed3e75d426728e900579aa9"
X-Served-By
cache-ord1743-ORD, cache-hhn11534-HHN
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
56996
X-Cache-Hits
1, 47343
embed-podcast.3a62f418.css
open.scdn.co/cdn/build/embed-podcast/ Frame 6962 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/embed-podcast/embed-podcast.3a62f418.css
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
379b0b87a8d5f2d6ab3e2d641c6ac0ab7cbaf49ba1b83a8ab610c66879240263

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:27 GMT
Content-Encoding
gzip
Last-Modified
Wed, 27 Oct 2021 15:33:13 GMT
Age
2663369
ETag
"ebda2f52872f551dbbf912a25aeb0925"
X-Served-By
cache-ord1746-ORD, cache-hhn11528-HHN
X-Cache
HIT, HIT
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
1201
X-Cache-Hits
3, 234781
vendor~embed-podcast.ee521810.js
open.scdn.co/cdn/build/embed-podcast/ Frame 6962 		2 MB
355 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.ee521810.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
bc94b7f93e495e0a8e301e67156165dcc6b4f1f6323ff5b12a297db3a0e2ff3b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:27 GMT
Content-Encoding
gzip
Last-Modified
Sat, 27 Nov 2021 09:40:58 GMT
Age
6183
ETag
"678568b4d395e506a64ce20d94e875e3"
X-Served-By
cache-ord1733-ORD, cache-hhn11559-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
363469
X-Cache-Hits
1, 911
embed-podcast.4f33058d.js
open.scdn.co/cdn/build/embed-podcast/ Frame 6962 		823 KB
187 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/build/embed-podcast/embed-podcast.4f33058d.js
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ec3c7b4b9c3d41a68810f7c16bb6ee7ab3567d93867cefe3774da6d101d6d01f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:27 GMT
Content-Encoding
gzip
Last-Modified
Sat, 27 Nov 2021 09:40:58 GMT
Age
6184
ETag
"6393e3b9f6d51b012779b9f8a06ef400"
X-Served-By
cache-ord1737-ORD, cache-hhn11557-HHN
X-Cache
HIT, HIT
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
190718
X-Cache-Hits
1, 911
article-86184d81e5-rev.js
www.zdnet.com/a/fly/js/pages/ 		104 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/js/pages/article-86184d81e5-rev.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
364e9fa8e5ebd2723bceb6ad16241c713dbf20df34f4694041995de5b499eca3
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:27 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
27159
x-xss-protection
1; mode=block
last-modified
Mon, 22 Nov 2021 10:11:25 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"f9400dddd9df36d13ec7455e50015b28"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Nov 2021 18:20:55 GMT
moatheader.js
z.moatads.com/redventuresgamheader644747280705/ 		240 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5d44d3b24d8b2e108b687663364c97645d9975ff390dfbfe0d7ed1f22270a2c0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
gzip
last-modified
Tue, 23 Nov 2021 00:50:09 GMT
server
AmazonS3
x-amz-request-id
QWQTNKA9EDH1J42X
etag
"74a126c5ca44a1637421099dcdbf91a3"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=31292
accept-ranges
bytes
content-length
83685
x-amz-id-2
FwSR1Tw4J2DRG96ttncGfz3BBSvTzgAWHtGJPEAjRyvg/XxDzzlKcUSz6Lbbq4hCr8AmpQVcd9o=
ab67656300005f1fd9725a9a6e9d75a3693721f5
i.scdn.co/image/ Frame 6962 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.scdn.co/image/ab67656300005f1fd9725a9a6e9d75a3693721f5
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c6cc3bcc9535b59bf7e2c8cc47f9fc55b35627703e85cb423624ee0bf16ad82c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:28 GMT
Last-Modified
Fri, 21 May 2021 16:03:01 GMT
Age
428819
ETag
"5e8cd79c430899a519a31faa30b03781"
X-Served-By
cache-ord1738-ORD, cache-hhn11550-HHN
X-Cache
HIT, HIT
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
13680
X-Cache-Hits
1, 1
CircularSpUIv3T-Book.3466e0ec.woff2
open.scdn.co/cdn/fonts/ Frame 6962 		67 KB
68 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Book.3466e0ec.woff2
Requested by
Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47

Request headers

Referer
https://open.spotify.com/
Origin
https://open.spotify.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:27 GMT
Last-Modified
Wed, 08 Sep 2021 15:56:05 GMT
Age
6895036
ETag
"6ff898ba447ac00bc6e457d25bcb0be8"
X-Served-By
cache-ord1734-ORD, cache-hhn11534-HHN
X-Cache
HIT, HIT
Content-Type
application/octet-stream
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
68852
X-Cache-Hits
1, 67595
/
o22381.ingest.sentry.io/api/1409086/envelope/ Frame 6962 		2 B
245 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o22381.ingest.sentry.io/api/1409086/envelope/?sentry_key=80341f4271be4aec89050e48a0e4553e&sentry_version=7
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.ee521810.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://open.spotify.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://open.spotify.com
access-control-expose-headers
retry-after, x-sentry-rate-limits, x-sentry-error
x-envoy-upstream-service-time
0
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
clear
content-length
2
/
apresolve.spotify.com/ Frame 6962 		269 B
236 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apresolve.spotify.com/?type=dealer&type=spclient
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.ee521810.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:524d:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
753bfb4880ebb976f0cec98027a17bec4d8ba9e28f35778973188579d286ad9f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://open.spotify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
gzip
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=0
alt-svc
clear
content-length
108
via
1.1 google
v2
mb.moatads.com/yi/ 		271 B
445 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&callback=MoatNadoAllJsonpRequest_26122400
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.171.9.184 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-171-9-184.eu-west-2.compute.amazonaws.com
Software
TornadoServer/4.5.3 /
Resource Hash
23a77191f110150f3b2c8c531918fb92cd94d4de946d018a836c8cbde90c95fe

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
cache-control
max-age=900
server
TornadoServer/4.5.3
timing-allow-origin
*
etag
"1ee3a0ed3aea3424ca48e2b896104a3aaf91fad6"
content-length
271
content-type
text/html; charset=UTF-8
n.js
geo.moatads.com/ 		83 B
257 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=REDVENTURES_GAM_HEADER1&hp=1&wf=1&pxm=&sgs=3&vb=0&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1638012448218&de=169608996203&m=0&ar=7829d9c2dd3-clean&iw=49869aa&q=1&cb=0&cu=1638012448218&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&pe=1%3A978%3A978%3A0%3A929&jk=-1&jm=-1&fs=195814&na=1859943348&cs=0&ord=1638012448218&jv=578541381&callback=DOMlessLLDcallback_26122400
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.10.67.38 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-67-38.eu-west-2.compute.amazonaws.com
Software
TornadoServer/4.5.3 /
Resource Hash
8c55c6bedc6cd823a29600e157418c1c882e5c54fe1074f6c7fcbca0abcffdb5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
cache-control
max-age=900
server
TornadoServer/4.5.3
timing-allow-origin
*
etag
"d550835cc5e4c45fabb53de1111a8bd42baba104"
content-length
83
content-type
text/html; charset=UTF-8
n.js
geo.moatads.com/ 		86 B
258 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=REDVENTURES_GAM_HEADER1&hp=1&wf=1&pxm=&sgs=3&vb=0&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1638012448218&de=169608996203&m=0&ar=7829d9c2dd3-clean&iw=49869aa&q=2&cb=0&cu=1638012448218&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&pe=1%3A978%3A978%3A0%3A929&jk=-1&jm=-1&fs=195814&na=993421523&cs=0&callback=MoatDataJsonpRequest_26122400
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.10.67.38 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-10-67-38.eu-west-2.compute.amazonaws.com
Software
TornadoServer/4.5.3 /
Resource Hash
30a1bd75be4c17c12941fc45c29d63d97a0810c831df15dec2509b625104cb97

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
cache-control
max-age=900
server
TornadoServer/4.5.3
timing-allow-origin
*
etag
"463639cc197caee5bf25cd18af0fa00171a4b4e0"
content-length
86
content-type
text/html; charset=UTF-8
/
684dd32f.akstat.io/ 		0
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://684dd32f.akstat.io/?h.pg=article&when=1638012448207&cdim.Site_View=desktop&t_other=custom4%7C872&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=88ff7e3da4ccb2b6be2aeef43f13903b64647868-5f2eb70f-800602a4&h.t=1638012447718&http.initiator=api&rt.start=api&rt.si=6409daec-5faf-471e-b139-ebbe21206004&rt.ss=1638012448790&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 11:27:28 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Sat, 27 Nov 2021 11:27:28 GMT
get_access_token
open.spotify.com/ Frame 6962 		188 B
438 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://open.spotify.com/get_access_token?reason=transport&productType=embed_podcast
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.ee521810.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
daa166f9b5c8bb20a78778e8c1c2f32da877df3007a5b1d1972eebaaa9bca604
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

sp-trace-id
0e4347494f2c764b
date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
spotify-request-id
e6c525d8-ace3-4f81-aa48-3ed38de86a6a
vary
Accept-Encoding,Accept-Encoding
content-type
application/json; charset=utf-8
via
HTTP/2 edgeproxy, 1.1 google
strict-transport-security
max-age=31536000
alt-svc
clear
server
envoy
x-join-the-band
https://www.spotify.com/jobs/
events
gew1-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 6962 		13 B
139 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gew1-spclient.spotify.com/gabo-receiver-service/public/v3/events
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.ee521810.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:5ca:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://open.spotify.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type
application/json

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
server
envoy
access-control-allow-headers
Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
date
Sat, 27 Nov 2021 11:27:28 GMT
access-control-max-age
604800
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type
application/json
access-control-allow-origin
*
cache-control
private, max-age=0
access-control-allow-credentials
true
alt-svc
clear
content-length
39
via
HTTP/2 edgeproxy, 1.1 google
events
gew1-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gew1-spclient.spotify.com/gabo-receiver-service/public/v3/events
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:5ca:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://open.spotify.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
*
access-control-allow-headers
Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials
true
access-control-max-age
604800
content-length
0
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
date
Sat, 27 Nov 2021 11:27:28 GMT
server
envoy
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear
events
gew1-spclient.spotify.com/gabo-receiver-service/v3/ Frame 6962 		13 B
106 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gew1-spclient.spotify.com/gabo-receiver-service/v3/events
Requested by
Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.ee521810.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:5ca:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer
https://open.spotify.com/
Accept-Language
de-DE,de;q=0.9
authorization
Bearer BQBkiLfrROHR6UtlHbE8WyamW8B7pKKqYW_rgeZNlIUvYi_yf5MwL10Vn1_WRGHiPM0LJcAbdcjUCLBepns
content-type
application/json

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
server
envoy
access-control-allow-headers
Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
date
Sat, 27 Nov 2021 11:27:28 GMT
access-control-max-age
604800
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type
application/json
access-control-allow-origin
*
cache-control
private, max-age=0
access-control-allow-credentials
true
alt-svc
clear
content-length
39
via
HTTP/2 edgeproxy, 1.1 google
events
gew1-spclient.spotify.com/gabo-receiver-service/v3/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gew1-spclient.spotify.com/gabo-receiver-service/v3/events
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:1:5ca:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://open.spotify.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
*
access-control-allow-headers
Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials
true
access-control-max-age
604800
content-length
0
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
date
Sat, 27 Nov 2021 11:27:28 GMT
server
envoy
via
HTTP/2 edgeproxy, 1.1 google
alt-svc
clear
nr-spa-1212.min.js
js-agent.newrelic.com/ 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-spa-1212.min.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
wY72Ah.NJX5KzzqRFK3uhSo3Jh07tDe4
content-encoding
gzip
etag
"8bd93bf0ecb2f4e971a2055a41402bb6"
x-amz-request-id
VG6YBKXNYMJ05RRS
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
16636
x-amz-id-2
CN/OtP3A9z0ShcwSC84Dp2716OPSVqHtXjTa3tL4kDFfrY9FTweTMDz1ynWsKHz8NETzizCEpEw=
x-served-by
cache-fra19179-FRA
last-modified
Thu, 04 Nov 2021 21:16:16 GMT
server
AmazonS3
x-timer
S1638012448.383201,VS0,VE0
date
Sat, 27 Nov 2021 11:27:28 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
2369
/
www.zdnet.com/components/breaking-news/xhr/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/components/breaking-news/xhr/?slug=breaking-news-banner
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
04c0d7e60a8e4a9d4fb94099ced75d1d9029308b0344d9a44290e3bbfeea5d45
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-NewRelic-ID
VgEBVlJWCRAGXVRVDwMDUlc=
tracestate
78034@nr=0-1-2767451-695782612-4627d98239b6bd40----1638012448389
traceparent
00-1f8061f65194592b60c1deb39671fb70-4627d98239b6bd40-01
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
newrelic
eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI3Njc0NTEiLCJhcCI6IjY5NTc4MjYxMiIsImlkIjoiNDYyN2Q5ODIzOWI2YmQ0MCIsInRyIjoiMWY4MDYxZjY1MTk0NTkyYjYwYzFkZWIzOTY3MWZiNzAiLCJ0aSI6MTYzODAxMjQ0ODM4OSwidGsiOiI3ODAzNCJ9fQ==
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
X-Requested-With
XMLHttpRequest

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sat, 27 Nov 2021 10:44:40 GMT
vary
Accept-Encoding, User-Agent
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
x-newrelic-app-data
PxQFVlBUDAYBR1dbAgYPVFAFBRFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFtcXRQODFJfQzkGQ1NSCQ8NBW8MXRVLGhgCHVUJUQFRH1JKBgRTU1MUHgFIQwEACFZUU1ADBFACVlYFBwxAFF5VXkAAZA==
x-frame-options
SAMEORIGIN
date
Sat, 27 Nov 2021 11:27:28 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
680d065d-3478-4a7a-8177-c3d781e23f74
content-type
application/json
via
1.1 varnish
cache-control
max-age=5400, private
accept-ranges
bytes
expires
Sat, 27 Nov 2021 12:14:40 GMT
track-cwv-72dfb3ae38-rev.js
www.zdnet.com/a/fly/js/components/ 		239 B
335 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/js/components/track-cwv-72dfb3ae38-rev.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
9b7909cb9edd007095b41a13617b66208e4210fff9c5e411a7db116efefc8e71
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
199
x-xss-protection
1; mode=block
last-modified
Wed, 24 Nov 2021 18:22:43 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"abc110bf9cfcef4ef9258a0e97109c3d"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 02 Dec 2021 06:24:17 GMT
zdnet-video-ea6f24fc09-rev.js
www.zdnet.com/a/fly/js/components/ 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/js/components/zdnet-video-ea6f24fc09-rev.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
53bd7793655d078b47da2e0dd784bb15c68ca2b79e0d242ef4f41c5dfa87b0a7
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
9744
x-xss-protection
1; mode=block
last-modified
Mon, 22 Nov 2021 10:11:24 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"82e8241da31ef0c9bca0cdc3c2aae5ea"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Nov 2021 18:21:10 GMT
disqus-loader-891338aca1-rev.js
www.zdnet.com/a/fly/js/components/ 		1 KB
902 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/js/components/disqus-loader-891338aca1-rev.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
bb852945d8e9ae2dddadccfbce542830d5e86adf940a29239fa2742d6e79e2fb
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
685
x-xss-protection
1; mode=block
last-modified
Mon, 22 Nov 2021 10:11:25 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"6d7b6df2d13d78b5a3112ab2a52eab9c"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Nov 2021 18:20:56 GMT
front-door-carousel-dcdcc78ebc-rev.js
www.zdnet.com/a/fly/js/components/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/js/components/front-door-carousel-dcdcc78ebc-rev.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
0f23aaa9d0fec5942a9907b88ad801ff3eff3abede69bf286d869061201c67fe
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
1651
x-xss-protection
1; mode=block
last-modified
Mon, 22 Nov 2021 10:11:25 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"b7d4a8f2cfb4a354ee8023e103659757"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Nov 2021 18:20:56 GMT
cybersecurity.jpg
www.zdnet.com/a/img/resize/c882e3dae9cffb6300b6e8fba62cf136f477f3b4/2021/09/07/8e143c77-2bf4-49c4-9a31-9150db49a328/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/c882e3dae9cffb6300b6e8fba62cf136f477f3b4/2021/09/07/8e143c77-2bf4-49c4-9a31-9150db49a328/cybersecurity.jpg?width=170&height=128&fit=crop&auto=webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
af0cb5d1db950d9012fea87ca84c3d45515c6720c16668f9f1e0758526683d30
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=773296 idim=1600x1069 ifmt=jpeg ofsz=5266 odim=170x128 ofmt=webp
fastly-stats
io=1
content-length
5266
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"g/aRp7XkfZJ64Urm7jr+UqZmVL/+xTgrrZz6h5Mgdt4"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Fri, 26 Nov 2021 20:35:55 GMT
ecommerce-mobile-payments-online-shopping-generic-button.jpg
www.zdnet.com/a/img/resize/d24410d70b9a64e5321866420585b41371b3f65d/2021/11/02/1ef2e335-5093-4b9a-a788-c4ad85651f87/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/d24410d70b9a64e5321866420585b41371b3f65d/2021/11/02/1ef2e335-5093-4b9a-a788-c4ad85651f87/ecommerce-mobile-payments-online-shopping-generic-button.jpg?width=170&height=128&fit=crop&auto=webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
aa8705571f72656693e770b3e04c7fbf0ac0283985e42300bf88635c90914fa1
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=53307 idim=910x600 ifmt=jpeg ofsz=3780 odim=170x128 ofmt=webp
fastly-stats
io=1
content-length
3780
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"txAwY7zkqlWtKIUULZMumksGkGcncqhyXKr/h22Nv2I"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Sun, 21 Nov 2021 01:15:21 GMT
shutterstock-1714665730.jpg
www.zdnet.com/a/img/resize/4e42af17e1d97878bd81f725cfd0f9d23f89948f/2021/08/12/ad9b1957-6f9b-42ee-9a6f-32b70f3481c1/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/4e42af17e1d97878bd81f725cfd0f9d23f89948f/2021/08/12/ad9b1957-6f9b-42ee-9a6f-32b70f3481c1/shutterstock-1714665730.jpg?width=170&height=128&fit=crop&auto=webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
7fda7e840870d183ad5e5f21d29b59d7b4fd743ba587f61673b44734e685bbe4
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=1282608 idim=6502x4335 ifmt=jpeg ofsz=4750 odim=170x128 ofmt=webp
fastly-stats
io=1
content-length
4750
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"l98SXh+Ctrpsxw+qkr68oTy/uAELt9II4PCHAlHKj9Y"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Fri, 26 Nov 2021 13:04:14 GMT
shutterstock-1692847237.jpg
www.zdnet.com/a/img/resize/83c5b2bf8c07bea1a81cca0debc67512e51aba12/2021/10/20/198f613b-750c-4aef-bb40-ac9098fb74d4/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/83c5b2bf8c07bea1a81cca0debc67512e51aba12/2021/10/20/198f613b-750c-4aef-bb40-ac9098fb74d4/shutterstock-1692847237.jpg?width=170&height=128&fit=crop&auto=webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
a5edc98e141f5362307173b1a977d00f225b9791304669f2a96569bc60ee85d5
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=11061685 idim=4800x3200 ifmt=jpeg ofsz=5198 odim=170x128 ofmt=webp
fastly-stats
io=1
content-length
5198
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"efu/l6151pAYJa526qkv68Gie5mFXs1ETXiJP7qL/2k"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Thu, 18 Nov 2021 13:14:54 GMT
shutterstock-2032695119.jpg
www.zdnet.com/a/img/resize/9426d190c2bf1e514fda75aed51c9bc3f306c3ab/2021/10/15/3eab866d-2d38-4d61-a69c-c255bd7bd477/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/9426d190c2bf1e514fda75aed51c9bc3f306c3ab/2021/10/15/3eab866d-2d38-4d61-a69c-c255bd7bd477/shutterstock-2032695119.jpg?width=170&height=128&fit=crop&auto=webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
b76efb6be235efeb5a082cf206c18fb1761abae1fe72bb2c19907238fd548156
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=19686151 idim=7952x5304 ifmt=jpeg ofsz=4626 odim=170x128 ofmt=webp
fastly-stats
io=1
content-length
4626
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"qRkwxThDTi+J3RhiJrFtU7ch87FFIVuSx/VHughRXd0"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Tue, 16 Nov 2021 19:22:00 GMT
istock-checking-emails-at-home.jpg
www.zdnet.com/a/img/resize/8928a5c1006955a814df7589d2d69088e8851116/2021/02/11/3bcbc4df-85c1-4532-8a72-2923564acbcd/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/8928a5c1006955a814df7589d2d69088e8851116/2021/02/11/3bcbc4df-85c1-4532-8a72-2923564acbcd/istock-checking-emails-at-home.jpg?width=170&height=128&fit=crop&auto=webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
dcd92d0f51b8261f854f0ce71a4e30f595a1624ad305b8b53c015a336bd01163
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=283929 idim=2106x1424 ifmt=jpeg ofsz=6816 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation
1613044375035524
fastly-stats
io=1
content-length
6816
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"PXsRkqGc5FgD1nv2HGs6h4KDx+gcWhE3Rx2MheOYzlw"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Thu, 25 Nov 2021 16:31:53 GMT
istock-12175457731.jpg
www.zdnet.com/a/img/resize/3bb54ad91cf5be1c134e44ac2f2e0c73bdf97cac/2020/05/05/bd65d396-70e6-4b67-85fc-8378ef2c3196/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/3bb54ad91cf5be1c134e44ac2f2e0c73bdf97cac/2020/05/05/bd65d396-70e6-4b67-85fc-8378ef2c3196/istock-12175457731.jpg?width=170&height=128&fit=crop&auto=webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
31c4362d412b46e13bc6302f74c446397831f498a8dd4962bd1937488030de7c
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=54504 idim=770x513 ifmt=jpeg ofsz=4320 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation
1599085513549492
fastly-stats
io=1
content-length
4320
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"cY0WYpJ1ynkUJpLNt7jZTq8qqudJe5LGUm4LF+TQ5jw"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Thu, 25 Nov 2021 14:01:01 GMT
phoneusersistock-999231414.jpg
www.zdnet.com/a/img/resize/38767ebb2eb9bd4f7dcb549c3d5e9626443d7ef2/2019/06/07/f142837c-e7ea-4d13-99ce-4de874134519/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/38767ebb2eb9bd4f7dcb549c3d5e9626443d7ef2/2019/06/07/f142837c-e7ea-4d13-99ce-4de874134519/phoneusersistock-999231414.jpg?width=170&height=128&fit=crop&auto=webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
f945439dc314e5fa33b1d02f0654f9f480d68ad29d873f23f2b7af21445b7b0e
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
fastly-io-info
ifsz=115758 idim=1254x836 ifmt=jpeg ofsz=6034 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation
1588638027977836
fastly-stats
io=1
content-length
6034
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"ZwuLBBrvX8MRm6AtZ13nuCUKdIszC01SPhYrIjUY9vE"
vary
Accept-Encoding, Accept
strict-transport-security
max-age=31536000
content-language
en
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
content-type
image/webp
expires
Thu, 25 Nov 2021 12:13:49 GMT
computer-server-wires-stack-stock-xsm.jpeg
www.zdnet.com/a/img/resize/85a579469cd765b5f16ac7f657eb9033a78f9db0/2013/11/13/954dca36-4c63-11e3-90a0-0291187ef9b6/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/85a579469cd765b5f16ac7f657eb9033a78f9db0/2013/11/13/954dca36-4c63-11e3-90a0-0291187ef9b6/computer-server-wires-stack-stock-xsm.jpeg?width=170&height=128&fit=crop&auto=webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
b3d69894c12091c01b6e7bdefaccf1087bd9dce20afd4492bc1a87ae3716626b
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
fastly-io-info
ifsz=160780 idim=380x253 ifmt=jpeg ofsz=10820 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation
1588631175421908
fastly-stats
io=1
content-length
10820
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"4MCyPGCDzWi5S5qxlJpc6wRlNJbsYaXzWIJ6xhrPXQE"
vary
Accept-Encoding, Accept
strict-transport-security
max-age=31536000
content-language
en
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
content-type
image/webp
expires
Wed, 24 Nov 2021 17:05:59 GMT
/
www.zdnet.com/newsletter/xhr/widget-login/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
948c658c52c733559e7f2123254e91c0cea490bd4bffc8dc1068339ad412219f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

X-NewRelic-ID
VgEBVlJWCRAGXVRVDwMDUlc=
tracestate
78034@nr=0-1-2767451-695782612-8bbe2473f59535c9----1638012448401
traceparent
00-e982ba61ac7929f4507528ec03308400-8bbe2473f59535c9-01
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
newrelic
eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI3Njc0NTEiLCJhcCI6IjY5NTc4MjYxMiIsImlkIjoiOGJiZTI0NzNmNTk1MzVjOSIsInRyIjoiZTk4MmJhNjFhYzc5MjlmNDUwNzUyOGVjMDMzMDg0MDAiLCJ0aSI6MTYzODAxMjQ0ODQwMSwidGsiOiI3ODAzNCJ9fQ==
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
X-Requested-With
XMLHttpRequest

Response headers

content-security-policy
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding
gzip
x-content-type-options
nosniff
vary
Accept-Encoding, User-Agent
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
x-newrelic-app-data
PxQFVlBUDAYBR1dbAgYPVFAFBRFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFZWRxcNB0NFUhQ7Rl9XBQMXPUMKVxVnVFtVWgsbTQFPA1JUBgdNVk0IBwFXVU4aABtEUVNVClsCBlsFV1kDWwkFBxFJXwBdElY/
x-frame-options
SAMEORIGIN
date
Sat, 27 Nov 2021 11:27:28 GMT
expect-ct
max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-tx-id
8ad1611d-d0da-498c-81ad-0991aa35482d
content-type
application/json
via
1.1 varnish
cache-control
max-age=0, must-revalidate, private
accept-ranges
bytes
expires
Sat, 27 Nov 2021 11:27:28 GMT
cybersecurity.jpg
www.zdnet.com/a/img/resize/c882e3dae9cffb6300b6e8fba62cf136f477f3b4/2021/09/07/8e143c77-2bf4-49c4-9a31-9150db49a328/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/c882e3dae9cffb6300b6e8fba62cf136f477f3b4/2021/09/07/8e143c77-2bf4-49c4-9a31-9150db49a328/cybersecurity.jpg?width=170&height=128&fit=crop&auto=webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
af0cb5d1db950d9012fea87ca84c3d45515c6720c16668f9f1e0758526683d30
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=773296 idim=1600x1069 ifmt=jpeg ofsz=5266 odim=170x128 ofmt=webp
fastly-stats
io=1
content-length
5266
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"g/aRp7XkfZJ64Urm7jr+UqZmVL/+xTgrrZz6h5Mgdt4"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Fri, 26 Nov 2021 20:35:55 GMT
NRBR-a22c617a7b2aab2da1c
bam-cell.nr-data.net/1/ 		49 B
715 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/1/NRBR-a22c617a7b2aab2da1c?a=695782443&v=1212.e95d35c&to=NgYBNkBYWEEEAURQWg9MIgFGUFlcSgNCTVwCDwY9QVBYVQkH&rst=1863&ck=1&ref=https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/&ap=577&be=894&fe=1774&dc=929&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1638012446591,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:16,%22c%22:16,%22s%22:17,%22ce%22:31,%22rq%22:31,%22rp%22:868,%22rpe%22:879,%22dl%22:871,%22di%22:929,%22ds%22:929,%22de%22:929,%22dc%22:1773,%22l%22:1773,%22le%22:1782%7D,%22navigation%22:%7B%7D%7D&fp=977&fcp=977&at=GkEWQAhCSx5HAxIDThwe&jsonp=NREUM.setToken
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:28 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
access-control-allow-credentials
true
CF-Ray
6b4b01eb0a115cb0-FRA
shutterstock-1692847237.jpg
www.zdnet.com/a/img/resize/83c5b2bf8c07bea1a81cca0debc67512e51aba12/2021/10/20/198f613b-750c-4aef-bb40-ac9098fb74d4/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/83c5b2bf8c07bea1a81cca0debc67512e51aba12/2021/10/20/198f613b-750c-4aef-bb40-ac9098fb74d4/shutterstock-1692847237.jpg?width=170&height=128&fit=crop&auto=webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
a5edc98e141f5362307173b1a977d00f225b9791304669f2a96569bc60ee85d5
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=11061685 idim=4800x3200 ifmt=jpeg ofsz=5198 odim=170x128 ofmt=webp
fastly-stats
io=1
content-length
5198
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"efu/l6151pAYJa526qkv68Gie5mFXs1ETXiJP7qL/2k"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Thu, 18 Nov 2021 13:14:54 GMT
ecommerce-mobile-payments-online-shopping-generic-button.jpg
www.zdnet.com/a/img/resize/d24410d70b9a64e5321866420585b41371b3f65d/2021/11/02/1ef2e335-5093-4b9a-a788-c4ad85651f87/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/d24410d70b9a64e5321866420585b41371b3f65d/2021/11/02/1ef2e335-5093-4b9a-a788-c4ad85651f87/ecommerce-mobile-payments-online-shopping-generic-button.jpg?width=170&height=128&fit=crop&auto=webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
aa8705571f72656693e770b3e04c7fbf0ac0283985e42300bf88635c90914fa1
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=53307 idim=910x600 ifmt=jpeg ofsz=3780 odim=170x128 ofmt=webp
fastly-stats
io=1
content-length
3780
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"txAwY7zkqlWtKIUULZMumksGkGcncqhyXKr/h22Nv2I"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Sun, 21 Nov 2021 01:15:21 GMT
shutterstock-2032695119.jpg
www.zdnet.com/a/img/resize/9426d190c2bf1e514fda75aed51c9bc3f306c3ab/2021/10/15/3eab866d-2d38-4d61-a69c-c255bd7bd477/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/9426d190c2bf1e514fda75aed51c9bc3f306c3ab/2021/10/15/3eab866d-2d38-4d61-a69c-c255bd7bd477/shutterstock-2032695119.jpg?width=170&height=128&fit=crop&auto=webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
b76efb6be235efeb5a082cf206c18fb1761abae1fe72bb2c19907238fd548156
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=19686151 idim=7952x5304 ifmt=jpeg ofsz=4626 odim=170x128 ofmt=webp
fastly-stats
io=1
content-length
4626
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"qRkwxThDTi+J3RhiJrFtU7ch87FFIVuSx/VHughRXd0"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Tue, 16 Nov 2021 19:22:00 GMT
istock-12175457731.jpg
www.zdnet.com/a/img/resize/3bb54ad91cf5be1c134e44ac2f2e0c73bdf97cac/2020/05/05/bd65d396-70e6-4b67-85fc-8378ef2c3196/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/3bb54ad91cf5be1c134e44ac2f2e0c73bdf97cac/2020/05/05/bd65d396-70e6-4b67-85fc-8378ef2c3196/istock-12175457731.jpg?width=170&height=128&fit=crop&auto=webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
31c4362d412b46e13bc6302f74c446397831f498a8dd4962bd1937488030de7c
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=54504 idim=770x513 ifmt=jpeg ofsz=4320 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation
1599085513549492
fastly-stats
io=1
content-length
4320
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"cY0WYpJ1ynkUJpLNt7jZTq8qqudJe5LGUm4LF+TQ5jw"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Thu, 25 Nov 2021 14:01:01 GMT
shutterstock-1714665730.jpg
www.zdnet.com/a/img/resize/4e42af17e1d97878bd81f725cfd0f9d23f89948f/2021/08/12/ad9b1957-6f9b-42ee-9a6f-32b70f3481c1/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/4e42af17e1d97878bd81f725cfd0f9d23f89948f/2021/08/12/ad9b1957-6f9b-42ee-9a6f-32b70f3481c1/shutterstock-1714665730.jpg?width=170&height=128&fit=crop&auto=webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
7fda7e840870d183ad5e5f21d29b59d7b4fd743ba587f61673b44734e685bbe4
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=1282608 idim=6502x4335 ifmt=jpeg ofsz=4750 odim=170x128 ofmt=webp
fastly-stats
io=1
content-length
4750
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"l98SXh+Ctrpsxw+qkr68oTy/uAELt9II4PCHAlHKj9Y"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Fri, 26 Nov 2021 13:04:14 GMT
istock-checking-emails-at-home.jpg
www.zdnet.com/a/img/resize/8928a5c1006955a814df7589d2d69088e8851116/2021/02/11/3bcbc4df-85c1-4532-8a72-2923564acbcd/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/8928a5c1006955a814df7589d2d69088e8851116/2021/02/11/3bcbc4df-85c1-4532-8a72-2923564acbcd/istock-checking-emails-at-home.jpg?width=170&height=128&fit=crop&auto=webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
dcd92d0f51b8261f854f0ce71a4e30f595a1624ad305b8b53c015a336bd01163
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
fastly-io-info
ifsz=283929 idim=2106x1424 ifmt=jpeg ofsz=6816 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation
1613044375035524
fastly-stats
io=1
content-length
6816
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"PXsRkqGc5FgD1nv2HGs6h4KDx+gcWhE3Rx2MheOYzlw"
strict-transport-security
max-age=31536000
content-type
image/webp
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Thu, 25 Nov 2021 16:31:53 GMT
phoneusersistock-999231414.jpg
www.zdnet.com/a/img/resize/38767ebb2eb9bd4f7dcb549c3d5e9626443d7ef2/2019/06/07/f142837c-e7ea-4d13-99ce-4de874134519/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/38767ebb2eb9bd4f7dcb549c3d5e9626443d7ef2/2019/06/07/f142837c-e7ea-4d13-99ce-4de874134519/phoneusersistock-999231414.jpg?width=170&height=128&fit=crop&auto=webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
f945439dc314e5fa33b1d02f0654f9f480d68ad29d873f23f2b7af21445b7b0e
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
fastly-io-info
ifsz=115758 idim=1254x836 ifmt=jpeg ofsz=6034 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation
1588638027977836
fastly-stats
io=1
content-length
6034
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"ZwuLBBrvX8MRm6AtZ13nuCUKdIszC01SPhYrIjUY9vE"
vary
Accept-Encoding, Accept
strict-transport-security
max-age=31536000
content-language
en
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
content-type
image/webp
expires
Thu, 25 Nov 2021 12:13:49 GMT
computer-server-wires-stack-stock-xsm.jpeg
www.zdnet.com/a/img/resize/85a579469cd765b5f16ac7f657eb9033a78f9db0/2013/11/13/954dca36-4c63-11e3-90a0-0291187ef9b6/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zdnet.com/a/img/resize/85a579469cd765b5f16ac7f657eb9033a78f9db0/2013/11/13/954dca36-4c63-11e3-90a0-0291187ef9b6/computer-server-wires-stack-stock-xsm.jpeg?width=170&height=128&fit=crop&auto=webp
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/f20691-fly/js/main.default.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
b3d69894c12091c01b6e7bdefaccf1087bd9dce20afd4492bc1a87ae3716626b
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 varnish
fastly-io-info
ifsz=160780 idim=380x253 ifmt=jpeg ofsz=10820 odim=170x128 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation
1588631175421908
fastly-stats
io=1
content-length
10820
x-xss-protection
1; mode=block
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"4MCyPGCDzWi5S5qxlJpc6wRlNJbsYaXzWIJ6xhrPXQE"
vary
Accept-Encoding, Accept
strict-transport-security
max-age=31536000
content-language
en
cache-control
max-age=31536000
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
content-type
image/webp
expires
Wed, 24 Nov 2021 17:05:59 GMT
core-web-vitals-16efe3ae21-rev.js
www.zdnet.com/a/fly/js/managers/ 		545 B
624 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/js/managers/core-web-vitals-16efe3ae21-rev.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
82f947d14a0a198dfe3cec2fde7896f6e332eb798cc193dad8da9ed2225277cd
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
366
x-xss-protection
1; mode=block
last-modified
Mon, 22 Nov 2021 10:11:25 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"e729958cde8ae774fc8a24db8fdb8165"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Nov 2021 18:20:56 GMT
video-58056d34a8-rev.js
www.zdnet.com/a/fly/js/translations/ 		704 B
588 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/js/translations/video-58056d34a8-rev.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
de3450b75712ff6900adf144159d25698de8adc14989f342a6b67be749b78760
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
452
x-xss-protection
1; mode=block
last-modified
Mon, 22 Nov 2021 10:11:26 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"3ba921934828591397c7d5545062d75e"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Nov 2021 18:21:07 GMT
video-player.js
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/ 		933 KB
248 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/video-player.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
f97926aa27fe2056e80467cdfe9c6bbbc8e628e28467f1bb7c5a4a36a4bfadf4
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
253770
x-xss-protection
1; mode=block
last-modified
Wed, 18 Aug 2021 20:22:22 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"5c5fa9a5d2e282f0d520cd290ff4328d"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Tue, 23 Nov 2021 18:18:56 GMT
waypoints.inview.js
www.zdnet.com/a/fly/js/libs/jquery/ 		3 KB
919 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/js/libs/jquery/waypoints.inview.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
6965b96e7b7a71a5f93c220862b5ac3397c5c81352ad6b6e47b46a27fb93b4b0
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
829
x-xss-protection
1; mode=block
last-modified
Mon, 22 Nov 2021 10:11:18 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"116a2817a3efd12df0e719fea1508077"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Nov 2021 18:20:56 GMT
show-hide-1.0-51cea9ac43-rev.js
www.zdnet.com/a/fly/js/components/ 		2 KB
784 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/js/components/show-hide-1.0-51cea9ac43-rev.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
cd715c0fa7d69e85432e8b08d0a02b9613edf40212cca2040bde31670167638e
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
671
x-xss-protection
1; mode=block
last-modified
Mon, 22 Nov 2021 10:11:24 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"bfa97b27f2fe7c5241521d1ef01e1d42"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Nov 2021 06:05:42 GMT
NRBR-a22c617a7b2aab2da1c
bam-cell.nr-data.net/events/1/ 		24 B
501 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/events/1/NRBR-a22c617a7b2aab2da1c?a=695782443&v=1212.e95d35c&to=NgYBNkBYWEEEAURQWg9MIgFGUFlcSgNCTVwCDwY9QVBYVQkH&rst=2052&ck=1&ref=https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type
text/plain

Response headers

Date
Sat, 27 Nov 2021 11:27:28 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
access-control-allow-credentials
true
Connection
keep-alive
CF-Ray
6b4b01ec0d1c5cb0-FRA
Content-Length
24
cohesion-latest.min.js
cdn.cohesionapps.com/cohesion/ 		77 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cohesionapps.com/cohesion/cohesion-latest.min.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-18.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
15fc6da0c56525b38a69504e4d5e73d1126290aff814150c4468d303a73bc727

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
etag
W/"237f1a86ca36f84a0eb06096a5a162f7"
last-modified
Thu, 18 Nov 2021 13:26:43 GMT
server
AmazonS3
age
79238
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 3dd91613764eafe7ad199013ce202443.cloudfront.net (CloudFront)
date
Fri, 26 Nov 2021 13:26:55 GMT
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
94R1gJIEbhX3_IEnOg0reprxaE1xnuqeX3p15krMSvD5RMLB9AiXTQ==
t
ingest.make.rvapps.io/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-length
0
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
900
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
t
ingest.make.rvapps.io/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-length
0
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
900
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
t
ingest.make.rvapps.io/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-length
0
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
900
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
t
ingest.make.rvapps.io/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-length
0
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
900
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
t
ingest.make.rvapps.io/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-length
0
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
900
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
t
ingest.make.rvapps.io/v2/ 		137 B
270 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash
6a3d2bb2b37e7dd9990f5ac6c300bf2c71278c9a42f95137158e4d8e70574939

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
Authorization
Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type
application/json;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
access-control-allow-credentials
true
content-length
137
vary
Origin
content-type
application/json
t
ingest.make.rvapps.io/v2/ 		138 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash
5b3ec42f4a9eef10a6313d4fed71a445f1d0f344eae4999152d9b4e27c45d457

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
Authorization
Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type
application/json;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
access-control-allow-credentials
true
content-length
138
vary
Origin
content-type
application/json
t
ingest.make.rvapps.io/v2/ 		138 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash
8d34b11e18e64ab71c49bd12e47e4b8b9b223b3d4d31b7feebcb4398f54bb533

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
Authorization
Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type
application/json;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
access-control-allow-credentials
true
content-length
138
vary
Origin
content-type
application/json
t
ingest.make.rvapps.io/v2/ 		138 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash
1da32e4b38213e106c7acdcf36f3bf1f25bae6d81dfd031c691d371f10ca4cdd

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
Authorization
Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type
application/json;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
access-control-allow-credentials
true
content-length
138
vary
Origin
content-type
application/json
t
ingest.make.rvapps.io/v2/ 		138 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash
3baac004e15ba7b49bdaee85dc2d7db46ea2087f7b791010ca04685a100bfec5

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
Authorization
Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type
application/json;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
access-control-allow-credentials
true
content-length
138
vary
Origin
content-type
application/json
public
taggy.cohesionapps.com/implementations/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://taggy.cohesionapps.com/implementations/public
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.226.100.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-100-11.compute-1.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type,page-url,source-key
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
x-powered-by
Express
access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
content-type,page-url,source-key
xs1.html
cdn.cohesionapps.com/cohesion/ Frame F711 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.cohesionapps.com/cohesion/xs1.html
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-18.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
afac3a301d848688d0748228296ec7ae26369f67c2df29f3f480ef3ab0bc6ef9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

content-type
text/html
date
Fri, 26 Nov 2021 12:24:59 GMT
last-modified
Thu, 18 Nov 2021 13:26:43 GMT
etag
W/"10b2c1751c2247b1aeccc91060f971cf"
x-amz-server-side-encryption
AES256
x-amz-version-id
null
server
AmazonS3
content-encoding
gzip
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 3dd91613764eafe7ad199013ce202443.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
SqU1VorLHKG7Zoy0AyMyC7f96dRsdogAifbCItMe4jgSv9RmPLYtKg==
age
82950
public
taggy.cohesionapps.com/implementations/ 		8 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://taggy.cohesionapps.com/implementations/public
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.226.100.11 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-100-11.compute-1.amazonaws.com
Software
/ Express
Resource Hash
1057d5fd733028374c07f587279e61230771eddfd056ce12fb75492fd1224ffd

Request headers

Source-Key
src_1kYsAcdpfzbZ8UlNLYht1RPg3m2
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
Page-URL
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
x-powered-by
Express
etag
W/"202f-WDoQOp1rO0z7TI9x4+12ERK4udk"
content-length
8239
content-type
application/json; charset=utf-8
xs2.html
cdn.cohesionapps.com/cohesion/ Frame F711 		473 B
834 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.cohesionapps.com/cohesion/xs2.html
Requested by
Host: cdn.cohesionapps.com
URL: https://cdn.cohesionapps.com/cohesion/xs1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.71.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-71-18.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
88b8a3cb9df436d6910440c58428516accee080be4fa556d3cf10ec6905cf1b9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://cdn.cohesionapps.com/cohesion/xs1.html

Response headers

content-type
text/html
content-length
473
last-modified
Thu, 18 Nov 2021 13:26:43 GMT
x-amz-server-side-encryption
AES256
x-amz-version-id
null
accept-ranges
bytes
server
AmazonS3
date
Fri, 26 Nov 2021 19:55:07 GMT
etag
"ffa03bed298484a7755ca23c5431cb28"
x-cache
Hit from cloudfront
via
1.1 3dd91613764eafe7ad199013ce202443.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
cVzFT_haqa0gLK4x_DwoUClVY0anuTfpTQzpyKo_YBZqJiz1itae5w==
age
55942
t
ingest.make.rvapps.io/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-length
0
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
900
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
t
ingest.make.rvapps.io/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-length
0
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
900
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
t
ingest.make.rvapps.io/v2/ 		138 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash
5f5701ff35ea75155799b463241b98fb91c40c6dc43d377d8ad497650d3ceeab

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
Authorization
Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type
application/json;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
access-control-allow-credentials
true
content-length
138
vary
Origin
content-type
application/json
t
ingest.make.rvapps.io/v2/ 		138 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash
a533caaf04358b397e0627867e54f3f6d9ea169f96dda02411966f723d5ee192

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
Authorization
Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type
application/json;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
access-control-allow-credentials
true
content-length
138
vary
Origin
content-type
application/json
chartbeat_video.js
static.chartbeat.com/js/ 		69 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.chartbeat.com/js/chartbeat_video.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:6600:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e916d6f3c9c316368f99463951a426d09d4ddd223e961652728b519efb11e772

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 10:39:09 GMT
content-encoding
gzip
last-modified
Thu, 28 Oct 2021 00:28:27 GMT
server
nginx
age
2899
etag
W/"6179eeab-11377"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
via
1.1 4d0ae7ca3bb5e2d6eaa1450e1906adb5.cloudfront.net (CloudFront)
cache-control
max-age=7200
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
FRA56-P2
x-amz-cf-id
AVJUMQ2NWYCcmNygkQwJE_iz0R9akUNZwyGziiDyvxz0v7J_JI0uyQ==
expires
Sat, 27 Nov 2021 12:39:09 GMT
utag.js
tags.tiqcdn.com/utag/redventures/zdnetglobalsite/prod/ 		149 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/redventures/zdnetglobalsite/prod/utag.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.51.8.191 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-8-191.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
1a8be5118caeda79b772973aca427a54f00983fdc7b3a14ce7bdc7edf60f975b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
content-encoding
gzip
last-modified
Mon, 08 Nov 2021 18:31:49 GMT
server
AkamaiNetStorage
etag
"5a70179d36f2a5ad95f774beafa8615f:1636396309.338354"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
expires
Sat, 27 Nov 2021 11:32:28 GMT
ping
ping.chartbeat.net/ 		43 B
201 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ping.chartbeat.net/ping?h=zdnet.com&p=%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F&u=Bp9D1zDYlfOxDpYWfa&d=zdnet.com&g=66142&g0=security&g1=liam%20tung&n=1&f=00001&c=0&x=0&m=0&y=4009&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=1773&t=DHKW572SDEjDm9iLXCtY1PUB301_L&V=129&i=This%20new%20phishing%20attack%20features%20a%20weaponized%20Excel%20file%20%7C%20ZDNet&tz=0&_acct=anon&sn=1&sv=B6p7zqsPNVDCjz_JpBdor02B07wAb&sd=1&im=067b2ef3&_
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.164.74.135 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-164-74-135.compute-1.amazonaws.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:29 GMT
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
content-length
43
expires
0
aad6e88a-21ea-4a4a-a557-410a874c392e
monarch.cohesionapps.com/api/v1/evaluate/ruleset/6c8c3ead-bc7a-4fe6-98e6-532258665aee/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://monarch.cohesionapps.com/api/v1/evaluate/ruleset/6c8c3ead-bc7a-4fe6-98e6-532258665aee/aad6e88a-21ea-4a4a-a557-410a874c392e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.225.249.141 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-249-141.compute-1.amazonaws.com
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
segment-external-id,token
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
x-powered-by
Express
access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
segment-external-id,token
apstag.js
c.amazon-adsystem.com/aax2/ 		134 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.21.201 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-21-201.fra56.r.cloudfront.net
Software
Server /
Resource Hash
de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
qkOcdGsoDUMvfWusL4m2BAijBZa3LkSN
content-encoding
gzip
etag
1e39d25f07f5619925357b752ab10d04
age
496
x-cache
Hit from cloudfront
server
Server
x-amz-rid
0Y2M2T8K9E5Z3W4BFZ49
date
Sat, 27 Nov 2021 11:19:13 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 cb1bcb02f5d0667fafd0890701965f18.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
FRA56-C2
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
Nhe0i2UtLOXTPD3vTWN57PKw09ErDc49hqgZ4qZnmI4G2TNwL1TMmw==
aad6e88a-21ea-4a4a-a557-410a874c392e
monarch.cohesionapps.com/api/v1/evaluate/ruleset/6c8c3ead-bc7a-4fe6-98e6-532258665aee/ 		2 B
493 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://monarch.cohesionapps.com/api/v1/evaluate/ruleset/6c8c3ead-bc7a-4fe6-98e6-532258665aee/aad6e88a-21ea-4a4a-a557-410a874c392e
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.225.249.141 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-249-141.compute-1.amazonaws.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Segment-External-Id
cross_site_id:b78ef79f-bc59-4fcc-a55d-a5dfd889b306
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Token
6e4d8710-04aa-4aba-8ea0-6436ce2e14c6
Content-Type
text/plain

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
x-content-type-options
nosniff
access-control-allow-origin
*
surrogate-control
no-store
x-dns-prefetch-control
off
content-length
2
x-xss-protection
1; mode=block
x-request-id
111f361e-8291-4338-a4ff-9a333f8c68f9
x-response-time
239.215ms
pragma
no-cache
x-frame-options
SAMEORIGIN
etag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-download-options
noopen
strict-transport-security
max-age=15552000; includeSubDomains
content-type
application/json; charset=utf-8
monarch-request-id
111f361e-8291-4338-a4ff-9a333f8c68f9
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23386&site_id=378838&zone_id=2099592&size_id=2&rf=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&tk_flint=pbjs_lite_v5.5.0&x_source.tid=feb18372-e823-46a8-a5f1-ae50332335eb&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.800768732247485
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
3db1305e4b2aaed3cc0412dc79ec19ee114eeb5d9751e5dc271d4e714e0e05a9

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 11:27:29 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		257 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23386&site_id=378838&zone_id=2094900&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&tk_flint=pbjs_lite_v5.5.0&x_source.tid=50a3e090-1ff3-4dfa-99e5-90bf46f98b82&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9144634711214241
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
7033b1ea7c8b18fba394958912c81cd4e106fac8c1e31fea4fa68b588bc22f73

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 11:27:29 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
257
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		237 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23386&site_id=378838&zone_id=2094904&size_id=15&rf=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&tk_flint=pbjs_lite_v5.5.0&x_source.tid=62d4ce04-f52f-4247-a10f-c0cf6def8f75&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.03194262775671852
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
124fe2118474f3772fd31ae6c8c829db3fc48fc7c5f200ce19cedbd5f310b50d

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 11:27:29 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
237
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		237 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23386&site_id=378838&zone_id=2094910&size_id=15&rf=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&tk_flint=pbjs_lite_v5.5.0&x_source.tid=b88c2189-20f9-4c81-8b02-e45089c023bf&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4283416939736031
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
118936592777a1abc630d39f6e853051806f97b5b1cce20e60c3c16d05e6b9ec

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 11:27:29 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
237
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		260 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23386&site_id=378838&zone_id=2094912&size_id=2&alt_size_ids=57&rf=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&tk_flint=pbjs_lite_v5.5.0&x_source.tid=4a05e14e-8725-4995-9e1a-383b6263fe96&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.693806150971541
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
b9a1d7f258dd370aca57f0e99b6f3f17dd45a1a69f769e64681295aeb2146a51

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 11:27:29 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
260
Expires
Wed, 17 Sep 1975 21:32:10 GMT
translator
hbopenbid.pubmatic.com/ 		0
115 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.zdnet.com
date
Sat, 27 Nov 2021 11:27:28 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/ 		801 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.241 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
fb9766461512772ce729af7ffe683446d978a9608b12044606194a114ab0aeb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 27 Nov 2021 11:27:29 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
78.47.208.25; 78.47.208.25; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
964d2f2d-41e7-400d-b5f9-89d38c9b2233
Server
nginx/1.17.9
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cygnus
htlb.casalemedia.com/ 		37 B
330 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=684545&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2223584c87b0dfe5d%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A1%2C%22msi%22%3A1%2C%22mfu%22%3A0%2C%22bu%22%3A5%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A5%2C%22ren%22%3Afalse%2C%22version%22%3A%225.5.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22246e52be044e5f7%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22684545%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A5%2C%22h%22%3A5%2C%22ext%22%3A%7B%22siteID%22%3A%22684545%22%2C%22sid%22%3A%225x5%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22252f8940332ec52%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22684533%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22684534%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%222769824fa908bd3%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22684537%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%222855aadf5d4fc59%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22684539%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%2229348594115a35c%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22684540%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22684541%22%2C%22sid%22%3A%22970x250%22%7D%7D%5D%7D%7D%5D%7D
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.17.5.147 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-5-147.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7664328aa7c2ade94a0593fdc1506b8c49883f5f932d5171d9816444fc67566b

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:29 GMT
x-ak-initial-geo
CC:[DE], RC:[SN], CN:[EU], CIP:[78.47.208.25], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://www.zdnet.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Sat, 27 Nov 2021 11:27:29 GMT
arj
cnet-d.openx.net/w/1.0/ 		73 B
379 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cnet-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=feb18372-e823-46a8-a5f1-ae50332335eb%2C50a3e090-1ff3-4dfa-99e5-90bf46f98b82%2C50a3e090-1ff3-4dfa-99e5-90bf46f98b82%2C62d4ce04-f52f-4247-a10f-c0cf6def8f75%2Cb88c2189-20f9-4c81-8b02-e45089c023bf%2C4a05e14e-8725-4995-9e1a-383b6263fe96%2C4a05e14e-8725-4995-9e1a-383b6263fe96&nocache=1638012449041&aus=728x90%2C5x5%7C300x250%2C300x600%7C300x250%2C300x600%7C300x250%7C300x250%7C728x90%2C970x250%7C728x90%2C970x250&divids=nav-ad-plus-leader%2Cmpu-plus-top%2Cmpu-plus-top%2Cmpu-middle%2Cmpu-bottom%2Cleader-plus-bottom%2Cleader-plus-bottom&aucs=%2C%2C%2C%2C%2C%2C&auid=544099121%2C544099082%2C544099085%2C544099094%2C544099102%2C544099105%2C544099108
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
6d26a4e809e620ff3753ea5167b23fb538629cfafc34f7678bcc689cd15a67e5

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
server
OXGW/16.221.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.zdnet.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
291 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_728x90_12&cmd=bid&secure=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
2a241c46f8600dab1d9de67d9e042aae77762737d4f731143af5294f13d9ce09

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.zdnet.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_300x250_1&cmd=bid&secure=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
4c9ec69ed221b10bd0fe8f6897894da55c09b9822a91eb08a73ad797157aa3f0

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.zdnet.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_300x600&cmd=bid&secure=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
d6e1c0098619255b5c906ad8977cff0d69f1eb4d110abe8f8524f8d31f25d337

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.zdnet.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_300x250_2&cmd=bid&secure=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
9e3acac26c018bbb2803699ff423b66a36f9163322e7354a6f4ea3fd7ae80aaa

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.zdnet.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_300x250_4&cmd=bid&secure=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
54ef066046a8ead98c9777754ea2448e907950558009d3b281c97a245dbbcc42

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.zdnet.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_728x90_6&cmd=bid&secure=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
ebf93c420e494fb1e02ce1a763a14cd4fd04ed43c5e4101fd1afee88c1290e7c

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.zdnet.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96947b017a7a15964715fb78370020&pos=zdnet_dt_970x250_5&cmd=bid&secure=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
73754eb59b005e7ba707b36d53955effb8e6bb76110f347d744150cc354cf9da

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.zdnet.com
access-control-allow-credentials
true
content-length
62
hb
sofia.trustx.org/ 		2 B
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sofia.trustx.org/hb?pt=net&auids=95444%2C78199%2C78192%2C78194%2C78190%2C78200%2C78202&sizes=728x90%2C5x5%2C300x250%2C300x600%2C970x250&r=47d7c214784f82e&wrapperType=Prebid_js&wrapperVersion=5.5.0&u=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&wtimeout=1000
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.211.168.6 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS
6.168.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 27 Nov 2021 11:27:29 GMT
Server
nginx
Content-Type
application/json; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
2
trinity.json
apex.go.sonobi.com/ 		365 B
825 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22%2F22309610186%2Faw-zdnet%2Fnav-ad-plus-leader%7C561e716e63e5042%22%3A%22728x90%2C5x5%7Cgpid%3D%2F22309610186%2Faw-zdnet%2Fsecurity%22%2C%22%2F22309610186%2Faw-zdnet%2Fmpu-plus-top1%7C576af7eceeddc47%22%3A%22300x250%2C300x600%7Cgpid%3D%2F22309610186%2Faw-zdnet%2Fsecurity%22%2C%22%2F22309610186%2Faw-zdnet%2Fmpu-middle1%7C585f87d05602d1%22%3A%22300x250%7Cgpid%3D%2F22309610186%2Faw-zdnet%2Fsecurity%22%2C%22%2F22309610186%2Faw-zdnet%2Fmpu-bottom1%7C5982a3936fa76af%22%3A%22300x250%7Cgpid%3D%2F22309610186%2Faw-zdnet%2Fsecurity%22%2C%22%2F22309610186%2Faw-zdnet%2Fleader-plus-bottom1%7C60b00860da589aa%22%3A%22728x90%2C970x250%7Cgpid%3D%2F22309610186%2Faw-zdnet%2Fsecurity%22%7D&ref=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&s=9ea8d814-86ab-4b41-ae27-855bd910dbc1&pv=4fbf5eec-01f5-442a-a2cf-d9ac99f962e6&vp=desktop&lib_name=prebid&lib_v=5.5.0&us=5&ius=0&coppa=0
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-apex.go.sonobi.com
Software
sonobi-go /
Resource Hash
e6f6a4f8b9bb40c5fd4be0bba9cd91c0e15037e4dffc176dcebce77f125730bc
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 11:27:29 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-8
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
217
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
202 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=redventures/zdnetglobalsite/202111081831&cb=1638012449085
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.51.8.191 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-51-8-191.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
last-modified
Thu, 14 Apr 2016 16:57:51 GMT
server
AkamaiNetStorage
etag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type
application/x-javascript
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Sat, 27 Nov 2021 11:37:29 GMT
config
c.amazon-adsystem.com/cdn/prod/ 		951 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=5062&u=https%3A%2F%2Fwww.zdnet.com
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.21.201 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-21-201.fra56.r.cloudfront.net
Software
Server /
Resource Hash
2ac1abeb793e330db301dfbe8809ec90f32ebfed2e6c34896e6c26a6318be981

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:28 GMT
via
1.1 cb1bcb02f5d0667fafd0890701965f18.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
content-length
951
x-amz-cf-id
hPwQoMxcG7kgkTWa8yjKZ7R7jRIDv57pjTAw-8Cc_GUSa-odSnqbtw==
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
490 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=5062&u=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pid=nGwtlVvfZO4TV&cb=0&ws=1600x1200&v=7.71.1&t=1000&slots=%5B%7B%22sd%22%3A%22nav-ad-plus-leader%22%2C%22s%22%3A%5B%22728x90%22%2C%225x5%22%5D%2C%22sn%22%3A%22%2F22309610186%2Faw-zdnet%2Fsecurity%2Fnav-ad-plus-leader%22%7D%2C%7B%22sd%22%3A%22mpu-plus-top%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F22309610186%2Faw-zdnet%2Fsecurity%2Fmpu-plus-top%22%7D%2C%7B%22sd%22%3A%22mpu-middle%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22309610186%2Faw-zdnet%2Fsecurity%2Fmpu-middle%22%7D%2C%7B%22sd%22%3A%22mpu-bottom%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22309610186%2Faw-zdnet%2Fsecurity%2Fmpu-bottom%22%7D%2C%7B%22sd%22%3A%22leader-plus-bottom%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F22309610186%2Faw-zdnet%2Fsecurity%2Fleader-plus-bottom%22%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.21.201 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-21-201.fra56.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
via
1.1 cb1bcb02f5d0667fafd0890701965f18.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C2
x-amz-rid
JK57CWP790S341Q6SA13
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
LWe97VzQMqkpX1E5ybeEVzej0P9nDB8P9jFlaaQso75uDrHVNho1TA==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.21.201 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-21-201.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
gYbY2ORQY5Qmsyt0ob0SiGH6tjIhuo4B
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
32825
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Tue, 09 Nov 2021 22:55:20 GMT
server
AmazonS3
date
Sat, 27 Nov 2021 03:18:08 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 bfa7dfbe8ca6d4eb3690c4c82ca6c0fa.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA56-C2
x-amz-cf-id
7yNGM5MBi4YBizm3KBaEAUhY-W_z9GRDPC_d7DvX8gdfl_upXWu7fw==
ats.js
ats.rlcdn.com/ 		185 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ats.rlcdn.com/ats.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.253.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-70.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cceefd476057bb3f36703d027ec405887d25d05311d491b9a203d4c60a2d75fb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
TIXEr4j9ZaZJgKeoVZ8ehYwv1bF6gSxj
content-encoding
br
etag
W/"a8f24de78b4dc3ecbbff83b08aa9e411"
age
1031
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:73702bf1-4472-485c-9bda-886a8f21cacd
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
6bc77264d69b4716594d8b5229cafdb9
last-modified
Wed, 17 Nov 2021 08:31:53 GMT
server
AmazonS3
date
Sat, 27 Nov 2021 11:10:19 GMT
vary
Accept-Encoding
x-amz-meta-codebuild-content-sha256
67c429bc2e760b9ca91a98648469be411bfcccf8bfb6ea245b28e6585b1861aa
via
1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
cache-control
must-revalidate,public,max-age=86400
x-amz-cf-pop
FRA6-C1
content-type
application/x-javascript
x-amz-cf-id
tIl5zk2NMOFBz3nmAZxArp_9pycRuUTvMVDLEInPWrvFFVTbG6_wyA==
config.js
confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/ 		151 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/config.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
958d975aab813c9537d0eff13e69ca09e9007e1e199077b5ed638a218da335d1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:29 GMT
Content-Encoding
gzip
Age
2685
X-Cache
HIT
Connection
keep-alive
Content-Length
30549
x-amz-id-2
qRIZ5BzqfAS5cBk1IoFUoPDKhTaWaLcPHd5Dr/OLnjCTCivzDH5zuK8WBHU3MrG+UnYnazxmo2A=
X-Served-By
cache-fra19143-FRA
Last-Modified
Sat, 27 Nov 2021 10:24:50 GMT
Server
AmazonS3
X-Timer
S1638012449.202249,VS0,VE0
ETag
"72a1ace62e6b4efdca9b401d063c9b75"
x-amz-request-id
B49FEB798HDPAA9E
Via
1.1 varnish
Cache-Control
public, max-age=900, stale-while-revalidate=3600
Accept-Ranges
bytes
Content-Type
text/javascript
X-Cache-Hits
48
wrap.js
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/ 		189 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2c125e6a12e3dd1d1d1aec93292e90fb3c28f36646a954402702b1d9c25175b1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:29 GMT
Content-Encoding
gzip
Age
781
X-Cache
HIT
Connection
keep-alive
Content-Length
61293
x-amz-id-2
jzXf5usRbJR3PYvp69Big/B/XsVaN007aaf8DzTo4oE6Ozrfyzq3/rqhk6J2PTv5JM4jjOX3BWs=
X-Served-By
cache-fra19143-FRA
Last-Modified
Wed, 17 Nov 2021 21:29:49 GMT
Server
AmazonS3
X-Timer
S1638012449.224607,VS0,VE0
ETag
"cb7589d017ac65aecf6dc6f5ec17c4b7"
x-amz-request-id
KY5DB13GGJV0P5XQ
Via
1.1 varnish
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
Content-Type
application/javascript; charset=utf-8
X-Cache-Hits
386
/
geo.privacymanager.io/ 		28 B
591 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.207.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-207-44.fra53.r.cloudfront.net
Software
/
Resource Hash
3b3ed4b191fdd529075b8e099f5daefd684e80acd4c9514a70b6ad746e949544

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 05:01:23 GMT
via
1.1 e86025dac63232624d2273c5fd256ce4.cloudfront.net (CloudFront), 1.1 78c402b74e65ae12b398b6b957ab229e.cloudfront.net (CloudFront)
age
23166
x-amzn-requestid
e9b58334-a771-4a3d-9f5c-983f87810b1f
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-61a1bba3-7c11d18b7459f6340016708c;Sampled=0
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA2-C1, FRA53-C1
x-amz-apigw-id
JcpBlHb2DoEFSLQ=
content-length
28
x-amz-cf-id
OYs-XxrxufRfKn2RK2P7mjrlw5mCh5LP5_xhTO8PyIipQaa68OC7yw==
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
t
ingest.make.rvapps.io/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-length
0
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
900
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
t
ingest.make.rvapps.io/v2/ 		138 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash
91e4d75794fbcbdab096cd683925f7d15b89aff52b059e15ce37bb5dd0524c08

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
Authorization
Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type
application/json;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
access-control-allow-credentials
true
content-length
138
vary
Origin
content-type
application/json
urban-airship-fc69ebbe99-rev.js
www.zdnet.com/a/fly/js/components/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/js/components/urban-airship-fc69ebbe99-rev.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
55b5da8c291fbf2194b2cf892c31e4d13a278a1c652f27b3222c0382cd41dd44
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
1207
x-xss-protection
1; mode=block
last-modified
Mon, 22 Nov 2021 10:11:25 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"93db6eb6bbc882adcd8d7cd7634da6ee"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Nov 2021 18:21:04 GMT
ua-sdk.min.js
web-sdk.urbanairship.com/notify/v1/ 		203 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web-sdk.urbanairship.com/notify/v1/ua-sdk.min.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.208.151 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
151.208.227.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e5ab11b9756b1d55d9319049c61aeefffdbc7c9b96dfcb1e32ecb574b8750c7f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:25:13 GMT
content-encoding
gzip
age
136
x-guploader-uploadid
ADPycdtgkd3bNWyk2PMDk7E3wQ2DjQvjObz_SVyu1hifGyzrXoEQMva7aNcrIqtks_d8SMlFZ4AAWvevrYsTn5kVzNM
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
36677
last-modified
Wed, 17 Nov 2021 23:19:50 GMT
server
UploadServer
etag
"5739d69ebb4010007989b4ccbbab6bf2"
x-goog-hash
crc32c=QL5hlQ==, md5=VznWnrtAEAB5ibTMu6tr8g==
x-goog-generation
1637191190146808
cache-control
public,max-age=300,no-transform
x-goog-stored-content-length
36677
accept-ranges
bytes
content-type
application/javascript
expires
Sat, 27 Nov 2021 11:30:13 GMT
web-vitals.iife.js
unpkg.com/web-vitals@2.1.2/dist/
Redirect Chain
  • https://unpkg.com/web-vitals/dist/web-vitals.iife.js
  • https://unpkg.com/web-vitals@2.1.2/dist/web-vitals.iife.js
4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/web-vitals@2.1.2/dist/web-vitals.iife.js
Protocol
H2
Server
2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c60d2056c4b51601d6d6a1ddc4afe9fd561c415c0bf1e5e730a9a0fac78fb9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
age
4020018
fly-request-id
01FHRRKP43W0ER3DT1Y8RQBS2Q
content-encoding
br
vary
Accept-Encoding
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
etag
W/"112d-YY/3e/MWV7ik0HGTYz3nnz0WKp8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
6b4b01f12db54ea4-FRA

Redirect headers

date
Sat, 27 Nov 2021 11:27:29 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01FNGJBP53ABD0Z6AK9QPKC7PY
server
cloudflare
age
39
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
location
/web-vitals@2.1.2/dist/web-vitals.iife.js
cache-control
public, s-maxage=600, max-age=60
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6b4b01f10d844ea4-FRA
access-control-allow-origin
*
comscore.streaming.6.1.1.171219.min.js
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/comscore/ 		104 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/comscore/comscore.streaming.6.1.1.171219.min.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
0d2078bf12beaaf3694eb02a46c6de631d4a5e4ba52b25d3d9a64c7c52626fad
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
18724
x-xss-protection
1; mode=block
last-modified
Wed, 18 Aug 2021 20:22:22 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"f4dcc437e891f84ae7d594f94bc63ded"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Thu, 25 Nov 2021 06:09:31 GMT
ima3.js
s0.2mdn.net/instream/html5/ 		368 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/html5/ima3.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4ccb64cb52eff9e8c10713a938a73ec2461b8b1e71acef86c52cd7242c3b0090
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
125138
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 27 Nov 2021 11:27:29 GMT
feature-disabled-dbcc4f5d9e-rev.js
www.zdnet.com/a/fly/js/ 		0
121 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/fly/js/feature-disabled-dbcc4f5d9e-rev.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
32
x-xss-protection
1; mode=block
last-modified
Mon, 22 Nov 2021 10:11:25 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"7a8167a14d6907890ae8e930e2327b96"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
max-age=604800,no-transform
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Nov 2021 10:00:19 GMT
t
ingest.make.rvapps.io/v2/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type
Origin
https://www.zdnet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-length
0
access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
900
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
t
ingest.make.rvapps.io/v2/ 		138 B
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.make.rvapps.io/v2/t
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.21.227.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-21-227-9.compute-1.amazonaws.com
Software
/
Resource Hash
42faf2022b2a5e63cc982d2feb84175c7f2636614fbff9f5a851d5be85fe8ee4

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
Authorization
Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type
application/json;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
access-control-allow-credentials
true
content-length
138
vary
Origin
content-type
application/json
VideoHeartbeat-2.0.2.min.js
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/adobe/ 		143 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/adobe/VideoHeartbeat-2.0.2.min.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
acc16a7acfdc37b4e11c49adba781c8f4192368865c64e4ab37483780952c91e
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
28851
x-xss-protection
1; mode=block
last-modified
Wed, 18 Aug 2021 20:22:22 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"2b585e259cd9455920d0df03c9bd3119"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Tue, 23 Nov 2021 18:18:58 GMT
config.json
c.go-mpulse.net/api/v2/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1638012449538&s=9b32806453977e5687d56faeb627144c055eb96a1104c06facdb6c41a2d01f39
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:6c00:1b8::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c0628cb0f4bded33b13525eafad28b67f8d4f4774d239344ca86d2cf98e751a9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 11:27:29 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
879
AppMeasurement-2.3.0.min.js
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/adobe/ 		77 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/adobe/AppMeasurement-2.3.0.min.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
bcc0ac1b386e00fb3f5e5ec0f60682b3023399eff0f7405cb1601042a4d1bf2b
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
27235
x-xss-protection
1; mode=block
last-modified
Wed, 18 Aug 2021 20:22:22 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"87d53823ac6fb4252ae6e24f8f2bbda9"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Thu, 25 Nov 2021 06:02:50 GMT
ggcmb510.js
cdn-gl.imrworldwide.com/novms/js/2/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/js/2/ggcmb510.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:6c00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
2J3RA2RMi5eYAj7nmdbu3te_gb7jIgN9
content-encoding
gzip
etag
W/"afa0d379b1e6e0a61fad577d0043ff26"
last-modified
Mon, 15 Nov 2021 15:07:58 GMT
server
AmazonS3
age
3434
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
cache-control
max-age=86400
date
Sat, 27 Nov 2021 10:30:16 GMT
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
slyuZI3h4nRe2WAXU3T1Y13VZVZlL28DzDyIp24zWq1VEqF6bXcgrA==
mux.js
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/ 		82 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/tracking/mux.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
36907f27970c8f2e5df0c6c5443a9283a8b49e7cdbef3c878a5a1e5b536b2065
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
25338
x-xss-protection
1; mode=block
last-modified
Wed, 18 Aug 2021 20:22:22 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"15f433dc84bc8786b796c045eccafd9f"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Tue, 23 Nov 2021 18:18:58 GMT
uvp_blank.mp4
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/video/ 		11 KB
11 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/video/uvp_blank.mp4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
6227f18e898e5b7c708fc1eb1763bd1b2186bdecd6f8b81f4bc1bf84f4d7d4e6
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Range
bytes=0-

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
via
1.1 varnish
vary
Accept-Encoding, Accept
Content-Range
bytes 0-11246/11247
Content-Length
11247
x-xss-protection
1; mode=block
last-modified
Wed, 18 Aug 2021 20:22:22 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"707bb2a4c9141aba1068d851f5be0409"
strict-transport-security
max-age=31536000
content-type
video/mp4
cache-control
public, max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Thu, 25 Nov 2021 05:36:16 GMT
default.css
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/css/ 		75 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/lib/css/default.css
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ContentServer /
Resource Hash
d84407005f8be6253de84d06aba3b98adf802ac9dc7e75169423298a4c772f26
Security Headers
Name Value
Content-Security-Policy default-src https://*.zdnet.com:*
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
vary
Accept-Encoding, Accept
content-length
9960
x-xss-protection
1; mode=block
last-modified
Wed, 18 Aug 2021 20:22:22 GMT
server
ContentServer
x-frame-options
SAMEORIGIN
etag
"53f9ec8cbf72a4cf89092f94ae8b8d25"
strict-transport-security
max-age=31536000
content-type
text/css
via
1.1 varnish
cache-control
public, max-age=604800
content-security-policy
default-src https://*.zdnet.com:*
accept-ranges
bytes
expires
Tue, 23 Nov 2021 18:19:34 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		20 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2148060149347060&correlator=1726831845725008&output=ldjh&impl=fifs&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211127&iu_parts=22309610186%2Caw-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x66%7C5x5&prev_scp=pos%3Dnav%26sl%3Dnav-ad-plus-leader%253FT-1000%26amznbid%3D2%26amznp%3D2%26iid%3Dunit%253Dnav-ad-plus-leader%257Cvguid%253Df470eb18-fd47-460e-af00-ec987d4590ea%257Cpv%253D1&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgs_tech_computing%252Cmoat_unsafe%252Cgv_crime%252Cgs_tech%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26buyingcycle%3Ddiscover%26topic%3Dsecurity%26pid%3Dmicrosoft-sharepoint%252Cmicrosoft-onedrive%26mfr%3Dmicrosoft%26tag%3Dmicrosoft%252Cmalware%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Da%26pv%3D1%26vguid%3Df470eb18-fd47-460e-af00-ec987d4590ea%26useg%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1638012447&dt=1638012449755&dlt=1638012447462&idt=422&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=50&adks=3846852823&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x100&msz=1600x100&ga_vid=1859378166.1638012450&ga_sid=1638012450&ga_hid=1483078510&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
d4da726e09c482b2eb1a4d776a7c5dc1b6561c52406153fdd759f447cf65a2cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9392
x-xss-protection
0
google-lineitem-id
5688542871
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138349983400
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		12 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2c123d9a9620fcd999e39d5c3667f823748d2983116a763fbab3ea2e467c6dfe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9198
x-xss-protection
0
container.html
b2b670beafe273e5e81b392c85999385.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FC4E 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://b2b670beafe273e5e81b392c85999385.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Sat, 27 Nov 2021 11:27:29 GMT
expires
Sun, 27 Nov 2022 11:27:29 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ads
securepubads.g.doubleclick.net/gampad/ 		20 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2148060149347060&correlator=1681024660298973&output=ldjh&impl=fifs&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211127&iu_parts=22309610186%2Caw-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x600&prev_scp=pos%3Dtop%26sl%3Dmpu-plus-top%253FLL%257CT-1000%26amznbid%3D2%26amznp%3D2%26iid%3Dunit%253Dmpu-plus-top%257Cvguid%253Df470eb18-fd47-460e-af00-ec987d4590ea%257Cpv%253D1&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgs_tech_computing%252Cmoat_unsafe%252Cgv_crime%252Cgs_tech%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26buyingcycle%3Ddiscover%26topic%3Dsecurity%26pid%3Dmicrosoft-sharepoint%252Cmicrosoft-onedrive%26mfr%3Dmicrosoft%26tag%3Dmicrosoft%252Cmalware%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Da%26pv%3D1%26vguid%3Df470eb18-fd47-460e-af00-ec987d4590ea%26useg%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1638012447&dt=1638012449782&dlt=1638012447462&idt=422&frm=20&biw=1600&bih=1200&oid=2&adxs=1050&adys=449&adks=36326968&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&vis=1&dmc=8&scr_x=0&scr_y=0&psz=370x280&msz=370x30&ga_vid=1859378166.1638012450&ga_sid=1638012450&ga_hid=1483078510&ga_fc=false&fws=4&ohw=370&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
93304a64787451a29469112be47402e8e62badcb3a9e02efc41f1c11eccc3490
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9385
x-xss-protection
0
google-lineitem-id
5688542871
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138349575866
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		20 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2148060149347060&correlator=3228767658194158&output=ldjh&impl=fifs&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211127&iu_parts=22309610186%2Caw-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&prev_scp=pos%3Dmiddle%26sl%3Dmpu-middle%253FLL%257CT-1000%26amznbid%3D2%26amznp%3D2%26iid%3Dunit%253Dmpu-middle%257Cvguid%253Df470eb18-fd47-460e-af00-ec987d4590ea%257Cpv%253D1&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgs_tech_computing%252Cmoat_unsafe%252Cgv_crime%252Cgs_tech%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26buyingcycle%3Ddiscover%26topic%3Dsecurity%26pid%3Dmicrosoft-sharepoint%252Cmicrosoft-onedrive%26mfr%3Dmicrosoft%26tag%3Dmicrosoft%252Cmalware%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Da%26pv%3D1%26vguid%3Df470eb18-fd47-460e-af00-ec987d4590ea%26useg%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1638012447&dt=1638012449785&dlt=1638012447462&idt=422&frm=20&biw=1600&bih=1200&oid=2&adxs=1050&adys=1177&adks=2638305364&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&vis=1&dmc=8&scr_x=0&scr_y=0&psz=370x30&msz=370x30&ga_vid=1859378166.1638012450&ga_sid=1638012450&ga_hid=1483078510&ga_fc=false&fws=4&ohw=370&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
94a8b7e6bcf8f936b9183f0b52c6614ce1a4ba0ecdd2174d05430e8cd2670d04
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9410
x-xss-protection
0
google-lineitem-id
5688542871
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138349983439
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		20 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2148060149347060&correlator=1096283335619121&output=ldjh&impl=fifs&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211127&iu_parts=22309610186%2Caw-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&prev_scp=pos%3Dbottom%26sl%3Dmpu-bottom%253FLL%257CT-1000%26amznbid%3D2%26amznp%3D2%26iid%3Dunit%253Dmpu-bottom%257Cvguid%253Df470eb18-fd47-460e-af00-ec987d4590ea%257Cpv%253D1&eri=1&cust_params=m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgs_tech_computing%252Cmoat_unsafe%252Cgv_crime%252Cgs_tech%26m_mv%3DnoHistData%26m_gv%3DnoHistData%26buyingcycle%3Ddiscover%26topic%3Dsecurity%26pid%3Dmicrosoft-sharepoint%252Cmicrosoft-onedrive%26mfr%3Dmicrosoft%26tag%3Dmicrosoft%252Cmalware%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Da%26pv%3D1%26vguid%3Df470eb18-fd47-460e-af00-ec987d4590ea%26useg%3D&cookie_enabled=1&bc=31&abxe=1&lmt=1638012447&dt=1638012449787&dlt=1638012447462&idt=422&frm=20&biw=1600&bih=1200&oid=2&adxs=1050&adys=1497&adks=3625754864&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&vis=1&dmc=8&scr_x=0&scr_y=0&psz=370x250&msz=370x30&ga_vid=1859378166.1638012450&ga_sid=1638012450&ga_hid=1483078510&ga_fc=false&fws=4&ohw=370&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
c859ffcd5f6dcb7439322c4d680ce6d22c0a88cf434114eabad1bf0b5ad2545f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9377
x-xss-protection
0
google-lineitem-id
5688542871
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138349983439
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 27 Nov 2021 11:27:29 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 4557 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu62jTtyVPiNjwceh6v3rNoPcCz3M2weyg46YUENU_J77j6mTB-EQ9Zcr9hxZ-d2Wb5sML-PtGyUJj2rPUyPUHSL9qKX67M9NCqpP5GywPdjK_fKkcGtPq0gYAtwsCTfCXWJfBNOVfOgr-M6Il9-zHDEn9C9nUKuVIaGi0N14n8hfGrnopBssCxNultETfICCOwDOKUP-EP0AQ7p1L5Ofjp3xyJTN0JtbHv1GVP-rVAQXmogIBkpXfcbYtnaFI-arIf0pUc4YEidFInIdrmrLgckh8DFVdnXHATA7m_h1OAlDzhWUxdqjrGwUd4gjMU&sai=AMfl-YSnjSudmd-zUSVBETwr4PNkIdV_HryCddUDaSwscCsxiRhE5KB7qrLeQqU2eQzyDAQk4c0N_agOupvhNToCBwSd2UTFDRnL5Hf5cSDA6npKYNsub9e-rUcMCICoIG8&sig=Cg0ArKJSzMouhifN9xAPEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 27 Nov 2021 11:27:29 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame 4557 		77 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
sffe /
Resource Hash
c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1056 / 407 of 1000 / last-modified: 1637708722"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26861
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 11:27:29 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 4557 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 11:27:29 GMT
moatad.js
z.moatads.com/redventuresgamdisplay60805146916/ Frame 4557 		335 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
last-modified
Thu, 04 Nov 2021 17:56:16 GMT
server
AmazonS3
x-amz-request-id
0YXEKRETNSDAW5KG
etag
"f312b221978540b1bae8fcc427275c6d"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=33104
accept-ranges
bytes
content-length
114431
x-amz-id-2
C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=
view
securepubads.g.doubleclick.net/pcs/ Frame FBAE 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuJDXhUFpSciqmwF1lWdFoDTi5O_CmaPGv6AbqRQ2Fzf53WRQ4oteS5HOdW2BvZ0q01bWYfOIL5Wj3b-8uAcKObdD522mObQSch-5RSCTV94TWpyvxo06mOT27Z2vbMZqDvhm4TK93lIcnrQdxnl0zTClDSImxPEQTGgTjd1iGrp83pMg0be8Q9CgEMsl1qi51CmhR_5N-pg5C7pGIcdvCZVF13kEt1i4_zOGPqzHVa_6_PJJ4Q510Gy9vX8sFnpNur4gX2fOJ3P652RvDBfUME_96Ksm6stUjkJi7RahcDwIB4RUPpF6cWB7zVi3zK&sai=AMfl-YQsINyNqj8jbsliEaPSCMviELj1Hmjk5sILMv2JEdHj6WEGlRT2BjfLS5gW4aauBtQ5CvotN4fbX00oGh0PzK6a9ia-b2t8YtgWgqzTxa78ON3a7qHcU2aA9ToD0s5Q&sig=Cg0ArKJSzNtThSZKnF1VEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 27 Nov 2021 11:27:29 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame FBAE 		77 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
sffe /
Resource Hash
c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1056 / 117 of 1000 / last-modified: 1637708722"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26861
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 11:27:29 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame FBAE 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 11:27:30 GMT
moatad.js
z.moatads.com/redventuresgamdisplay60805146916/ Frame FBAE 		335 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
last-modified
Thu, 04 Nov 2021 17:56:16 GMT
server
AmazonS3
x-amz-request-id
0YXEKRETNSDAW5KG
etag
"f312b221978540b1bae8fcc427275c6d"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=33104
accept-ranges
bytes
content-length
114431
x-amz-id-2
C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=
view
securepubads.g.doubleclick.net/pcs/ Frame ACEF 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstc_lSCkNDc6ZRqrj_YbW4FYkFOtijHM8lnSu-7psHs1leH8UiIq1IbxWoaIdzbjI1G4IYwLysrqAylNSzhSYdcEMUTf_KuqADE1cfghaR2jEgLe4A7GU_PfBuWyLfA9RMXgranqFXic3X-nQ1VpW_ISZpFgULRQt8Z199nWa7zDC8uPFk62C4vqDiyfOjUWmuonYPb74NYueX1lIZxSBXjVDm04MrLpEDgsVdRVLy08VCRIU5mdoGI8lBXBdRBnGLLvivcPUvtcvl-fNqZoJPT1GOFXtGEeCsE_MXu93g4IyWJCxlscDJUdvXRJvER&sai=AMfl-YQNe94Ta7SuIy92fIM3XRjNcc7jaD__TzlFZu28xmd3UWgaEarHoPOc5yHyCb6w3TSs7YrLjrbf6R_lbEPzpTJSbWyNplPFg7g1ulxBPwdqiLbHWRuYkm6BQuxKwWQ&sig=Cg0ArKJSzMquGY7YE1VuEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 27 Nov 2021 11:27:29 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame ACEF 		77 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
sffe /
Resource Hash
c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1056 / 149 of 1000 / last-modified: 1637708722"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26861
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 11:27:29 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame ACEF 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 11:27:30 GMT
moatad.js
z.moatads.com/redventuresgamdisplay60805146916/ Frame ACEF 		335 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
last-modified
Thu, 04 Nov 2021 17:56:16 GMT
server
AmazonS3
x-amz-request-id
0YXEKRETNSDAW5KG
etag
"f312b221978540b1bae8fcc427275c6d"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=33104
accept-ranges
bytes
content-length
114431
x-amz-id-2
C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=
view
securepubads.g.doubleclick.net/pcs/ Frame ECB4 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstZD9i85hUrzjMbeSG1wBqw_WDEJoa1PxB-IFQGqAgBu3SuTdxaOwzFrin6TdIw7NpnIBh9l95CIrPaGKNMZEZFcVzhU_CNeb2PixWv68gAs5loTRnTD9YtkYOH-SQ8SM9vWgrhP9h8IbEAolAV2G6RNs5OXxfyE5I8wigUFZL86qJR0cd4mPPHuNxYMnFz-jJ2nbAs4nr8eAX-p5uHXrZ8j5JKOYaH_tsS_0vsr1KEat1v2_4lA1pC4Mf7lSuiX7zEX088WMckqdUDcex2Osv5cjeuz9gwk8tLJ_NyVfSeq1EDdcu-7E83UYiUL4F7&sai=AMfl-YRWvL1Jswn7dH67wLvxcv3MpZtuzuUygT0dJlg2SiGc3hjECmBRcHSfmMgZNvmLvGjWKRt9R9hS2xlMWqreoJu2cgxr7A03rARcnmSGpW-8xA9RdeHVVosceCqO2bHb&sig=Cg0ArKJSzABF1x5isRMZEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:29 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame ECB4 		77 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
sffe /
Resource Hash
c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1056 / 136 of 1000 / last-modified: 1637708722"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26861
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 11:27:29 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame ECB4 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 11:27:30 GMT
moatad.js
z.moatads.com/redventuresgamdisplay60805146916/ Frame ECB4 		335 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:29 GMT
content-encoding
gzip
last-modified
Thu, 04 Nov 2021 17:56:16 GMT
server
AmazonS3
x-amz-request-id
0YXEKRETNSDAW5KG
etag
"f312b221978540b1bae8fcc427275c6d"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=33104
accept-ranges
bytes
content-length
114431
x-amz-id-2
C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=
pubads_impl_2021111601.js
securepubads.g.doubleclick.net/gpt/ Frame ACEF 		344 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
sffe /
Resource Hash
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118471
x-xss-protection
0
last-modified
Tue, 16 Nov 2021 09:34:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 11:27:30 GMT
pubads_impl_2021111601.js
securepubads.g.doubleclick.net/gpt/ Frame 4557 		344 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
sffe /
Resource Hash
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118471
x-xss-protection
0
last-modified
Tue, 16 Nov 2021 09:34:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 11:27:30 GMT
pubads_impl_2021111601.js
securepubads.g.doubleclick.net/gpt/ Frame ECB4 		344 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
sffe /
Resource Hash
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118471
x-xss-protection
0
last-modified
Tue, 16 Nov 2021 09:34:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 11:27:30 GMT
pubads_impl_2021111601.js
securepubads.g.doubleclick.net/gpt/ Frame FBAE 		344 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
sffe /
Resource Hash
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118471
x-xss-protection
0
last-modified
Tue, 16 Nov 2021 09:34:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 11:27:30 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 11AD 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Sat, 27 Nov 2021 10:31:07 GMT
expires
Sun, 27 Nov 2022 10:31:07 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
3383
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 921C 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
14d82c14648f7428a1178ffe2e86a55396c89ec6a58352c6b0ae29dec205754e
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Kw22jfMQI3ZN0yc3OqW6+w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Sat, 27 Nov 2021 11:27:30 GMT
date
Sat, 27 Nov 2021 11:27:30 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-Kw22jfMQI3ZN0yc3OqW6+w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
515
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
684dd32f.akstat.io/ 		0
354 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://684dd32f.akstat.io/
Requested by
Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 11:27:30 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
https://www.zdnet.com
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-XSS-Protection
0
Expires
Sat, 27 Nov 2021 11:27:30 GMT
truncated
/ Frame 4557 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0634b38cfca3edaa2edd88e2edeef420fc338a7928fd63d5c7b11d3b2fec0dd6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22364980590&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=728x90&zMoatPS=nav&zMoatSZPS=728x90%20%7C%20nav&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638012450088&de=486126212415&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=6&cb=0&ym=0&cu=1638012450088&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5688542871%3A138349983400&zMoatW=728&zMoatH=90&zMoatVGUID=f470eb18-fd47-460e-af00-ec987d4590ea&zMoatSN=a&zMoatSL=nav-ad-plus-leader%3FT-1000&zMoatMMV=noHistData&zMoatMMV_MAX=noHistData&zMoatMGV=noHistData&zMoatMSafety=unsafe&zMoatMData=1&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980590&dfp=0%2C1&la=22364980590&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A978%3A978%3A1782%3A929&iq=noHistData&tt=noHistData&tu=1&tp=unsafe&jk=-1&jm=-1&fs=195602&na=1023929470&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
truncated
/ Frame ECB4 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b9da402a00dc1741639d1fb44e54085d0d63758a2d79f99482b2bd9e855d46e2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame ACEF 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2376f29fd021f5c2b27de188db8124ef1a75fd6722d80f46fec0b2d2ea92c3b7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame FBAE 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7acfcbda70f6e581e21d076c25a12a9b731f5f86cdbee0e998b17e57037417ba

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22364980590&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=top&zMoatSZPS=300x250%20%7C%20top&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638012450118&de=777280505054&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=10&cb=0&ym=0&cu=1638012450118&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5688542871%3A138349575866&zMoatW=300&zMoatH=250&zMoatVGUID=f470eb18-fd47-460e-af00-ec987d4590ea&zMoatSN=a&zMoatSL=mpu-plus-top%3FLL%7CT-1000&zMoatMMV=noHistData&zMoatMMV_MAX=noHistData&zMoatMGV=noHistData&zMoatMSafety=unsafe&zMoatMData=1&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980590&dfp=0%2C1&la=22364980590&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A978%3A978%3A1782%3A929&iq=noHistData&tt=noHistData&tu=1&tp=unsafe&jk=-1&jm=-1&fs=195602&na=1035236214&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 921C 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=2148060149347060&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22364980590&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=middle&zMoatSZPS=300x250%20%7C%20middle&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638012450133&de=196041824746&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=14&cb=0&ym=0&cu=1638012450133&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5688542871%3A138349983439&zMoatW=300&zMoatH=250&zMoatVGUID=f470eb18-fd47-460e-af00-ec987d4590ea&zMoatSN=a&zMoatSL=mpu-middle%3FLL%7CT-1000&zMoatMMV=noHistData&zMoatMMV_MAX=noHistData&zMoatMGV=noHistData&zMoatMSafety=unsafe&zMoatMData=1&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980590&dfp=0%2C1&la=22364980590&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A978%3A978%3A1782%3A929&iq=noHistData&tt=noHistData&tu=1&tp=unsafe&jk=-1&jm=-1&fs=195602&na=52222404&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
Ydwwnsiz0RrvfpNl89rQqoBRiFg6eVxNIdbgsmjvwYM.js
pagead2.googlesyndication.com/bg/ Frame 11AD 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Ydwwnsiz0RrvfpNl89rQqoBRiFg6eVxNIdbgsmjvwYM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61dc309ec8b3d11aef7e9365f3dad0aa805188583a795c4d21d6e0b268efc183
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 13:17:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
79781
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13476
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 11:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 26 Nov 2022 13:17:49 GMT
integrator.js
adservice.google.de/adsid/ Frame ACEF 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame ACEF 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame ACEF 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sra_setclickurl&pvsid=1983261948470599&lenfreqs=570%3A1&vrg=2021111601&nw_id=22309610186&nslots=1&eid=31063810%2C31060888%2C21065724%2C44748552&pub_url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame ACEF 		28 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1983261948470599&correlator=1452315750953673&output=ldjh&impl=fif&eid=31063810%2C31060888%2C21065724%2C44748552&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211127&iu_parts=22309610186%2Caw-rv%2Civt&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjss303bUeJ5UIBiyYWd0bwCoY96abqb9kBkYDCV7EuOT13HxD3M2lVHJ5F686j6D20gaSFJvZABcuyZ5rbwjGAZkBHc_q33awUQd-8ILWvkVTozOGtgtV7AXR09ZtLrc3E6DahXXxgI9n7Xf-bzpGwxmw1FUPhcABwCqG4AVzbwMm4jEuOi53oa8R9SFBpzZ7BYhWGDjtRlU14a2VIH-LIwoFdw-ezFPrkauTMhtHXKcvty0hd3g0m60k1dH9I8xQtDL29WcKYfDYEfOZm2e-SLRqWXNOT5BZrz3lmBJRp5CUTZNy-WiB4FuceRl%26sai%3DAMfl-YRpvqcgcXzrRAPURqCSX0CzrcvCkOdmiC6NJr0EFhQ9KjII9FErSfvQSV17Vqo5mXJ-FNyKB3MB5l6xV_YlajnqiAY8NEu0ZPODU5yjUElA3jU_5d7p2k3MzZvgkQA%26sig%3DCg0ArKJSzH_yFiwnBem2EAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&prev_scp=campaign%3D5677026463&cookie=ID%3Daa346bef899c9a04-22a41e4c06cc0065%3AT%3D1638012449%3AS%3DALNI_MbZ_phws2FMX6aZxjt20PEYR5CLiQ&cdm=www.zdnet.com&bc=31&abxe=1&lmt=1638012450&dt=1638012450209&dlt=1638012449879&idt=319&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=2&adxs=1050&adys=1177&adks=1319207525&ucis=5g97gs5640ua&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=300x0&ga_vid=534392777.1638012450&ga_sid=1638012450&ga_hid=1911907382&ga_fc=false&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
517eaf5580d47767a33b006711939f8ea3d6acd492541d94bd02fbf76cf67829
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12047
x-xss-protection
0
google-lineitem-id
5677026463
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138355023537
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
79629e85a59a81721c4a1f064cda3390.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9C81 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://79629e85a59a81721c4a1f064cda3390.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Sat, 27 Nov 2021 11:27:30 GMT
expires
Sun, 27 Nov 2022 11:27:30 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
integrator.js
adservice.google.de/adsid/ Frame 4557 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 4557 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4557 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sra_setclickurl&pvsid=2345747567647124&lenfreqs=570%3A1&vrg=2021111601&nw_id=22309610186&nslots=1&eid=31063811%2C31063813%2C44752586%2C31063246&pub_url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame 4557 		28 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2345747567647124&correlator=2036867800362923&output=ldjh&impl=fif&eid=31063811%2C31063813%2C44752586%2C31063246&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211127&iu_parts=22309610186%2Caw-rv%2Civt&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvbygBXg0C_-odifCt-2tyEsEF4M2EgecTHcrZ1qGqW7ZMSErelUTpIt1kqQGZSe3QiP9udquy4AgkGJj9KgjltpG1fA9FVP-v9t3ARyZX_DVhmASOu_2RtzpA9RR5kAD2ZXXUHx_GZc8so_Wlh_YiIHof8hchSSyljSHdpOe3-Y44_yI7W8wBOi6-beMtMFntYPa4bI-CVSoqlxerL2JrNd_ThyTkcCgj4-cwjQrrwie62wdpjUBraF5kfgb3zRr-TvtoHhw2IDFE9NEaPCDgWOLJFzQXsgMXelQP_X3Eb5KA6Adr76TP3OHod%26sai%3DAMfl-YTw2TDs09sbse-qiQpVuoEqiF5OcP6FVD6Ks0lste8MGMYWPNzIWcO_lY2prApukxCbzQxirLyoR0pPg6pNA7uWWGPudVWf6D8TpL5rF5j_HTL2xPgaIN09KGtTcC8%26sig%3DCg0ArKJSzFBUv_f06rCjEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&didk=607409652&prev_scp=campaign%3D5677026463&cookie=ID%3Daa346bef899c9a04-22a41e4c06cc0065%3AT%3D1638012449%3AS%3DALNI_MbZ_phws2FMX6aZxjt20PEYR5CLiQ&cdm=www.zdnet.com&bc=31&abxe=1&lmt=1638012450&dt=1638012450224&dlt=1638012449835&idt=383&ea=0&frm=23&biw=1600&bih=1200&isw=728&ish=90&oid=2&adxs=436&adys=5&adks=2689385466&ucis=in1dfbns2bfo&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=728x0&ga_vid=248506938.1638012450&ga_sid=1638012450&ga_hid=109448821&ga_fc=false&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
1ac9f90e984f48f1e0095e191d2676ea692a8573a2e047b90a3026183a88b5a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12332
x-xss-protection
0
google-lineitem-id
5677026463
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138355368817
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
7edca1fca72b1154fd1f57ebf4ef6f99.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B595 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://7edca1fca72b1154fd1f57ebf4ef6f99.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Sat, 27 Nov 2021 11:27:30 GMT
expires
Sun, 27 Nov 2022 11:27:30 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
integrator.js
adservice.google.de/adsid/ Frame ECB4 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame ECB4 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame ECB4 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sra_setclickurl&pvsid=1186890019852726&lenfreqs=571%3A1&vrg=2021111601&nw_id=22309610186&nslots=1&eid=21068031&pub_url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame ECB4 		29 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1186890019852726&correlator=2620968802846826&output=ldjh&impl=fif&eid=21068031&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211127&iu_parts=22309610186%2Caw-rv%2Civt&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvWEXe30Icmi2K_ZfabF0pXplfTQmNzyQCJO75tH2fXoZXUQPwxhYvUoSFF4QHW-WsWP6bI7QH0HZRY999Puy1GbWDNpt209_jWbKf5xGC9QfuUgRQ9ITDcU08LV6A8CcbZ21ZbV3xOjN7TcBO-pYhUwN9R9ubkHxkNZVsSnp990TEBXx6STHJn0-2tZVGg6nlqD0cQw16KJUTOdrDO1zQL_NKfBitkSGxM609DapIcZoQZV1BifGX6JDWWPk6LGdp4bWMJG2Vke2Pbw5qDnSzcjjMJynqWbgpJHutt8HmQujLWF7AGuR7T_nh2%26sai%3DAMfl-YS5K4wTIWkZ5itm3keu3V67F5z8c9oBkzq0-r9ea87yg6iwPGHgNQvZoLYYDZ_yb9c9wnQv1Mkbf4QuWf_kEoGmvWtYUej7zWSP7iLYDw45B_gNkRnRbOOvI6woCzVS%26sig%3DCg0ArKJSzNVqf1w5iGDbEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&prev_scp=campaign%3D5677026463&cookie=ID%3Daa346bef899c9a04-22a41e4c06cc0065%3AT%3D1638012449%3AS%3DALNI_MbZ_phws2FMX6aZxjt20PEYR5CLiQ&cdm=www.zdnet.com&bc=31&abxe=1&lmt=1638012450&dt=1638012450238&dlt=1638012449892&idt=338&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=2&adxs=1050&adys=449&adks=1319207525&ucis=kvgld4936t2&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=300x0&ga_vid=1347365455.1638012450&ga_sid=1638012450&ga_hid=608750649&ga_fc=false&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
49e16fa0b5da3a6348e35683aa2952a4a40804aab91d0ddc43c03d27ba54e30e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12155
x-xss-protection
0
google-lineitem-id
5677026463
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138355023537
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
a2522c8c84fc87b18861b23329d7437f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2141 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a2522c8c84fc87b18861b23329d7437f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Sat, 27 Nov 2021 11:27:30 GMT
expires
Sun, 27 Nov 2022 11:27:30 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
integrator.js
adservice.google.de/adsid/ Frame FBAE 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame FBAE 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame FBAE 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sra_setclickurl&pvsid=1595488459165988&lenfreqs=571%3A1&vrg=2021111601&nw_id=22309610186&nslots=1&pub_url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame FBAE 		29 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1595488459165988&correlator=6436051041681&output=ldjh&impl=fif&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211127&iu_parts=22309610186%2Caw-rv%2Civt&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsv4sjnBA9Ahd54r1PrWgNmdCQ9A31cQQOJPyUOci82yj5vMnJsYYPwGrtfd-YudL1rb2ur_fhm_ElDP27jaLJzXQLC3uFa-rbsARd7HXxD5R8tpN9LvBnSMafH3O_9QyjI_wXR6PJIyP_P9Rz2CavzdY2o3e_YIXGljgFIMBvqLsHjeHPVeINYdJjujenAsCSjhd7iiWQhCPNq4Ah3radcxcgxWe_pMenhiYRyt1n7AEe0-YGc76TmSau3pkg3jiwbB0caFISTztkALI_ic_iTY61pv58iMJCp39q8c62Zy1GNZ7lEMMV_5BBes%26sai%3DAMfl-YS7_Al4CaAwN-uYTutM_Sqzneq4I8Hwx7FdDtLUvaOAe3QOYxm0cIn-gM_kKvvbVFy9VuL6YmwIivt5ZogyVqb5I29JZKnx8j-INDcLSsF17i2q78q9E3ZD9A64SHMT%26sig%3DCg0ArKJSzEzExujrmrNjEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&prev_scp=campaign%3D5677026463&cookie=ID%3Daa346bef899c9a04-22a41e4c06cc0065%3AT%3D1638012449%3AS%3DALNI_MbZ_phws2FMX6aZxjt20PEYR5CLiQ&cdm=www.zdnet.com&bc=31&abxe=1&lmt=1638012450&dt=1638012450251&dlt=1638012449866&idt=379&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=2&adxs=1050&adys=1747&adks=1319207525&ucis=sr83cbt05n6a&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=300x0&ga_vid=58549986.1638012450&ga_sid=1638012450&ga_hid=717171022&ga_fc=false&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
80cad7cd06569b38642853032961df176a586170cdf96280e891ae4edd2a2239
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12148
x-xss-protection
0
google-lineitem-id
5677026463
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138355023537
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.zdnet.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
724d7a079cbae3d6b4fd0c83c80346c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0932 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://724d7a079cbae3d6b4fd0c83c80346c1.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Sat, 27 Nov 2021 11:27:30 GMT
expires
Sun, 27 Nov 2022 11:27:30 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22364980590&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=bottom&zMoatSZPS=300x250%20%7C%20bottom&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638012450151&de=856984404906&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=18&cb=0&ym=0&cu=1638012450151&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5688542871%3A138349983439&zMoatW=300&zMoatH=250&zMoatVGUID=f470eb18-fd47-460e-af00-ec987d4590ea&zMoatSN=a&zMoatSL=mpu-bottom%3FLL%7CT-1000&zMoatMMV=noHistData&zMoatMMV_MAX=noHistData&zMoatMGV=noHistData&zMoatMSafety=unsafe&zMoatMData=1&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980590&dfp=0%2C1&la=22364980590&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A978%3A978%3A1782%3A929&iq=noHistData&tt=noHistData&tu=1&tp=unsafe&jk=-1&jm=-1&fs=195602&na=1891353965&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 626D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst066wyvwj4ZRLChTxCoYET8gGp4MhSu1jBjCwZdxXsLhG8986yCMdaETuN9RxJATGLq8XK7L3mpbi8c9J5rM3QGGxdVC67SdrnatBhYsjyblT1ZvEKurei_ufbrrVNuHBgxTEOV-jS5xiaqv2ZQa8OXWRdakVG3U_DMgST3mTVeVDUhSEpCgsgLKD1x1k-d6yvuT30pbNZXkpC4cVDI3qoAYf5fCrf4o9Ymza4cUKTyna7EavmYrsFussrQMZg9zyLU-kgpROhk1PYS8ntYNgXwpy9uskwkxf19VDuh579qrsGAVqTow&sig=Cg0ArKJSzPCrKawsOMY0EAE&uach_m=[UACH]&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 626D 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:17:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
627
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 11:17:03 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 626D 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 11:27:30 GMT
moatad.js
z.moatads.com/redventuresgamdisplay60805146916/ Frame 626D 		335 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
last-modified
Thu, 04 Nov 2021 17:56:16 GMT
server
AmazonS3
x-amz-request-id
0YXEKRETNSDAW5KG
etag
"f312b221978540b1bae8fcc427275c6d"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=33103
accept-ranges
bytes
content-length
114431
x-amz-id-2
C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=
16181266791146063110
tpc.googlesyndication.com/simgad/ Frame 626D 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/16181266791146063110
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb3661ac37cbb213b64eb600c7c30da647babd9a2b2ffdbe5f30830fcebe2cc4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:18:04 GMT
x-content-type-options
nosniff
age
259766
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17729
x-xss-protection
0
last-modified
Thu, 01 Jul 2021 21:34:20 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 24 Nov 2022 11:18:04 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 7ED7 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsug5MLpR0sK-ukvafol9BJ0sD3d3odRB0ZYIabUi2F5n_tLnKnqcKVeIXRQ4YyVWa1t6_JH2f1woCxLDCgV6pfvfkmat_aFtT9VLCMFUUid-igunWiXVmLyOGQ1XjLYYl-CFj5swSDC1TNxYjWOsIrpBvQrq9xuzUIklgG8PV2MfSWsViBP01THz-A4sLyIPEbchixUzQgwBsKndCz61X5Zlv1vz4_k8Fs-gkqVZr353Ary0eUISIhqNkUd1B1gLY4aZqbgBmgwKXcS9c7K4cMoA3tvJie5eaYyXbshiVWpgI1zAkzVYw&sig=Cg0ArKJSzC88_3k5sUaDEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 7ED7 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:17:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
627
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 11:17:03 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 7ED7 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 11:27:30 GMT
moatad.js
z.moatads.com/redventuresgamdisplay60805146916/ Frame 7ED7 		335 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
last-modified
Thu, 04 Nov 2021 17:56:16 GMT
server
AmazonS3
x-amz-request-id
0YXEKRETNSDAW5KG
etag
"f312b221978540b1bae8fcc427275c6d"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=33103
accept-ranges
bytes
content-length
114431
x-amz-id-2
C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=
6742078371641366590
tpc.googlesyndication.com/simgad/ Frame 7ED7 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/6742078371641366590
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d14089a26465eafc74f43e9aa9f3e20d5c61ae083d94d8a719741f8d003432bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 23:09:00 GMT
x-content-type-options
nosniff
age
303510
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25645
x-xss-protection
0
last-modified
Thu, 01 Jul 2021 21:35:48 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 23 Nov 2022 23:09:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 48D1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssgiXeiFyU7cDMLMAPrb8h4GTL-ELrfVm0Hhei9QkY-2JR393qUS-Y3qyRg0O7ivzCKfxHltka9_SXo5VpszkXbV2vkEaKS7ggEl3bjCTjDA5Z8WFjUjGf9G_mS5lV14DaAXfYeHGQkHSzm6fRiS3MWuPuGlfpprVts56dI9go3w-qVvBvv9sRipGWuAikWqqTbs0TbF1WqjXoY3JRIB3Es4CcrcZMrn7O_Tq4j4_QWQBwIi2cfrOZ9PP-PocAo5eR2um6P3wvTwCDNMqVKgWHU2-JEQJbk6YJsDofCJVkkmwa54VlJKw&sig=Cg0ArKJSzEsxmY-fkI5JEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
16181266791146063110
tpc.googlesyndication.com/simgad/ Frame 48D1 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/16181266791146063110
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb3661ac37cbb213b64eb600c7c30da647babd9a2b2ffdbe5f30830fcebe2cc4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:18:04 GMT
x-content-type-options
nosniff
age
259766
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17729
x-xss-protection
0
last-modified
Thu, 01 Jul 2021 21:34:20 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 24 Nov 2022 11:18:04 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 48D1 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:17:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
627
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 11:17:03 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 48D1 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 11:27:30 GMT
l
www.google.com/ads/measurement/ Frame 48D1 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRVjGEHGzXSfEF05_gk2Vwxe-K-dm8282ZVFDDJVXAsh_KCWO_AIF8LptLOYG8RyLdtnZ9BWeTVk6S9qvSTVqxvJOr0_w
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
moatad.js
z.moatads.com/redventuresgamdisplay60805146916/ Frame 48D1 		335 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
last-modified
Thu, 04 Nov 2021 17:56:16 GMT
server
AmazonS3
x-amz-request-id
0YXEKRETNSDAW5KG
etag
"f312b221978540b1bae8fcc427275c6d"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=33103
accept-ranges
bytes
content-length
114431
x-amz-id-2
C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=
view
securepubads.g.doubleclick.net/pcs/ Frame 9803 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu9ici-OJBMjviEFGD06zt5U4fifE0dL6p-ItxdMTJFhvMRAhjBrZ4AurBgXZ6GGNv8lfPHq03oghAa4yrD-WKAupRwiqxZbB2quQTp5WJquLEkbYMVZhVHygGOOnbtKo_wN0CC8U9g9xZpRDz2eJTVrOZ5OZAV_FiQGbf7ZO92fUjDDO8qxDs-F4KpyH041Gi-owIrNDq5cjikbUH9qvl_at4w-q2DLsz_cLOvf-uw-LNfpxTta_4hQe9R0eov8YyXXELYXoPCE5UawKS85NwwGhi5hoWwb6VkOovktz8tK9uScsvcuA&sig=Cg0ArKJSzMuqtQ_yPRHkEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.zdnet.com
URL: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
16181266791146063110
tpc.googlesyndication.com/simgad/ Frame 9803 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/16181266791146063110
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb3661ac37cbb213b64eb600c7c30da647babd9a2b2ffdbe5f30830fcebe2cc4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:18:04 GMT
x-content-type-options
nosniff
age
259766
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17729
x-xss-protection
0
last-modified
Thu, 01 Jul 2021 21:34:20 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 24 Nov 2022 11:18:04 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 9803 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:17:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
627
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 11:17:03 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 9803 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 11:27:30 GMT
l
www.google.com/ads/measurement/ Frame 9803 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSP4k82tCl9BQkOk1wLVlSmGNbuf8lWYb8er__gJydhd-M1akSTTKVMERrR2FxWwIa7e3ohRgJ2usdTeUv-C3OrQsLssw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
moatad.js
z.moatads.com/redventuresgamdisplay60805146916/ Frame 9803 		335 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
last-modified
Thu, 04 Nov 2021 17:56:16 GMT
server
AmazonS3
x-amz-request-id
0YXEKRETNSDAW5KG
etag
"f312b221978540b1bae8fcc427275c6d"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=33103
accept-ranges
bytes
content-length
114431
x-amz-id-2
C2t+mu2GZvJNKTG4eZ/V+8bR1oCrooil5vrwV8fQM0MPX2xFEpH5YHFIGiF07pva+kqFl1UYyJI=
view
securepubads.g.doubleclick.net/pcs/ Frame 48D1 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvm3QDRpx2aLkmEPXNsm2mwZ7SCmtV90JWmigSrEIxMxaq4DqaYrbFfIFa0pJ8VugllIwr4M-67FpxM9BhJAxbuX7FtJIW1aIpfccg5HsYSk2WCyeum0Latg8_AW_y-pVcaJjl3GpKyiTF5JErQYCvUjd1xSEY9tAeyXGpBY2kT8NzAMGGXzYsdeA6lQScNLYmtZSfGpN1Ksvf2TCUB9f4ZzaVqGIWgZ-sOxfM5yd3DriyRWf7TOtNnc1Huc2W6R_KNE8WaIXqNKSWLKJgCrnjbik_--cti7IU5xdy0RP-eVBy3dBmuOC8p&sig=Cg0ArKJSzIy6UrbAG5JTEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 27 Nov 2021 11:27:30 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 7ED7 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssrJf1eQcYmnKbddL8A8oems7lrmN0be4o6_YZQNpS6nwcx1scb1ykyCG3JBwicUdKBdBSDJigfArkrhCS5HDHid72HXfJiwQ_NkMcNge4uupikFScjzZXtDSmP-OAA3_HLYegEMGroxtdHCJkVQZfdVbUKwQFGd7GgOZ6JA0kI83DQ0t6fWFiQGA2lqQkJY0OewN7k1nqdAHuVzTvS7sMMXQkoQdW8yI-ayvkt_NixiV4a9EMvYcqF-Xw3iZB90IValTS9UF6t6wmo_D_okTLU6FstulQBJraDhWmKDgDdputvhjeOEuWi&sig=Cg0ArKJSzJWOwV6e91ujEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 27 Nov 2021 11:27:30 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 626D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsukSV-gGtYtQN_105OnxpUZSF5R7yEKdHepV_sj3WDJkj_kFyKSSzTYkqhPczoOlTzZV7sWERouQ5IXOoakR2M-cYLmQAdDdLj56lZl4kXWG6xtbuAqeMWP5WcdLHYUSRkyh0YjkKz22Gov2LLqbiKyOLYlbY3PKfRts1nYxEWIFRT9RQGlCB_a43c_tAhC5jor5BYBhP0ybIz5uqFH4x9AqTP1CBduLQa_y-DiIXNG5vZBWQHzlxY4QaSVE906_wQ0o2Wn7KMNTl_yEcrEEQ2HVRaDWlp7Aq_frdBLic59CImXZGdDc0tE&sig=Cg0ArKJSzJdNH_fZDiZNEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 27 Nov 2021 11:27:30 GMT
truncated
/ Frame 626D 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2e32953350a1f45f0d8fd568de29392853bf0f3a5c525bc1ea72c967a535d721

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638012450418&de=147623450128&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=22&cb=0&ym=0&cu=1638012450418&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A978%3A978%3A1782%3A929&iq=na&tt=na&tu=&tp=&jk=-1&jm=-1&fs=195602&na=750247649&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=5&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638012450418&r=147623450128&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=5&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638012450418&r=147623450128&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame ACEF 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstP3k8ohQBL0VzgzdfpbJlEpOqL_V_Sv7Y6OWQKMmd3LE0K9VuCLZAB4DwtkZsDGOKnAg7UiwZqfOrRtlyFvyy3LvNFeMl26XzYev6gSg8r2zTKVoslVcY5EvQHiH5xOwvo0YtBATGoacvctUXs7uoIevRVZ6NOfOvBQnjfMA3WyT8DY_Lri8X_w1T47tUXR3dW-KxS5BghD174DRdv0bZwjihbog9SRyvNLRbP-HnI2R4wbLnXfyT3NAXEpqPQwNGF01mYOXo-wGBY0DK-OX_ii-GL1KJ_ghwbK5qRKRzuIX9xrJ3z7zqQmSHkF0tpKLA&sai=AMfl-YQXSUbx5u9TDZIZUTJIlh8HPL8oE_7hZcm6k403em7iJVRhOlFuUVZRf4z8EodWywmnPajrV4SgokC2MyPqIaM34jqZbrzr92BG1K0KXvUGi5nubfjmdpJNM8JZtiY&sig=Cg0ArKJSzBTdJWriI8OPEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 27 Nov 2021 11:27:30 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame ACEF 		12 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18fae518ef9bd260c630426870b71a2866d783976075a0d08afe74e6f5be84ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9226
x-xss-protection
0
truncated
/ Frame 7ED7 		219 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8b8e0800e02a7b1c69e5908baa5dc9a925b9ab09348a1e0d7e9e5cf79ffd99af

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=2&fi=1&apd=3&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355368817&S1id=22308610192&S2id=22383746382&ord=1638012450441&r=392745096473&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=2&fi=1&apd=3&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355368817&S1id=22308610192&S2id=22383746382&ord=1638012450441&r=392745096473&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=2&fi=1&apd=3&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355368817&S1id=22308610192&S2id=22383746382&ord=1638012450441&r=392745096473&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 4557 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvj7y3uVMtRux5n94gzuaR691zWyC3BJJLKXrTScYzegEsQMXBm2ETdv_OtpOp1imMW0Y6L3n-MNTFOpeEXeLwako4wcgwtmR-snaCyCm0yvWhW_FtB5XhbdviXoizZv1DXWA0ZSiitsflXKKIMyEi3gadP7b4sQFEMCGU4lDpZLoTP4C5QQvUQwoSitAAS6S40d2_krrgtNNXLCvJK4rsA_80hegSipjB3tf3jQPvFe2Epq7ZJrHLBgcuNizjso7b0SeGv8MlzjqfA3pyD3Gak_wmooQpUpy98Ghrsx6VPDDQ3GcgTlzVceEDQFc_ptDE&sai=AMfl-YRF-yYQ3zxxFHweK6YqPZ_2EpRUMl75rrIITuxiuRZh66_IvYkIe3GyuXk1Mcw0c2pU454SQ3aGWvioJfwpvwGPkEmZh8OadUa6_OBi0nLhhg9UXyGYC5IHOWQXoWA&sig=Cg0ArKJSzDS4q5-gl_IoEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 27 Nov 2021 11:27:30 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 4557 		12 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
32d76afe3a60defb737eff7be0ddb36c22a65bbf23e938950bbd1f1584572a12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9224
x-xss-protection
0
truncated
/ Frame 48D1 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
61c6981c35cfad74c396d75635b69eee7b5fa4b55fe837e050b404404b976f61

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=2&fi=1&apd=3&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638012450460&r=51872496047&t=meas&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=2&fi=1&apd=3&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638012450460&r=51872496047&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=2&fi=1&apd=3&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638012450460&r=51872496047&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame ECB4 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssATmqRgtWKXDAzq5YJBaGdytSqeqpj6Q-3_1NvKE-LGrqQarx_95C_pYD73R3m4iMlDO0ZgTGXE16bzmbWNOb6-i85_45EH6wT_u6fIYlFG85tB50PIwlgwAsKtV_LkAolOkal12lpFoEkBLFPdx8s21LS7y6lwJRDI8eoc9GmVES1ywF7TD_QgTgK7OOmKY-lW-egNsNPPWG4AdCPhGmzHY0JSPWslMcrvatwjvjhf0bELotLsVqIlK3YItigo8gh0hgnTne0UHVAfqxWflb3IHvh32yag9aLPP99i5A5Q6VIuvjUZwsZ87MJnnqDdQE&sai=AMfl-YT4dEx_KmDX1AjxwhKHuuFi_gB6oviueIdRGNUUy6PG3rgDwBMXkCLGzS_ja9O3n0r0xihw5MFpOMJsRIy5xPiO6_HksQiYmup_cdpDHvblHbNzgAIW0zkNQjqouifl&sig=Cg0ArKJSzFURfnHH-hooEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 27 Nov 2021 11:27:30 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame ECB4 		12 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cc2dec2b93412a8235ae0c24775dae74cc720c59cd32cb1f3f0d65ac73bb214d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9169
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 9803 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstKiTmKHj51xCvphBvyxjOKx9gxZZWEbnkhCQ8AQiPzAp3xu0hB9hYRNOETT69xj1rzsd58tF3wgiIi86Iaxyx3Ab80jHBvdaj1mAZikYBcHgz-xm93VfoFhZYCtZzde_BGaYnm1qQQ2SfoDYpU-hsMeWLJonuepL625Qw_x0EqXa2thCyU5Zh45btovdmviWqP0fo6yIYaoY-PzwPRa9zuVhueb1iCe3UHpxZnXPTmBT-PKAyXopdDGe_7ciCYAUhDWlWWOKFkaZNV-OrV3Kxwx9cOo-i89XTDJURqaTnJZyQExxoFxNTs&sig=Cg0ArKJSzAlrypPNB91JEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 27 Nov 2021 11:27:30 GMT
truncated
/ Frame 9803 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6f0ef5634a8506260df2eefade9b4e79b90528a6230a9b24db784e82695df4f4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=5&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638012450497&r=249952006021&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=5&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638012450497&r=249952006021&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame ACEF 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 27 Nov 2021 11:27:30 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 4557 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 27 Nov 2021 11:27:30 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame FBAE 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstw7nLvhuazc3EXvDjsG4FPwAVzMt9yyesiil-GFMwKFAeT0HFYFjgviHANAbFE-XdNcuQ5G7kE4E_5jbUodMElmXJg11LrJ9GLkPNSETGxkg-_5Q-tS41y9M6_6vfjFtNRHobdTcby8EDzn--9q0CeFuu708lzdZKXMnUiq497HMh2zy4nVcvZMUZVvnWhkA-w78s_oRnc6S7RZO1zt6qVkr4jAsLDGg4y81G7FLWdcXUBekjkTYzZsiXBbv1T0ZnW-qh5oen8W2eE8rbXvEPHQqcFUWeGAfjkVTGepC_0KpyHaZnoF4a--RYyaRbvHgA&sai=AMfl-YRo41CC6L4LeJ5-fxpyX0TV-YdvRaunBzNDC4EPn5y5IoF3YiZez95VVEzLL9TrXUrax_QBy1g5xYMind2YbSakUa26lEVz_syc1ykTHX616ELlBtSnB_8qjj2qt4hb&sig=Cg0ArKJSzDSDfOnwRDSvEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 27 Nov 2021 11:27:30 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame FBAE 		12 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6e32fc793357588dbb7c7a8e583beb01491886747cba1065ca499a54caf98543
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9305
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame ECB4 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 27 Nov 2021 11:27:30 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F16181266791146063110&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450418&de=147623450128&cu=1638012450418&m=15&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=0&lg=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=9&vx=9%3A-%3A-&pe=1%3A978%3A978%3A1782%3A929&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&ez=1&pg=9&pf=0&ib=1&cc=0&bw=0&bx=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5&cd=0&ah=5&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-middle&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=mpu-middle&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=cc&zMoatJS=3%3A-&ti=0&ih=1&jk=2&jm=-1&tz=mpu-middle&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1962618303&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=728x90&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638012450441&de=392745096473&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=26&cb=0&ym=0&cu=1638012450441&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5677026463%3A138355368817&zMoatW=728&zMoatH=90&zMoatMMV_MAX=na&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A978%3A978%3A1782%3A929&iq=na&tt=na&tu=&tp=&jk=-1&jm=-1&fs=195602&na=2076390416&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 0490 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Sat, 27 Nov 2021 10:31:07 GMT
expires
Sun, 27 Nov 2022 10:31:07 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
3383
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame C48B 		783 B
533 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ca8f654ee7facd377686bee6c0e7432dc6f0ed91a76bee0e396262f5d113ddbe
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-oWlrmptE5xCrNlb0GNyCmA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Sat, 27 Nov 2021 11:27:30 GMT
date
Sat, 27 Nov 2021 11:27:30 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-oWlrmptE5xCrNlb0GNyCmA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
511
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar2.js
tpc.googlesyndication.com/sodar/ Frame FBAE 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 11:27:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 27 Nov 2021 11:27:30 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=728x90&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F6742078371641366590&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=728&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450441&de=392745096473&cu=1638012450441&m=12&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=0&lg=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A978%3A978%3A1782%3A929&as=0&ag=2&an=0&gf=2&gg=0&ix=2&ic=2&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=2&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=3&cd=0&ah=3&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355368817&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=728&zMoatH=90&zMoatMMV_MAX=na&zMoatSlotId=nav-ad-plus-leader&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=nav-ad-plus-leader&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=3&jm=-1&tz=nav-ad-plus-leader&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=137667686&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 70F5 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Sat, 27 Nov 2021 10:31:07 GMT
expires
Sun, 27 Nov 2022 10:31:07 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
3383
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 9346 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
8a8e432b7754f4b97defd458ae24e2d21566677948830c138e21730118ee9017
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-5LAXaL50MHG7dXmvd5m3aA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Sat, 27 Nov 2021 11:27:30 GMT
date
Sat, 27 Nov 2021 11:27:30 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-5LAXaL50MHG7dXmvd5m3aA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 7E8A 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Sat, 27 Nov 2021 10:31:07 GMT
expires
Sun, 27 Nov 2022 10:31:07 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
3383
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame CD61 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
88a131341bba0889cd8e45ec4675657582e1dc9cb93922d244b8012ceed05eea
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-vGvVeNORHUbpm7Yh3fA9tg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Sat, 27 Nov 2021 11:27:30 GMT
date
Sat, 27 Nov 2021 11:27:30 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-vGvVeNORHUbpm7Yh3fA9tg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638012450460&de=51872496047&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=30&cb=0&ym=0&cu=1638012450460&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A978%3A978%3A1782%3A929&iq=na&tt=na&tu=&tp=&jk=-1&jm=-1&fs=195602&na=403011522&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame BF80 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Sat, 27 Nov 2021 10:31:07 GMT
expires
Sun, 27 Nov 2022 10:31:07 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
3383
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame F872 		783 B
535 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
36aca459456d62f12e683ba23e3ee31557a6283d340a3df3dd38b1bf9b4e8d2f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-gjHN66wks7uaHSbz42/42A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Sat, 27 Nov 2021 11:27:30 GMT
date
Sat, 27 Nov 2021 11:27:30 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-gjHN66wks7uaHSbz42/42A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar
pagead2.googlesyndication.com/pagead/ Frame C48B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=1983261948470599&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
Ydwwnsiz0RrvfpNl89rQqoBRiFg6eVxNIdbgsmjvwYM.js
pagead2.googlesyndication.com/bg/ Frame 0490 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Ydwwnsiz0RrvfpNl89rQqoBRiFg6eVxNIdbgsmjvwYM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61dc309ec8b3d11aef7e9365f3dad0aa805188583a795c4d21d6e0b268efc183
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 13:17:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
79781
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13476
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 11:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 26 Nov 2022 13:17:49 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F16181266791146063110&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450460&de=51872496047&cu=1638012450460&m=8&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=0&lg=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A978%3A978%3A1782%3A929&as=0&ag=2&an=0&gf=2&gg=0&ix=2&ic=2&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=2&bx=0&dj=1&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=3&cd=0&ah=3&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=3&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=619414206&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=224&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638012450418&r=147623450128&t=hdn&os=1&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=205&fi=1&apd=206&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355368817&S1id=22308610192&S2id=22383746382&ord=1638012450441&r=392745096473&t=hdn&os=1&fi2=0&div1=0&ait=102&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=4&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1638012450497&de=249952006021&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=34&cb=0&ym=0&cu=1638012450497&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A978%3A978%3A1782%3A929&iq=na&tt=na&tu=&tp=&jk=-1&jm=-1&fs=195602&na=379007289&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=2148060149347060&bg=!X1ylXBjNAAZQLpa_UC47ACkAdvg8Wii0VgPhdseLWZdUzEYkK8fvV-VNtmTMTUFvbairYZfArSjs_wIAAAE5UgAAADVoAQcKAOKDx0LmZYV1YRr6bnkFhhDvLKHexjSkoap1bPA4cBjVhvg-tDevyM-vzvdhG17tvJcDJyz8a3AaeqdMz3b5mHz3aiQUYfnz55ZmUVndpewvHWoGaFZD4j4NuMmR0f7RePlOobubDWrMVuR6AYZjvSK6zoQcIJUFCO_CVjF-CYecFdhsTOhTZj0vnHP7-9tSWXep6nvoMoEwcIc7O3LziTnf1XiEXVSAJ-s1P0ZcgTg02YsaWp4tTQ4JyUx4pecrQhB8Zu0eGCPr464ClYJOubBfB8oJsAfWs7Th414OJKJ4apxymQJ0zib4R0Q_Eu3TEi3SOfND1RHy0OtFsON96bOb5v5dnc3uYbKCDCi0mrc5wtGm6cBofbBBV-ratMH0tO0BYjNy6AYJBCnryWlpAHmoGwBPZZIm9hnwsFPYvgTec_EVqLV-KA3eYnOaXHd1SAW3F2CGWdsVTBbvrRs2tY1W6912QCtrf1AJ0iBD9sddCg-lzavfuQgo4HvTEIVzM2zmYKYsJ3Fo1k6GmQ1enQSto8_FDDMeTVLXD85F7cnNyd1PdgwqWQD55e-g0pMqUHYRuWkx9SZ8BOsjLHz2Qw2JYkZothQZ8XLHT0qTsmJH_cz9I1xlJOQI-wFhQL5UhqshQe83e3ziRmpsEv3yduTzDXo7mXewKzbUZmhH1hcew1mq3oUcWDhXc_eTZf6lRJ_UBfdZsomTEx2-l9mWFsz_D4v3fK9epfOYuRNXjjg2PtbwvxOzuM0sDDtdOnnll8e7MMU-0uGX1JZsww9FZq-krw6bgh6SMkm2RGc9ZVMGtCbaTaHsA7GTQ4oYfzmTN7I_kwaJKTkLAKi7hz38NQazZDFoUH7abyF1XhPxGg1m6yHEydeNrm3XAvB7m5sH5H7DL8EvWHp1sb7MOAt1XSKNZmi3LceBuCgzm449rBgYvdWBx0I7PYpq8CARzcKwzZIrAXsaOIPE4yuXHqle4X_Ll6idlQCQL9kBEkFD45DTHVgqjMrV7uRsr2q0rE-W6o7cbcH2P74v0dV9mC_bVCZ5O-lRYU0jO3XQwXmTk6MjP-K3TkMgTj1GQvR1FA3-UWQIF5uclb0JyUmZn1u-rgYZ4LdnIS_00XZk46_jrJRyfasF9lMRdtuaag
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=218&fi=1&apd=219&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638012450460&r=51872496047&t=hdn&os=1&fi2=0&div1=0&ait=108&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=4&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 9346 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=1186890019852726&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ Frame CD61 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=2345747567647124&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
sodar
pagead2.googlesyndication.com/pagead/ Frame F872 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=1595488459165988&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F16181266791146063110&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450497&de=249952006021&cu=1638012450497&m=10&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=1&lg=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A978%3A978%3A1782%3A929&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5&cd=0&ah=5&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-bottom&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=mpu-bottom&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&jk=2&jm=-1&tz=mpu-bottom&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1017897150&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
Ydwwnsiz0RrvfpNl89rQqoBRiFg6eVxNIdbgsmjvwYM.js
pagead2.googlesyndication.com/bg/ Frame 70F5 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Ydwwnsiz0RrvfpNl89rQqoBRiFg6eVxNIdbgsmjvwYM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61dc309ec8b3d11aef7e9365f3dad0aa805188583a795c4d21d6e0b268efc183
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 13:17:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
79781
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13476
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 11:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 26 Nov 2022 13:17:49 GMT
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=203&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638012450497&r=249952006021&t=hdn&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:30 GMT
Ydwwnsiz0RrvfpNl89rQqoBRiFg6eVxNIdbgsmjvwYM.js
pagead2.googlesyndication.com/bg/ Frame 7E8A 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Ydwwnsiz0RrvfpNl89rQqoBRiFg6eVxNIdbgsmjvwYM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61dc309ec8b3d11aef7e9365f3dad0aa805188583a795c4d21d6e0b268efc183
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 13:17:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
79781
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13476
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 11:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 26 Nov 2022 13:17:49 GMT
Ydwwnsiz0RrvfpNl89rQqoBRiFg6eVxNIdbgsmjvwYM.js
pagead2.googlesyndication.com/bg/ Frame BF80 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Ydwwnsiz0RrvfpNl89rQqoBRiFg6eVxNIdbgsmjvwYM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61dc309ec8b3d11aef7e9365f3dad0aa805188583a795c4d21d6e0b268efc183
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 13:17:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
79781
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13476
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 11:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 26 Nov 2022 13:17:49 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame ACEF 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=1983261948470599&bg=!Li2lLWnNAAZQLpa_UC47ACkAdvg8WoovFcs0wQzFqDC2JVbCRbt-0F2J-K3tcQ57LmziPgK7JJfWxwIAAADUUgAAACloAQeZAppO5oXcvWGKLPzMqlIHcIDxR36pAE5zxG6RO_y22gLguIjFmjMWS3r3tqZUdVRpaQ3Jj0rIC841s9Zd6xSfl7jxFMXkGFjt7ETK7P-UtCBcHHpbF0MebJxeC221Vrt395XdRxN99qemz6prvEnnYoKAjG-U-4mziJz5D70hPyc5ueG9bTyljOIW9h3J6wsNdmZaQg9GCUVa4uEoT27hu_N6gr-Y9GR9hT2WirfJuxS-RuqgYffoitYiwzdp9iRBrZG55zNVlWzLGkEUhgw7L6trDoktXCisksOxEYaawmdIZnN3l2bJ_u54lSQgty9Eoxfit13u4SGIjceBoK0Y6HReRZb0iZtg7ge-byDt6VLtvRZNvY2FYEmHXva8HJhcUdNg4xB-rJYoWzeWk8bnJ7ucpONO06o6C9vgIjYtJp2BLCPWZ5TPQiEUAj7ktv41qqCmF0DvmzLcBwI-e7drPch2RXnKdktLfo0gbC1Ma5buPB8ugFziX2CgPxMNLIvLwcY-6b5QQs2_Ufq98qwD1HSJWkyMzuTGHvQUWen4ImcWmYeYx6Mzo-UWeShFssp7qE5YvxNdZ5RgcqwSHqOY1fLg88s0vM7lWITPGTq43kZsndWdwxs-poMOJrkoQ47br4j9ygo3JtNHvhrOB26sJM9rDUdLQi79LKVnjbKYdG3FMe1zcghLhYtZhmU8UrYxemZKi51V3Bp_JRSpZLV6nyNBXLcn6VPfoUwZC3s_yJ5zLzcmpw0C8qXgLy8qMho49WAj5tsDbKb_AOio6OSTkAcUFCZmdPKnnVG0RAOeYZzVuZGuyS3_aQKJo6xkfgJnIAlZQyU3ecMeCMhDhOlC3hvJ7rp1gKmhz-IhmNzUSonyVRJXJH_dWzbkFzw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame ECB4 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=1186890019852726&bg=!KCulK2_NAAZQLpa_UC47ACkAdvg8WtTjXZNNlJLqgKwZwFVMDx-ookYhAx6wXfjupzFVk8KnSC1O1QIAAAC8UgAAABVoAQcKAOj7LDJDYJJGPr3h7Q8aGUq-KpyACvehU0gdsDs1yYYxl8UFjMW1raGUPp7nmSy-Oi9ZMZ4Hf0eB3K--hyiDn1hD0wkxZYqk6vn4kKHSNrncyS_bWXwDzDkG-pCr73b7HZcDRVDArSfeLgbybzSmksj1Vw_-msy82KntYvGZcGQRiM1fgBjnRWwiyNr7A1yaARUn4l11yDqgcnHVOVquiwx7t7w5ups7xr_bIvXqlbA-jMNXqAq8V1lDUoLP_XbIBf3QsEyw5vzmuCJbM7E8GG9svLYdSNY8rxczknf24jfoa9iBK19-IVLkmQKGP80PjqIpn9boFV4E7ubkSiUCff-BbYOpRtiWKZIOkwviMst6WuQoCxLMFc_MSHzOSORX8W1EyCUCo5X78ZdZSXd2tB_Qc3nSG69rFqlsYPwvQLL1apm8URdV7C0Q7ibnbC9rEd4ZrHj6JB2wzOIIaH-tbv4NXzm3dBEGk_AbtRAtqxUJX2NArNqPe99hE5URXDkSTQVaDlB_u3h3BNqfk8VM3tmb8uNHyzH4LU0egxZh1Wv3yCNe3KoVsEk6HF54694EiGszUb08KyaKLRms6j_2A9Kl17iT28YycGSHHPJj370swWaDAe4ycEBqUAuqBI5HvX8YV6qm3bG4iKK9xT_4vUcuEZPDu2H9vZxG3Ijy-fmy-8VH_SKbdaVCNJsHqKlSZgWhR1q223dd6aQhgSIw2GLHjX9O5It6F-iWfTRSKGbRXjpP1jcU6eEaWnARrU93J9TfCzgzpmXN27ArqMtG7bGYjPiSi7VJgrkvpWRKSG4UqgfAmJd86WKxvRXChghy2v_b_Hgt-NVH8OPA-2JJgEofhwu1pKBPa711SyGVULnouUgSEG1odx4wDtMmSDbmnxUy7yc0Zhm4__-syb4dh9zlaoAR2SNiKKYb2C3I0Qq0Zj0tQ4RD7p6tz7NNwW0hkmJ3hMS0l6OKZm7L4lXWv-0pWW9DSXpCWFp3R_tgV1RVdH23E2sNEdNDO9wv864zbCpF_pbsSYSC3FPUj8ZZt0jBAqrJkfG9ZeZ2JispqHafRHNSGTjiDDhh7t7aHZe0tlfc5WibN_HgxkouUvC8wIErYEs79PsAnhq_XhLdYUL8LSIEtUGBcw5vFHarJ5nzyJjLgllpg8NePVHAVo-wgHfXLw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame FBAE 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=1595488459165988&bg=!Z2SlZCDNAAZQLpa_UC47ACkAdvg8WkTIxDOX8XRy3b-r0Bo9_Lr1ylWRvXbm-ncRNiJHItLyIN8BDgIAAACvUgAAAAtoAQeZAo2P4gp0uuSh3u_lIbWtjUOSu74eB6pp7MdJmR9KNtHhkHXLr0MKQ5Ao1DrOKl1yTAiwVP-SuRXsxtqZRjz0JJT9Wsm7bz6Oa0kt9gSFoLrRcE_03te3majCG8iWLrQJRz8R2nWam-gcU164h-nVS-K1K_ji0Y13FN3IiAvym1yCHLAKRDpgpXmth7nFJT5IclKP1jmpelUgyHxq1sJCdDe34J-32MVlAx_0nkk1juzVyq7HWVTzCJIhSbm-I5h1owY8ih2YJy_R0p5xk5pW-sjy_7Z2GQtuxCn3ccnJ7iHD1w57l84MnjBsKn8v-yjqPdoQ0-6yHf7qMTT5Rv2gtbtYPcimLAlijYrssXssv7BcWNkjAcBwK6QyHwp4zSQKJnCcY58w3_PSaHbSxpaw-rtCAkBrBwfwep1NJW5VvB1eb-zM9D4M8xgJS89pB5jW7asC83KtibJMkBjJm7DejalHYCdJXEy8lQFMu5vStSonnYSeohwxs_EgjQdU7gnq6ha4oTWb7V_emoVEHCJsEo4ye29V0aV4uYlgbVikG-bMGWv4HAtGmVmyqRKMX_xsxD3zqul4fSQ_HVKt7i7RTKDvFmbzIawFcbRMR5CvnYYOa-UNqbnkxiGC58UikIutccBPpF2LsWbMAXiFaPMdcLKSIPpyUwmXe3Dmk7NQ-bmEw8E1cxykkTu1ankKeonrEcP3QcY1FO47GOtBfrvMOWiX3faJESoj3gxi5Hzw-Fa1pYwnbnWjgRzcs6z9sMkoF-O2e4XJGjXIqdLP1bBeHyS3fCzdDVdLYmCTd5whazVAY3q2tLzuzWOcreWqTKIAT5mFuJGG1qKkN4_w0eITEOlKlHuw6Iadg_hItm--tw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4557 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=2345747567647124&bg=!jo2ljcnNAAZQLpa_UC47ACkAdvg8WknLN3EBqaF6vl776Gf4-XBERp00HnfhZgIiON4VjND0YfixhwIAAADLUgAAAAloAQcKAFs2gjO6eNGJuKpA7u_X0u0knt5erJN_asA4wW-0St5OIK413ndY7vztia1qIL8O-hMbWHo3QtiNgquNE7GHIJOD8gh7p7Yj2aokzfts9vwwnNG4uDSIWyHMrsNNmQKcZSVkBwClQM9Dkix1XN0OqX0VwT_TCKonEYa0vN1urhI_XSEYjVsYBVEKsfmMSDNqSbTvpPLpbcLfWD2K2Oa1EKL154EEkdW_fnT_N3ZLBOheXbImpRmjV5GZvvspIgCUt9_nS-CvvP-MA2xUttCrDpGuQst-gQ1YgwzKx3RHxXe11MxkMMnFw6c5fxrSovbjIhQn857U13qkkbw13VVppySwB7eOCvuEs6AO6V4eM4xDY-J7g__6DIZ3yc7f__29S5D9waHffsyDQ9GjK5l6lbGvUIyUs2G28Rx62K2uPhVusXStfiTcOhO1b4hTsUrHBUSgcuLnx0Y_SRB9vVOCN2FTord47xNffj5J58GJRicpMqNA9VVlZ-0OTHCHw9USKYBxyjvzmufducCOD6e2b_aHxNk8EhCYjesUYAfMYPMLq1T73lNdSrs3Zpft8nbHnpBJ4Vo-Rhz0YwY1Z2wrKTUBvYBPX6X5OsBa7NE5NtfLiObEyX2kXT4mGrtCN4V8Z-r1HlUlB0QURJz-yO0nbBVtrU_ZO7p8LZ-s0wu0rr9-3iihM-ewep3L1hQ-EnWfh936EsBo3By45mjW0EtQZ2CRlzSFrUolgta9LhpfGul9Q8P0YJJmiBnoWROKDNRqKmihpHUv0jefowg_pCVPYV7xSCDpTAO8jyjvT5Uq4zPEVeF4R-3QMwU9QyWIeEQFbgqGBO2kQtS4AJK-ih2BQRR9NmLAVoRUR4WnIu-3ThkGRwvRpYtQrQ9Maa0FeW7zNdbwklLK3Spm2ry5VosI_ZOXXNFuFWk43SU0b628iE_yCqQMkQk1y7i0LrFfwMXhBhX-lDDJOl7O-jv6KGutSBYujkEnveGxmArN6WyCWgOyF46_RY1R1CJPva4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 48D1 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv3K-pzcaAJ9BPz6UsgHfszxqoLvzp5m86D1nvh2DScA-JV6KKs41ovnI7bC9C5sfmKufcf9HCzb16MBOG1k_BUEaaHw3cebr8aGbAw9ZlFMtCxOlkf&sig=Cg0ArKJSzPrdm1bqGWWOEAE&id=lidar2&mcvt=1000&p=1177,1050,1427,1350&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211110&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=1319207525&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1638012450339&rpt=49&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 7ED7 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsucKYtzkXwDhbqxhmbaWBc2pVBICCK7AuLM-n-jAQGN72IqttFeSIXyCLy5fZigNE7inVTOfIHA-bcGfFnE9AqPRQ-Y5PL6eHwTQ7wxZ6lSuzKFkgTF&sig=Cg0ArKJSzJ8Nuyzc6ewJEAE&id=lidar2&mcvt=1002&p=5,436,95,1164&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20211110&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=2689385466&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1638012450312&rpt=89&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 4557 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvaUwlobLITk52BBFU1lx2qtkQg4R5uUiOTzfTIWA_p6dbb4DAXLzIEaxcaQEF8iyAhTDG7FY6ijFWYH9j9UKWOeWRBUNiHretfoXFQ2APPHY4P6pBQ&sig=Cg0ArKJSzD9lrWb6TKU1EAE&id=lidar2&mcvt=1004&p=5,436,95,1164&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20211110&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=3846852823&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1638012449835&rpt=621&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=728x90&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=728&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450441&de=392745096473&cu=1638012450441&m=1043&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=0&lg=1&lh=72&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A978%3A978%3A1782%3A929&as=1&ag=1035&an=2&gi=1&gf=1035&gg=2&ix=1035&ic=1035&ez=1&ck=1035&kw=835&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1035&bx=2&ci=1035&jz=835&dj=1&aa=0&ad=932&cn=0&gk=932&gl=0&ik=932&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=835&cd=3&ah=835&am=3&xd=00&rf=0&re=1&ft=932&fv=0&fw=932&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355368817&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=728&zMoatH=90&zMoatMMV_MAX=na&zMoatSlotId=nav-ad-plus-leader&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=nav-ad-plus-leader&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=nav-ad-plus-leader&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=85087265&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:31 GMT
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=835&tet=1035&fi=1&apd=1036&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355368817&S1id=22308610192&S2id=22383746382&ord=1638012450441&r=392745096473&t=iv&os=1&fi2=0&div1=1&ait=932&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=5&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:31 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=728x90&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=728&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450441&de=392745096473&cu=1638012450441&m=1045&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=0&lg=1&lh=72&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A978%3A978%3A1782%3A929&as=1&ag=1035&an=1035&gi=1&gf=1035&gg=1035&ix=1035&ic=1035&ez=1&ck=1035&kw=835&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1035&bx=1035&ci=1035&jz=835&dj=1&aa=0&ad=932&cn=932&gk=932&gl=932&ik=932&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=835&cd=835&ah=835&am=835&xd=00&rf=0&re=1&ft=932&fv=932&fw=932&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355368817&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=728&zMoatH=90&zMoatMMV_MAX=na&zMoatSlotId=nav-ad-plus-leader&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=nav-ad-plus-leader&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=nav-ad-plus-leader&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=56743832&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:31 GMT
pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=836&tet=1036&fi=1&apd=1037&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1638012450460&r=51872496047&t=iv&os=1&fi2=0&div1=1&ait=926&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=5&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:31 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=728x90&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=728&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450441&de=392745096473&cu=1638012450441&m=1046&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=0&lg=1&lh=72&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A978%3A978%3A1782%3A929&as=1&ag=1035&an=1035&gi=1&gf=1035&gg=1035&ix=1035&ic=1035&ez=1&ck=1035&kw=835&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1035&bx=1035&ci=1035&jz=835&dj=1&aa=0&ad=932&cn=932&gk=932&gl=932&ik=932&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=835&cd=835&ah=835&am=835&xd=00&rf=0&re=1&ft=932&fv=932&fw=932&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355368817&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=728&zMoatH=90&zMoatMMV_MAX=na&zMoatSlotId=nav-ad-plus-leader&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=nav-ad-plus-leader&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=nav-ad-plus-leader&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=577358710&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:31 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450460&de=51872496047&cu=1638012450460&m=1039&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=0&lg=1&lh=59&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A978%3A978%3A1782%3A929&as=1&ag=1036&an=2&gi=1&gf=1036&gg=2&ix=1036&ic=1036&ez=1&ck=1036&kw=836&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1036&bx=2&ci=1036&jz=836&dj=1&aa=0&ad=926&cn=0&gk=926&gl=0&ik=926&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=836&cd=3&ah=836&am=3&xd=00&rf=0&re=1&ft=926&fv=0&fw=926&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1179010453&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:31 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=2&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450460&de=51872496047&cu=1638012450460&m=1041&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=0&lg=1&lh=59&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A978%3A978%3A1782%3A929&as=1&ag=1036&an=1036&gi=1&gf=1036&gg=1036&ix=1036&ic=1036&ez=1&ck=1036&kw=836&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1036&bx=1036&ci=1036&jz=836&dj=1&aa=0&ad=926&cn=926&gk=926&gl=926&ik=926&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=836&cd=836&ah=836&am=836&xd=00&rf=0&re=1&ft=926&fv=926&fw=926&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1237145083&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:31 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame ECB4 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvBf8CcjWHmBXRFONP2PRGTmVWCOU5caw9GwFcpnM8V4qCj8gfnvGw833DfKXg1CghQOygqsJrlVtHwBmYGuyF-NXa3zEJzObPFFTuHP6d3nXMqrvNS&sig=Cg0ArKJSzGiKD4OnmzFAEAE&id=lidar2&mcvt=1000&p=449,1050,699,1350&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211110&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=36326968&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1638012449892&rpt=591&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=3&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450460&de=51872496047&cu=1638012450460&m=1042&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=0&lg=1&lh=59&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A978%3A978%3A1782%3A929&as=1&ag=1036&an=1036&gi=1&gf=1036&gg=1036&ix=1036&ic=1036&ez=1&ck=1036&kw=836&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1036&bx=1036&ci=1036&jz=836&dj=1&aa=0&ad=926&cn=926&gk=926&gl=926&ik=926&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=836&cd=836&ah=836&am=836&xd=00&rf=0&re=1&ft=926&fv=926&fw=926&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=4&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=836188889&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:31 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=728x90&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=728&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450441&de=392745096473&cu=1638012450441&m=1248&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=0&lg=1&lh=72&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A978%3A978%3A1782%3A929&as=1&ag=1240&an=1035&gi=1&gf=1240&gg=1035&ix=1240&ic=1240&ez=1&ck=1035&kw=835&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1240&bx=1035&ci=1035&jz=835&dj=1&aa=1&ad=1137&cn=932&gn=1&gk=1137&gl=932&ik=1137&co=1137&cp=1036&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1036&cd=835&ah=1036&am=835&xd=00&rf=0&re=1&ft=1137&fv=932&fw=932&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355368817&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=728&zMoatH=90&zMoatMMV_MAX=na&zMoatSlotId=nav-ad-plus-leader&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=nav-ad-plus-leader&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=5&jm=-1&tz=nav-ad-plus-leader&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1999574896&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:31 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=5&q=1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=4&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450460&de=51872496047&cu=1638012450460&m=1243&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=0&lg=1&lh=59&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A978%3A978%3A1782%3A929&as=1&ag=1240&an=1036&gi=1&gf=1240&gg=1036&ix=1240&ic=1240&ez=1&ck=1036&kw=836&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1240&bx=1036&ci=1036&jz=836&dj=1&aa=1&ad=1130&cn=926&gn=1&gk=1130&gl=926&ik=1130&co=1130&cp=1037&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1037&cd=836&ah=1037&am=836&xd=00&rf=0&re=1&ft=1130&fv=926&fw=926&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=5&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1638160899&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:31 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=728x90&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=5&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=90&w=728&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450441&de=392745096473&cu=1638012450441&m=5069&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=0&lg=1&lh=72&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A978%3A978%3A1782%3A929&as=1&ag=5061&an=1240&gi=1&gf=5061&gg=1240&ix=5061&ic=5061&ez=1&ck=1035&kw=835&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5061&bx=1240&ci=1035&jz=835&dj=1&aa=1&ad=4958&cn=1137&gn=1&gk=4958&gl=1137&ik=4958&co=1137&cp=1036&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4861&cd=1036&ah=4861&am=1036&xd=00&rf=0&re=1&ft=4858&fv=1137&fw=932&wb=2&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355368817&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=728&zMoatH=90&zMoatMMV_MAX=na&zMoatSlotId=nav-ad-plus-leader&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=nav-ad-plus-leader&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=5&jm=-1&tz=nav-ad-plus-leader&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1178350826&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:35 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:35 GMT
pixel.gif
px.moatads.com/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-lOt7GydOacklaX11F1NpvhT%2BFty8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-YEPg5sLyVi50og%3D%3D&sc=1&os=1-tw%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&pcode=redventuresgamheader644747280705&rx=458996941133&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=5&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file%2F%3Fhss_channel%3Dtw-2241017725&id=1&ii=4&f=0&j=&t=1638012450460&de=51872496047&cu=1638012450460&m=5061&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=4009&le=1&lf=0&lg=1&lh=59&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=100&vx=100%3A100%3A-&pe=1%3A978%3A978%3A1782%3A929&as=1&ag=5057&an=1240&gi=1&gf=5057&gg=1240&ix=5057&ic=5057&ez=1&ck=1036&kw=836&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5057&bx=1240&ci=1036&jz=836&dj=1&aa=1&ad=4947&cn=1130&gn=1&gk=4947&gl=1130&ik=4947&co=1130&cp=1037&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4857&cd=1037&ah=4857&am=1037&xd=00&rf=0&re=1&ft=4847&fv=1130&fw=926&wb=2&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-plus-top&zMoatCURL=zdnet.com%2Farticle%2Fthis-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file&zMoatDev=Desktop&zMoatDfpSlotId=mpu-plus-top&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=5&jm=-1&tz=mpu-plus-top&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1559529124&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 11:27:35 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 11:27:35 GMT

Verdicts & Comments Add Verdict or Comment

191 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| NREUM object| newrelic function| __nr_require function| loadMyFinance object| cbsoptanon object| soastaTracking object| ZdnetPageVars string| chsn_post_id object| ZdnetFunctions number| BOOMR_lstart object| _sf_async_config number| _sf_startpt object| _cbq object| knownServiceWorkers object| BidBarrel function| uuidv4 object| webVitals string| _cbsotstate function| UUIDv4 string| __tealium_data_guid object| utag_data string| key function| requirejs function| require function| define object| BOOMR object| BOOMR_mq object| regeneratorRuntime object| mf function| iFrameResize string| MYFI_SCRIPT_FOLDER function| initializeMyFinance function| requestMyFinanceAds function| initializeInline function| requestInlineAds boolean| MF_OVERWRITE_CONTAINER object| MF_DEBUG_URL object| mfEmbed boolean| mfInitialized string| _mfuuid_ function| $ function| jQuery object| Modernizr string| chsn_ad_id number| _sf_endpt function| VideoStrategy object| _cbv_strategies number| BOOMR_configt object| CryptoJS object| mPulseApp object| core object| pbjs object| _pbjsGlobals object| adFlow object| googletag object| confiant object| _bmrEvents object| ggeac object| google_js_reporting_queue undefined| easyXDM object| AudEng object| URS function| Waypoint undefined| google_measure_js_timing object| jQuery18307253597461533445 object| debug object| viacbs_at function| blankAdCallback function| CbsMoatListener function| moatYieldReady function| setMoatPrebidData undefined| ct undefined| et undefined| hourElapsed undefined| msg undefined| pixelDomain undefined| isDomless undefined| documentReferrer undefined| isBeta undefined| viewHash undefined| tagType undefined| pxSrc undefined| moat_px object| Moat#G26 object| MoatSuperV26 object| MoatNadoAllJsonpRequest_26122400 object| Moat#PML#26#1.2 boolean| Moat#EVA object| DOMlessLLDcallback_26122400 object| MoatDataJsonpRequest_26122400 object| moatPrebidApi number| BOOMR_onload object| $tealium boolean| searchOpen string| pageType string| waypointContextKey undefined| _ function| Hls undefined| uuid function| addResizeListener function| removeResizeListener function| Spinner object| uvpjs function| Class object| mpulseUserTiming object| adsbygoogle object| _Cohesion object| _Preamp object| _Fuse object| _Tagular function| cohesion function| preamp function| fuse function| tagular object| __Cohesion object| _Taggy object| _Monarch function| monarch object| _cb_shared object| pSUPERFLY_mab object| pSUPERFLY object| pSUPERFLY_video object| _cbv object| apstag boolean| utag_condload object| utag function| e boolean| isEuUser object| omnitureMgr object| dwMgr object| om boolean| cohesion_initialized object| adobe function| Visitor number| _uInterval boolean| apstagLOADED boolean| creativeVendorLibraryLoaded function| setImmediate function| clearImmediate object| ats object| UA object| ns_ object| _google_rum_ns_ object| google_persistent_state_async number| google_global_correlator number| google_srt function| mb function| Goog_AdSense_Lidar_sendVastEvent function| Goog_AdSense_Lidar_getViewability function| Goog_AdSense_Lidar_getUrlSignalsArray function| Goog_AdSense_Lidar_getUrlSignalsList object| module$contents$ima$CompanionAdSelectionSettings_CompanionAdSelectionSettings object| ima object| module$contents$ima$AdsRenderingSettings_AdsRenderingSettings object| module$contents$ima$AdCuePoints_AdCuePoints object| module$contents$ima$AdError_AdError object| module$contents$ima$AdErrorEvent_AdErrorEvent object| module$contents$ima$AdEvent_AdEvent object| module$contents$ima$AdsManagerLoadedEvent_AdsManagerLoadedEvent object| ADB function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq boolean| docCompleteTagsFired object| NOLCMB object| platform function| mux object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| gaGlobal object| GoogleGcLKhOms function| confiantDfpWrap object| google_image_requests

41 Cookies

Domain/Path Name / Value
www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file Name: pv
Value: 1
www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file Name: zdnet_ad
Value: %7B%22type%22%3A%22gpt%22%2C%22region%22%3A%22aw%22%2C%22subses%22%3A%225%22%2C%22session%22%3A%22a%22%7D
www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file Name: OptanonAlertBoxClosed
Value: 0000-00-00T00:00:00.000Z
.zdnet.com/ Name: fly_geo
Value: {"countryCode": "de"}
.zdnet.com/ Name: fly_device
Value: desktop
.zdnet.com/ Name: fly_preferred_edition
Value: eu
.zdnet.com/ Name: fly_default_edition
Value: eu
www.zdnet.com/ Name: _mfuuid_
Value: 7409b392-bf5d-4aa9-a698-91f2d7d88e05
.spotify.com/ Name: sp_t
Value: 1688e14dc32e378c97a6c80a6109d995
.spotify.com/ Name: sp_landing
Value: https%3A%2F%2Fopen.spotify.com%2Fembed-podcast%2Fepisode%2F447vSV1jxbZdJFGiNsvh6F
.zdnet.com/ Name: arrowImp
Value: true
.zdnet.com/ Name: arrowImpCnt
Value: 1
.zdnet.com/ Name: zdnetSessionStarted
Value: true
.zdnet.com/ Name: zdnetSessionCount
Value: 1
www.zdnet.com/ Name: viewGuid
Value: f470eb18-fd47-460e-af00-ec987d4590ea
.zdnet.com/ Name: fly_session
Value: bf31b09510ed1e530f995cf4963835bc
.nr-data.net/ Name: JSESSIONID
Value: ad685685c6cb9a6b
.www.zdnet.com/ Name: chsn_cnsnt
Value: tglr_ref%2Ctglr_req%2Ctglr_sess_id%2Ctglr_sess_count%2Ctglr_anon_id%2Ctglr_tenant_id%2Ctglr_virtual_ref%2Ctglr_transit_id%2Cchsn_dcsn_cache%2Cpmpdid%2Cpmpredirected%2Cpmpredir%2Cfuseid%2Ccohsn_xs_id%2Cchsn_auth_id%2ChashID%2CetagID%2CreinforcedID%2ChttpOnlyID%2CfpID%2CflID%2Ctglr_smpl%2Ctglr_reinforce%2Ctglr_gpc_sess_id%2Ctglr_hash_id
.www.zdnet.com/ Name: tglr_tenant_id
Value: src_1kYsAcdpfzbZ8UlNLYht1RPg3m2
.www.zdnet.com/ Name: tglr_transit_id
Value: 95e008f7-e7e0-4b0b-bb80-1e6bf613e14d
.www.zdnet.com/ Name: tglr_sess_id
Value: 313ef1a9-5fa0-47e2-9c0f-8bf220eb2151
.www.zdnet.com/ Name: tglr_sess_count
Value: 1
.www.zdnet.com/ Name: tglr_req
Value: https://www.zdnet.com/article/this-particularly-dangerous-phishing-attack-features-a-weaponized-excel-file/?hss_channel=tw-2241017725
.www.zdnet.com/ Name: tglr_anon_id
Value: fd14cc83-0e4f-45a1-a155-db0c80128c51
.cohesionapps.com/ Name: cohsn_xs_id
Value: b78ef79f-bc59-4fcc-a55d-a5dfd889b306
.www.zdnet.com/ Name: cohsn_xs_id
Value: b78ef79f-bc59-4fcc-a55d-a5dfd889b306
www.zdnet.com/ Name: _cb_ls
Value: 1
www.zdnet.com/ Name: _cb
Value: Bp9D1zDYlfOxDpYWfa
www.zdnet.com/ Name: _chartbeat2
Value: .1638012448918.1638012448918.1.B6p7zqsPNVDCjz_JpBdor02B07wAb.1
www.zdnet.com/ Name: _cb_svref
Value: null
.go.sonobi.com/ Name: HAPLB5A
Value: s568|YaIWJ
.rubiconproject.com/ Name: rsid
Value: 1|BdCsOVsH/a/fRiqn0c18Mxvc5rJaP5uXhxptGfrzPAh1r4L5PW3iSKqdZLqKjo/FKQattD3GB2TGFkanCXKRK1XEokALhlcJ9R8vVZqNCxkmzGqrEKJWU66THvScWV7/AA==
.rubiconproject.com/ Name: khaos
Value: KWHQBIN9-Q-FUUU
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB164c9PeKzpvyYsttz9VT367yYnFuSDAiObi+2Td/xv7VHMVgSRdXB8oQqGyDb68UlymPvo8plePxU0X4QtZmieLOO6pTeYsdc=
www.zdnet.com/ Name: _lr_geo_location
Value: DE
.www.zdnet.com/ Name: tglr_ref
Value: null
.zdnet.com/ Name: utag_main
Value: v_id:017d6126712a00062aa907a677ef03072008506a00b08$_sn:1$_se:2$_ss:0$_st:1638014249403$ses_id:1638012449067%3Bexp-session$_pn:1%3Bexp-session$linktag:notification%3Bexp-session
.zdnet.com/ Name: RT
Value: "z=1&dm=zdnet.com&si=6409daec-5faf-471e-b139-ebbe21206004&ss=kwhqbgqn&sl=1&tt=1gk&bcn=%2F%2F684dd32f.akstat.io%2F&ld=28k"
www.zdnet.com/ Name: _BB.enr
Value:
.doubleclick.net/ Name: IDE
Value: AHWqTUluGRcaarJ5BTq0weN_fjcZpeAmaO20BXfieMykd_SGgsiI4FPtaQpqfpStARo
.zdnet.com/ Name: __gads
Value: ID=aa346bef899c9a04:T=1638012449:S=ALNI_Mb7VD0UIUzrRoeiQmQltXX-XQA48A

2 Console Messages

Source Level URL
Text
javascript warning URL: https://open.scdn.co/cdn/build/embed-podcast/embed-podcast.4f33058d.js
Message:
It is recommended that a robustness level be specified. Not specifying the robustness level could result in unexpected behavior.
javascript warning URL: https://open.spotify.com/embed-podcast/episode/447vSV1jxbZdJFGiNsvh6F
Message:
The resource https://open.scdn.co/cdn/fonts/spoticon_regular_2.d319d911.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

684dd32f.akstat.io
724d7a079cbae3d6b4fd0c83c80346c1.safeframe.googlesyndication.com
79629e85a59a81721c4a1f064cda3390.safeframe.googlesyndication.com
7edca1fca72b1154fd1f57ebf4ef6f99.safeframe.googlesyndication.com
a.myfidevs.io
a2522c8c84fc87b18861b23329d7437f.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
apex.go.sonobi.com
apresolve.spotify.com
at.adtech.redventures.io
ats.rlcdn.com
b2b670beafe273e5e81b392c85999385.safeframe.googlesyndication.com
bam-cell.nr-data.net
c.amazon-adsystem.com
c.go-mpulse.net
c2shb.ssp.yahoo.com
cdn-gl.imrworldwide.com
cdn.cohesionapps.com
cnet-d.openx.net
confiant-integrations.global.ssl.fastly.net
fastlane.rubiconproject.com
geo.moatads.com
geo.privacymanager.io
gew1-spclient.spotify.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.scdn.co
ib.adnxs.com
ingest.make.rvapps.io
js-agent.newrelic.com
mb.moatads.com
monarch.cohesionapps.com
o22381.ingest.sentry.io
open.scdn.co
open.spotify.com
pagead2.googlesyndication.com
ping.chartbeat.net
px.moatads.com
redventuresgamdisplay60805146916.s.moatpixel.com
s0.2mdn.net
securepubads.g.doubleclick.net
sofia.trustx.org
static.chartbeat.com
static.myfinance.com
taggy.cohesionapps.com
tags.tiqcdn.com
tpc.googlesyndication.com
unpkg.com
urs.zdnet.com
web-sdk.urbanairship.com
www.google.com
www.googletagservices.com
www.myfinance.com
www.zdnet.com
z.moatads.com
13.32.21.201
13.35.253.70
142.250.186.34
143.204.207.44
151.101.193.194
151.101.2.137
151.101.66.154
162.247.243.146
178.162.133.150
18.171.9.184
184.51.8.191
185.33.220.241
185.64.189.112
2.17.5.147
2.18.235.40
23.21.227.9
2600:1901:0:524d::
2600:1901:1:5ca::
2600:1901:1:c36::
2600:9000:2156:6c00:2:42d9:3100:93a1
2600:9000:223c:6600:18:1fcd:34f:cdc1
2602:803:c004:200::140
2606:4700:3030::ac43:b431
2606:4700::6810:7aaf
2a00:1450:4001:801::2006
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::2004
2a00:1450:4001:812::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a02:26f0:6c00:1b8::11a6
2a02:26f0:6c00:2b9::11a6
2a04:4e42:4d::666
2a04:4e42:62::760
3.10.67.38
34.120.195.249
34.120.203.121
34.199.156.235
34.225.249.141
34.226.100.11
35.211.168.6
35.227.208.151
35.244.159.8
52.28.203.152
54.164.74.135
65.9.71.18
0025565f0cddfceb7ebdbc4b21d2552c894998e443153f97a6e8b353dfd9bebd
04c0d7e60a8e4a9d4fb94099ced75d1d9029308b0344d9a44290e3bbfeea5d45
0634b38cfca3edaa2edd88e2edeef420fc338a7928fd63d5c7b11d3b2fec0dd6
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d2078bf12beaaf3694eb02a46c6de631d4a5e4ba52b25d3d9a64c7c52626fad
0dd32795c388712b9e64473947ffd7c488f8795c4543b8255b261d37cae11fc5
0f23aaa9d0fec5942a9907b88ad801ff3eff3abede69bf286d869061201c67fe
1057d5fd733028374c07f587279e61230771eddfd056ce12fb75492fd1224ffd
118936592777a1abc630d39f6e853051806f97b5b1cce20e60c3c16d05e6b9ec
124fe2118474f3772fd31ae6c8c829db3fc48fc7c5f200ce19cedbd5f310b50d
12717f96c61a500136a8564d666db9b960869a71dd3176a438b53fb08be5c7bb
14d82c14648f7428a1178ffe2e86a55396c89ec6a58352c6b0ae29dec205754e
15fc6da0c56525b38a69504e4d5e73d1126290aff814150c4468d303a73bc727
18fae518ef9bd260c630426870b71a2866d783976075a0d08afe74e6f5be84ec
1a8be5118caeda79b772973aca427a54f00983fdc7b3a14ce7bdc7edf60f975b
1ac9f90e984f48f1e0095e191d2676ea692a8573a2e047b90a3026183a88b5a5
1da32e4b38213e106c7acdcf36f3bf1f25bae6d81dfd031c691d371f10ca4cdd
1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47
21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a
2376f29fd021f5c2b27de188db8124ef1a75fd6722d80f46fec0b2d2ea92c3b7
23a77191f110150f3b2c8c531918fb92cd94d4de946d018a836c8cbde90c95fe
2a241c46f8600dab1d9de67d9e042aae77762737d4f731143af5294f13d9ce09
2ac1abeb793e330db301dfbe8809ec90f32ebfed2e6c34896e6c26a6318be981
2c123d9a9620fcd999e39d5c3667f823748d2983116a763fbab3ea2e467c6dfe
2c125e6a12e3dd1d1d1aec93292e90fb3c28f36646a954402702b1d9c25175b1
2e32953350a1f45f0d8fd568de29392853bf0f3a5c525bc1ea72c967a535d721
30a1bd75be4c17c12941fc45c29d63d97a0810c831df15dec2509b625104cb97
31c4362d412b46e13bc6302f74c446397831f498a8dd4962bd1937488030de7c
32d76afe3a60defb737eff7be0ddb36c22a65bbf23e938950bbd1f1584572a12
364e9fa8e5ebd2723bceb6ad16241c713dbf20df34f4694041995de5b499eca3
36907f27970c8f2e5df0c6c5443a9283a8b49e7cdbef3c878a5a1e5b536b2065
36aca459456d62f12e683ba23e3ee31557a6283d340a3df3dd38b1bf9b4e8d2f
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
379b0b87a8d5f2d6ab3e2d641c6ac0ab7cbaf49ba1b83a8ab610c66879240263
3b3ed4b191fdd529075b8e099f5daefd684e80acd4c9514a70b6ad746e949544
3baac004e15ba7b49bdaee85dc2d7db46ea2087f7b791010ca04685a100bfec5
3c60d2056c4b51601d6d6a1ddc4afe9fd561c415c0bf1e5e730a9a0fac78fb9d
3db1305e4b2aaed3cc0412dc79ec19ee114eeb5d9751e5dc271d4e714e0e05a9
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
42faf2022b2a5e63cc982d2feb84175c7f2636614fbff9f5a851d5be85fe8ee4
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46cd684b6576047de3563c2c63116fef4eda48db2ff9e801de325d75811e6010
49e16fa0b5da3a6348e35683aa2952a4a40804aab91d0ddc43c03d27ba54e30e
4c9ec69ed221b10bd0fe8f6897894da55c09b9822a91eb08a73ad797157aa3f0
4ccb64cb52eff9e8c10713a938a73ec2461b8b1e71acef86c52cd7242c3b0090
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
517eaf5580d47767a33b006711939f8ea3d6acd492541d94bd02fbf76cf67829
53bd7793655d078b47da2e0dd784bb15c68ca2b79e0d242ef4f41c5dfa87b0a7
54ef066046a8ead98c9777754ea2448e907950558009d3b281c97a245dbbcc42
55b5da8c291fbf2194b2cf892c31e4d13a278a1c652f27b3222c0382cd41dd44
5b3ec42f4a9eef10a6313d4fed71a445f1d0f344eae4999152d9b4e27c45d457
5d44d3b24d8b2e108b687663364c97645d9975ff390dfbfe0d7ed1f22270a2c0
5e152b85a299406269b1042ec40e9367fbcd39d148fcd41f8123daa77d38baa4
5f5701ff35ea75155799b463241b98fb91c40c6dc43d377d8ad497650d3ceeab
61c6981c35cfad74c396d75635b69eee7b5fa4b55fe837e050b404404b976f61
61dc309ec8b3d11aef7e9365f3dad0aa805188583a795c4d21d6e0b268efc183
6227f18e898e5b7c708fc1eb1763bd1b2186bdecd6f8b81f4bc1bf84f4d7d4e6
6965b96e7b7a71a5f93c220862b5ac3397c5c81352ad6b6e47b46a27fb93b4b0
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c
6a3d2bb2b37e7dd9990f5ac6c300bf2c71278c9a42f95137158e4d8e70574939
6c0cd7b80611259d4ccce9165e8b5dd062aad43e3e3e19a404fe967c49795d03
6d26a4e809e620ff3753ea5167b23fb538629cfafc34f7678bcc689cd15a67e5
6e32fc793357588dbb7c7a8e583beb01491886747cba1065ca499a54caf98543
6f0ef5634a8506260df2eefade9b4e79b90528a6230a9b24db784e82695df4f4
7033b1ea7c8b18fba394958912c81cd4e106fac8c1e31fea4fa68b588bc22f73
73754eb59b005e7ba707b36d53955effb8e6bb76110f347d744150cc354cf9da
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
753bfb4880ebb976f0cec98027a17bec4d8ba9e28f35778973188579d286ad9f
7664328aa7c2ade94a0593fdc1506b8c49883f5f932d5171d9816444fc67566b
7985d5ce5be24a80a61822dd20c9cb939daa6a64a0bd19e17b2461225e687bf6
7a9aa5ececdb05df914b3b0570b632620d5de5241ba6ad392b419930e5d7339e
7acfcbda70f6e581e21d076c25a12a9b731f5f86cdbee0e998b17e57037417ba
7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6
7fda344ed650daa7135e747a591c756120ae1df090ee7a0fc5be84f3a69e3eeb
7fda7e840870d183ad5e5f21d29b59d7b4fd743ba587f61673b44734e685bbe4
80cad7cd06569b38642853032961df176a586170cdf96280e891ae4edd2a2239
829c410a6b21a34e4127e1ae45f244189a83493c13712d9e5d98f1d2dc19c3f7
82f947d14a0a198dfe3cec2fde7896f6e332eb798cc193dad8da9ed2225277cd
88a131341bba0889cd8e45ec4675657582e1dc9cb93922d244b8012ceed05eea
88b8a3cb9df436d6910440c58428516accee080be4fa556d3cf10ec6905cf1b9
897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda
8a8e432b7754f4b97defd458ae24e2d21566677948830c138e21730118ee9017
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8b8e0800e02a7b1c69e5908baa5dc9a925b9ab09348a1e0d7e9e5cf79ffd99af
8c55c6bedc6cd823a29600e157418c1c882e5c54fe1074f6c7fcbca0abcffdb5
8d34b11e18e64ab71c49bd12e47e4b8b9b223b3d4d31b7feebcb4398f54bb533
91e4d75794fbcbdab096cd683925f7d15b89aff52b059e15ce37bb5dd0524c08
93304a64787451a29469112be47402e8e62badcb3a9e02efc41f1c11eccc3490
948c658c52c733559e7f2123254e91c0cea490bd4bffc8dc1068339ad412219f
94a8b7e6bcf8f936b9183f0b52c6614ce1a4ba0ecdd2174d05430e8cd2670d04
95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa
958d975aab813c9537d0eff13e69ca09e9007e1e199077b5ed638a218da335d1
9b7909cb9edd007095b41a13617b66208e4210fff9c5e411a7db116efefc8e71
9e3acac26c018bbb2803699ff423b66a36f9163322e7354a6f4ea3fd7ae80aaa
9f080854f9c827e28a9580fa8bdad0b0972d555ec3e1282b98712cb5cb5e9ec5
a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a533caaf04358b397e0627867e54f3f6d9ea169f96dda02411966f723d5ee192
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a5edc98e141f5362307173b1a977d00f225b9791304669f2a96569bc60ee85d5
a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa8705571f72656693e770b3e04c7fbf0ac0283985e42300bf88635c90914fa1
aca7d1a59ffc28087ff2e504cdeb2bd10fa3b1135cd6964c1c0b7d1690b5cf33
acc16a7acfdc37b4e11c49adba781c8f4192368865c64e4ab37483780952c91e
af099e358ac26b455d43ac5534f7f9474d01710f59296b8e17f24ed0e2edda6d
af0cb5d1db950d9012fea87ca84c3d45515c6720c16668f9f1e0758526683d30
afac3a301d848688d0748228296ec7ae26369f67c2df29f3f480ef3ab0bc6ef9
b3d69894c12091c01b6e7bdefaccf1087bd9dce20afd4492bc1a87ae3716626b
b76efb6be235efeb5a082cf206c18fb1761abae1fe72bb2c19907238fd548156
b9a1d7f258dd370aca57f0e99b6f3f17dd45a1a69f769e64681295aeb2146a51
b9da402a00dc1741639d1fb44e54085d0d63758a2d79f99482b2bd9e855d46e2
bb3661ac37cbb213b64eb600c7c30da647babd9a2b2ffdbe5f30830fcebe2cc4
bb852945d8e9ae2dddadccfbce542830d5e86adf940a29239fa2742d6e79e2fb
bc94b7f93e495e0a8e301e67156165dcc6b4f1f6323ff5b12a297db3a0e2ff3b
bcc0ac1b386e00fb3f5e5ec0f60682b3023399eff0f7405cb1601042a4d1bf2b
c0628cb0f4bded33b13525eafad28b67f8d4f4774d239344ca86d2cf98e751a9
c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d
c50d5d10df377bd960648973b53891bfcaf48f457503eed023ad2c29f28e49b2
c6cc3bcc9535b59bf7e2c8cc47f9fc55b35627703e85cb423624ee0bf16ad82c
c859ffcd5f6dcb7439322c4d680ce6d22c0a88cf434114eabad1bf0b5ad2545f
ca8f654ee7facd377686bee6c0e7432dc6f0ed91a76bee0e396262f5d113ddbe
cc2dec2b93412a8235ae0c24775dae74cc720c59cd32cb1f3f0d65ac73bb214d
cceefd476057bb3f36703d027ec405887d25d05311d491b9a203d4c60a2d75fb
cd715c0fa7d69e85432e8b08d0a02b9613edf40212cca2040bde31670167638e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d14089a26465eafc74f43e9aa9f3e20d5c61ae083d94d8a719741f8d003432bd
d4da726e09c482b2eb1a4d776a7c5dc1b6561c52406153fdd759f447cf65a2cc
d590d4c779594dce4f6791ca59d67e86fcbaf73773269bbb636cdd4519d33c07
d6e1c0098619255b5c906ad8977cff0d69f1eb4d110abe8f8524f8d31f25d337
d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1
d84407005f8be6253de84d06aba3b98adf802ac9dc7e75169423298a4c772f26
daa166f9b5c8bb20a78778e8c1c2f32da877df3007a5b1d1972eebaaa9bca604
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dcd92d0f51b8261f854f0ce71a4e30f595a1624ad305b8b53c015a336bd01163
dcf19605ea7c52a1f66f1bb41f857a7f4215c2339d7801d7747abad2bf548208
de3450b75712ff6900adf144159d25698de8adc14989f342a6b67be749b78760
de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185
debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8
dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d
e0f74413c98e4a8f6c6bee563c78f7a39b6c32005e20313512dfa672ceae6b3a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5ab11b9756b1d55d9319049c61aeefffdbc7c9b96dfcb1e32ecb574b8750c7f
e6f6a4f8b9bb40c5fd4be0bba9cd91c0e15037e4dffc176dcebce77f125730bc
e916d6f3c9c316368f99463951a426d09d4ddd223e961652728b519efb11e772
ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec
ebf93c420e494fb1e02ce1a763a14cd4fd04ed43c5e4101fd1afee88c1290e7c
ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c
ec3c7b4b9c3d41a68810f7c16bb6ee7ab3567d93867cefe3774da6d101d6d01f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0
f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796
f68ec7cf550e86cb14e4d992724157c4f625ea3f0cd7d06e9e533c17c735401d
f945439dc314e5fa33b1d02f0654f9f480d68ad29d873f23f2b7af21445b7b0e
f97926aa27fe2056e80467cdfe9c6bbbc8e628e28467f1bb7c5a4a36a4bfadf4
fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127
fb9766461512772ce729af7ffe683446d978a9608b12044606194a114ab0aeb5
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097