www.zdnet.com Open in urlscan Pro
2a04:4e42:4c::666 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://edt.computerworld.com/c/120oo76poYqxVSQpM4jalskgxkQIT
Effective URL:
https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-...
Submission: On November 24 via api (November 24th 2021, 5:53:06 am UTC) from US — Scanned from DE

Summary HTTP 255 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 40 IPs in 4 countries across 29 domains to perform 255 HTTP transactions. The main IP is 2a04:4e42:4c::666, located in United States and belongs to FASTLY, US. The main domain is www.zdnet.com.
TLS certificate: Issued by R3 on October 26th 2021. Valid for: 3 months.

This is the only time www.zdnet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	143.204.98.115 143.204.98.115	16509 (AMAZON-02) (AMAZON-02)
29	2a04:4e42:4c:... 2a04:4e42:4c::666	54113 (FASTLY) (FASTLY)
5	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:26f0:6c0... 2a02:26f0:6c00:1b8::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	2600:1901:1:c... 2600:1901:1:c36::	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6814:b944	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	151.101.2.154 151.101.2.154	54113 (FASTLY) (FASTLY)
1	34.120.203.121 34.120.203.121	15169 (GOOGLE) (GOOGLE)
2	151.101.129.194 151.101.129.194	54113 (FASTLY) (FASTLY)
16	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
3	143.204.98.91 143.204.98.91	16509 (AMAZON-02) (AMAZON-02)
7	2a04:4e42:62:... 2a04:4e42:62::760	54113 (FASTLY) (FASTLY)
23	23.218.209.154 23.218.209.154	16625 (AKAMAI-AS) (AKAMAI-AS)
12	54.172.4.218 54.172.4.218	14618 (AMAZON-AES) (AMAZON-AES)
2	3.224.13.241 3.224.13.241	14618 (AMAZON-AES) (AMAZON-AES)
1	34.120.195.249 34.120.195.249	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:5... 2600:1901:0:524d::	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1	18.132.26.114 18.132.26.114	16509 (AMAZON-02) (AMAZON-02)
2	52.31.222.185 52.31.222.185	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:6c0... 2a02:26f0:6c00:2b9::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2600:1901:1:5... 2600:1901:1:5ca::	15169 (GOOGLE) (GOOGLE)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
16	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
18	2a04:4e42:4d:... 2a04:4e42:4d::666	54113 (FASTLY) (FASTLY)
2	162.247.243.147 162.247.243.147	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a06:98c1:312... 2a06:98c1:3121::15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
29	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
3	18.194.83.218 18.194.83.218	16509 (AMAZON-02) (AMAZON-02)
2	34.199.156.235 34.199.156.235	14618 (AMAZON-AES) (AMAZON-AES)
2 5	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
16	184.30.25.161 184.30.25.161	16625 (AKAMAI-AS) (AKAMAI-AS)
19	2a00:1450:400... 2a00:1450:4001:801::2006	15169 (GOOGLE) (GOOGLE)
3 4	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2 4	23.218.208.246 23.218.208.246	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	37.252.172.250 37.252.172.250	29990 (ASN-APPNEX) (ASN-APPNEX)
2	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
255	40

1 143.204.98.115 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-115.fra50.r.cloudfront.net

edt.computerworld.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a04:4e42:4c::666 (United States)

ASN54113 (FASTLY, US)

www.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:1b8::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1901:1:c36:: (United States) 1 redirects

ASN15169 (GOOGLE, US)

open.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.2.154 (United States)

ASN54113 (FASTLY, US)

at.adtech.redventures.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.203.121 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 121.203.120.34.bc.googleusercontent.com

urs.zdnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.194 (United States)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.98.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-91.fra50.r.cloudfront.net

cdn.cohesionapps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a04:4e42:62::760 (United States)

ASN54113 (FASTLY, US)

open.scdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.scdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 23.218.209.154 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-209-154.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 54.172.4.218 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-4-218.compute-1.amazonaws.com

ingest.make.rvapps.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.224.13.241 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-13-241.compute-1.amazonaws.com

taggy.cohesionapps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.195.249 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o22381.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:524d:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

apresolve.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5e8d489c0db6ff75e43f102cf0229f29.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.132.26.114 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-132-26-114.eu-west-2.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.31.222.185 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-222-185.eu-west-1.compute.amazonaws.com

geo.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:2b9::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

684dd32d.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1901:1:5ca:: (United States)

ASN15169 (GOOGLE, US)

gew1-spclient.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a04:4e42:4d::666 (United States)

ASN54113 (FASTLY, US)

media-mtml.mt.rvapps.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.147 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a06:98c1:3121::15 (United States)

ASN13335 (CLOUDFLARENET, US)

static.myfinance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.myfinance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.194.83.218 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-83-218.eu-central-1.compute.amazonaws.com

protected-by.clarium.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.199.156.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-156-235.compute-1.amazonaws.com

a.myfidevs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 184.30.25.161 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-25-161.deploy.static.akamaitechnologies.com

redventuresgamheader644747280705.s.moatpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
redventuresgamdisplay60805146916.s.moatpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:801::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.130 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.218.208.246 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-246.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.250 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	googlesyndication.com c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com 5e8d489c0db6ff75e43f102cf0229f29.safeframe.googlesyndication.com	289 KB
30	rvapps.io ingest.make.rvapps.io media-mtml.mt.rvapps.io	48 MB
30	zdnet.com www.zdnet.com urs.zdnet.com	666 KB
26	moatads.com z.moatads.com mb.moatads.com geo.moatads.com px.moatads.com	313 KB
26	doubleclick.net 3 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	366 KB
19	2mdn.net s0.2mdn.net	175 KB
16	moatpixel.com redventuresgamheader644747280705.s.moatpixel.com redventuresgamdisplay60805146916.s.moatpixel.com	4 KB
10	ampproject.org cdn.ampproject.org	204 KB
8	google.com 2 redirects adservice.google.com www.google.com	2 KB
8	spotify.com 1 redirects open.spotify.com apresolve.spotify.com gew1-spclient.spotify.com	11 KB
7	scdn.co open.scdn.co i.scdn.co	752 KB
5	cohesionapps.com cdn.cohesionapps.com taggy.cohesionapps.com	32 KB
5	cookielaw.org cdn.cookielaw.org	116 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com	4 KB
4	myfinance.com static.myfinance.com www.myfinance.com	66 KB
3	adnxs.com 2 redirects ib.adnxs.com	3 KB
3	clarium.io protected-by.clarium.io	1 KB
3	googletagservices.com www.googletagservices.com	109 KB
3	google.de adservice.google.de	1 KB
3	redventures.io at.adtech.redventures.io	179 KB
3	go-mpulse.net c.go-mpulse.net	52 KB
2	myfidevs.io a.myfidevs.io	166 B
2	nr-data.net bam-cell.nr-data.net	1 KB
2	akstat.io 684dd32d.akstat.io	708 B
2	fastly.net confiant-integrations.global.ssl.fastly.net	93 KB
1	newrelic.com js-agent.newrelic.com	17 KB
1	sentry.io o22381.ingest.sentry.io	245 B
1	onetrust.com geolocation.onetrust.com	373 B
1	computerworld.com 1 redirects edt.computerworld.com	477 B
255	29

	Domain	Requested by
29	www.zdnet.com	www.zdnet.com
20	px.moatads.com
19	s0.2mdn.net	www.zdnet.com s0.2mdn.net
19	tpc.googlesyndication.com	www.zdnet.com confiant-integrations.global.ssl.fastly.net cdn.ampproject.org c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com
18	media-mtml.mt.rvapps.io	www.zdnet.com
16	pagead2.googlesyndication.com	www.zdnet.com c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com
16	securepubads.g.doubleclick.net	www.zdnet.com securepubads.g.doubleclick.net www.googletagservices.com
13	redventuresgamheader644747280705.s.moatpixel.com
12	ingest.make.rvapps.io	www.zdnet.com
10	cdn.ampproject.org	confiant-integrations.global.ssl.fastly.net
6	open.scdn.co	open.spotify.com
5	www.google.com	2 redirects www.zdnet.com c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com tpc.googlesyndication.com
5	cdn.cookielaw.org	www.zdnet.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	googleads.g.doubleclick.net	www.zdnet.com c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com
4	gew1-spclient.spotify.com	open.scdn.co
3	redventuresgamdisplay60805146916.s.moatpixel.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	protected-by.clarium.io	c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com
3	www.googletagservices.com	www.zdnet.com c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com securepubads.g.doubleclick.net
3	adservice.google.com	www.zdnet.com securepubads.g.doubleclick.net
3	adservice.google.de	www.zdnet.com securepubads.g.doubleclick.net
3	z.moatads.com	www.zdnet.com securepubads.g.doubleclick.net
3	cdn.cohesionapps.com	www.zdnet.com cdn.cohesionapps.com
3	at.adtech.redventures.io	www.zdnet.com
3	open.spotify.com	1 redirects www.zdnet.com open.scdn.co
3	c.go-mpulse.net	www.zdnet.com c.go-mpulse.net
2	googleads4.g.doubleclick.net	www.zdnet.com
2	www.myfinance.com	www.zdnet.com
2	a.myfidevs.io	www.zdnet.com
2	static.myfinance.com	www.zdnet.com
2	bam-cell.nr-data.net	www.zdnet.com
2	684dd32d.akstat.io	www.zdnet.com c.go-mpulse.net
2	geo.moatads.com	z.moatads.com
2	c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com	www.zdnet.com
2	taggy.cohesionapps.com	www.zdnet.com
2	confiant-integrations.global.ssl.fastly.net	www.zdnet.com
1	5e8d489c0db6ff75e43f102cf0229f29.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	js-agent.newrelic.com	www.zdnet.com
1	mb.moatads.com	z.moatads.com
1	apresolve.spotify.com	open.scdn.co
1	o22381.ingest.sentry.io	open.scdn.co
1	i.scdn.co	open.spotify.com
1	urs.zdnet.com	www.zdnet.com
1	geolocation.onetrust.com	www.zdnet.com
1	edt.computerworld.com	1 redirects
255	47

This site contains links to these domains. Also see Links.

Domain
downloads.zdnet.com
www.zdnet.fr
www.zdnet.de
www.zdnet.co.kr
japan.zdnet.com
www.linkedin.com
www.flashpoint-intel.com
www.cnet.com
redventures.com
www.facebook.com
twitter.com
www.youtube.com
narratives.zdnet.com
privacyportal.onetrust.com
support.zdnet.com
academy.zdnet.com

Subject Issuer	Validity	Valid
*.zdnet.com R3	`2021-10-26` - `2022-01-24`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
akstat.io DigiCert SHA2 Secure Server CA	`2021-06-08` - `2022-06-13`	a year	crt.sh
*.spotify.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-03` - `2022-05-03`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2021-02-12` - `2022-02-11`	a year	crt.sh
at.adtech.redventures.io R3	`2021-10-05` - `2022-01-03`	3 months	crt.sh
*.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-04-27` - `2022-05-29`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
cdn.cohesionapps.com Amazon	`2021-01-17` - `2022-02-14`	a year	crt.sh
*.scdn.co DigiCert TLS RSA SHA256 2020 CA1	`2021-08-06` - `2022-09-02`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
ingest.make.rvapps.io Amazon	`2021-09-26` - `2022-10-24`	a year	crt.sh
*.taggy.cohesionapps.com Amazon	`2021-02-27` - `2022-03-28`	a year	crt.sh
*.ingest.sentry.io R3	`2021-10-24` - `2022-01-22`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-25` - `2022-06-25`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.mt.rvapps.io R3	`2021-11-14` - `2022-02-12`	3 months	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-18` - `2022-06-17`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
protected-by.clarium.io Gandi Standard SSL CA 2	`2020-04-03` - `2022-04-26`	2 years	crt.sh
*.myfidevs.io Amazon	`2021-01-06` - `2022-02-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh

This page contains 18 frames:

Primary Page: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Frame ID: 31DA7886410CFF1AB9AD96851E81D115
Requests: 135 HTTP requests in this frame

Frame: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Frame ID: 916ED4EA88F9EE8C1D54E79D89205AB0
Requests: 2 HTTP requests in this frame

Frame: https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS
Frame ID: AAA16F49FD68E590DC14015A97D6D2B7
Requests: 13 HTTP requests in this frame

Frame: https://cdn.cohesionapps.com/cohesion/xs2.html
Frame ID: 52733BB7A0DCA38ACBDC676823040EAC
Requests: 2 HTTP requests in this frame

Frame: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 0F5CC0F4E80CB6C880AE052F71DF0097
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstnnNUbuSzUkTIxzPBGEehLrQh4upjQcq2YXArTf-x9zTJ5EzRCplCFAGJgVZp8LOF54h1hdGBsKjKx-luXUQZJTFgp7JA1sTXoLwxkC4X37vtdHkq-uavOgPMiOBaSN8Wor314Z6hXdVQ9iMCgFrxOoX8KzGOey54RW-xWDU2T8G9sctAuzUbgS10Qj26h7BSAvDd1SHdhMPBX9VlQ3qsz4Z3BYwf5xNCGM1olLk1xOJM4tqgLVXDhDVg4NpdCTTnIqn6ZVs33JdnaS1w4YZ6FN1kjLxspx-Amep9WnNprvMV-dWPvPWCGoOpRVXZY&sai=AMfl-YSRY_79oujgKitWTC2JitUYmbZ0EakAf1zhvEIXqy-fMlyTdbUlUfmOkgCdxv-N0Y0FV9sAldWqQzWEwumZ07O01y1eqRwygRwo0IjtiP_5BqNJO24TzgxE_xxCWH0&sig=Cg0ArKJSzHo67GxgKkSiEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: F4D4EE5B59D05AB786EAA52B16D51ACC
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Frame ID: 83A85E5195D46A2E28CFC62D11153EA0
Requests: 15 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Frame ID: 82ED440652ED348B0532EE3D501E0F2E
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 1B75A0BA2FCE49CC1D2CDFF0223EA7A6
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3D4C63B897741A1EE13473CC476EDA5A
Requests: 2 HTTP requests in this frame

Frame: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A2BCAFB1C6357A9D92B7FC1C96AB8336
Requests: 16 HTTP requests in this frame

Frame: https://5e8d489c0db6ff75e43f102cf0229f29.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 5912B313335464D87BD37FC0D77EA703
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO67DRDRpiAYtpCytgEwAQ&v=APEucNWNx_zaDpX6qSTh5-t63gizyLHoVY4ZkB2OfI4V0Qfd3S92xoX8NYBPKGG9e2hmaXK_gAVV-LX8zvnFjGm1urI3GkX0g942YhdJDMy9qyEXARSi4lNwZh4IsQRQ2j0-WzHjG0XwrNGogvO8OrOMluwKyeA3gg
Frame ID: 323A7B9BB52326EA106D97E8E92CC364
Requests: 5 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstEHBCjZzRkWzq8WtJ39ada9p4gkoz0yCKqKdX45HLOReyYFspS29_nELIe3Ss0mqmh0mj6XbwKoMp5r2zzjJn4hSn6HdTAFueS0dwqx7XusCXPPbT2PTLAP9Ck20dIJrWrcRLyzQH6fwUcDR7iXq6POGqCzdg-GxK9BnOL5EboPVrb706xL8yOMsbWJt8gbDPfABaF-BoOZUfdj3zNO6boOj7n5aJdTn_bZTj2lOjSNbAthPpJUaSa5SoMymG1CnPL_x3ZG578i4EU1x6fCZ8TLCh57FF4NWcGN9R1rpPhDZN5cO7JIQ&sig=Cg0ArKJSzBJM7PWhqZKbEAE&uach_m=[UACH]&adurl=
Frame ID: 2302DFB71B1A478853DCC1A95381FCC2
Requests: 7 HTTP requests in this frame

Frame: https://s0.2mdn.net/1893691/1633100134497/index.html
Frame ID: 24600B061C6C6F36BF35B22584F65A7C
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 87F6F08348E4D3FC61B1D95766D287E2
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7DEFE9D843B6398AD8332AE596F3ACE1
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5DEE57C80DBE30A73DB341A93F958B47
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ransomware gangs are complaining that other crooks are stealing their ransoms | ZDNet

Page URL History Show full URLs

http://edt.computerworld.com/c/120oo76poYqxVSQpM4jalskgxkQIT HTTP 302
https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-... Page URL

Page Statistics

255
Requests

98 %
HTTPS

48 %
IPv6

29
Domains

47
Subdomains

40
IPs

4
Countries

52324 kB
Transfer

59643 kB
Size

38
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://downloads.zdnet.com/
Title: Downloads

Search URL Search Domain Scan URL

URL: http://www.zdnet.fr/
Title: ZDNet France

Search URL Search Domain Scan URL

URL: http://www.zdnet.de/
Title: ZDNet Germany

Search URL Search Domain Scan URL

URL: http://www.zdnet.co.kr/
Title: ZDNet Korea

Search URL Search Domain Scan URL

URL: http://japan.zdnet.com/
Title: ZDNet Japan

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/feed/update/urn:li:activity:6845837344713519104/
Title: recently disclosed

Search URL Search Domain Scan URL

URL: https://www.flashpoint-intel.com/blog/revils-cryptobackdoor-con-ransomware-groups-tactics-roil-affiliates-sparking-a-fallout/
Title: cybersecurity researchers at Flashpoint

Search URL Search Domain Scan URL

URL: https://www.cnet.com/tech/services-and-software/fbi-reportedly-withheld-ransomware-key-from-business-for-3-weeks-in-failed-sting/
Title: FBI reportedly withheld ransomware key from business for 3 weeks in failed sting

Search URL Search Domain Scan URL

URL: https://redventures.com/CMG-terms-of-use.html
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://redventures.com/privacy-policy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ZDNet/

Search URL Search Domain Scan URL

URL: https://twitter.com/zdnet

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/zdnet-com

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCr9QWb5RKLfaunjKHJZAdQQ

Search URL Search Domain Scan URL

URL: http://narratives.zdnet.com/
Title: Sponsored Narratives

Search URL Search Domain Scan URL

URL: https://privacyportal.onetrust.com/webform/79ba7c84-ebc2-4740-8d11-bf1cc4501e59/ae88e03f-2b16-4276-9980-27124ba4b2c1
Title: Do Not Sell My Information

Search URL Search Domain Scan URL

URL: https://support.zdnet.com/
Title: Site Assistance

Search URL Search Domain Scan URL

URL: https://academy.zdnet.com/
Title: ZDNet Academy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://edt.computerworld.com/c/120oo76poYqxVSQpM4jalskgxkQIT HTTP 302
https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://open.spotify.com/embed/episode/33NSP2nYaXmvXSC8QLnpnS HTTP 302
https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS

Request Chain 150

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 155

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 190

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZdwcLUoFn5nk-XHSl_ppo&google_cver=1

Request Chain 191

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZ3TO5TNOkfnInbOxuEpwAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZdwcLUoFn5nk-XHSl_ppo&google_cver=1

Request Chain 192

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHQEUgQOnCNHWfj51k_B9Lo&google_cver=1

Request Chain 193

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE0MzgyNTU5NDYwODY5MzY1Ng%3D%3D

255 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Redirect Chain

http://edt.computerworld.com/c/120oo76poYqxVSQpM4jalskgxkQIT
https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

254 KB
97 KB

1354ms
1285ms

Document
text/html

2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fda8aca3dd49c5fc600f5c6d80a4c1aa125e5863a204dcc78e1a7e564674e024

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-type: text/html; charset=UTF-8
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
link: <https://www.zdnet.com/a/fly/css/core/main-c3419f1987-rev.css>; rel="preload"; as="style"; nopush
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-tx-id: 6d50b74b-496c-4629-b854-dcc854fd30cd
x-xss-protection: 1; mode=block
date: Wed, 24 Nov 2021 05:52:57 GMT
via: 1.1 varnish
cache-control: max-age=5400, private
expires: Wed, 24 Nov 2021 07:22:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
vary: Accept-Encoding, User-Agent
content-length: 98663

Redirect headers

Transfer-Encoding: chunked
Connection: keep-alive
Server: CloudFront
Date: Wed, 24 Nov 2021 05:52:55 GMT
Location: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
X-Cache: Miss from cloudfront
Via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: QK4ZnzrbGhVx2eE_JQ6eQDcsrhsnoQP6JcywYYX4bQAbHgfG8MrT3A==

GET
H2 200 main-c3419f1987-rev.css
www.zdnet.com/a/fly/css/core/ 318 KB
54 KB 7ms
7ms Stylesheet
text/css 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/css/core/main-c3419f1987-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

3c2c275622093f9012768ff2e30be9dafee750f18b0938feacb193559db34ebd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 54512
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:19 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "9769ec9773ddd742e165f11471192906"
strict-transport-security: max-age=31536000
content-type: text/css
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Nov 2021 10:12:58 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 19 KB
7 KB 37ms
20ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b19d7b02efa2e63180e064f2801718bccb6fd3c2c307ee41110e21e2e4ad390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Lh0CEVPkmGuwf4KyqdKdhw==
age: 230
vary: Accept-Encoding
content-length: 6403
x-ms-lease-status: unlocked
last-modified: Mon, 22 Nov 2021 20:32:32 GMT
server: cloudflare
etag: 0x8D9ADF735C33F25
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: af27f9c3-901e-001c-49ea-df00f1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b305fc5de604dca-FRA

GET
H2 200 optanon-v1.1.0.js Show response
www.zdnet.com/a/privacy/optanon/ 36 KB
10 KB 10ms
10ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/privacy/optanon/optanon-v1.1.0.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 10444
x-xss-protection: 1; mode=block
last-modified: Thu, 04 Mar 2021 19:22:21 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "46e2aa30cbebb708b5fc468d57d56d8b"
strict-transport-security: max-age=31536000
content-language: en
via: 1.1 varnish
cache-control: public, max-age=86400
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
content-type: application/javascript
expires: Thu, 18 Nov 2021 07:05:01 GMT

GET
H2 200 controls-776b8acae1-rev.css
www.zdnet.com/a/fly/css/video/htmlPlayerControls/ 25 KB
4 KB 6ms
6ms Stylesheet
text/css 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/css/video/htmlPlayerControls/controls-776b8acae1-rev.css

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

fa3c2e6e0681eb8d99c0bc06918e317abac8bd4d184290d05d21cf94a490f023

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 4312
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:20 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "6b3cd412d6f22e97e56b3ff8d8a63f9e"
strict-transport-security: max-age=31536000
content-type: text/css
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Nov 2021 10:12:58 GMT

GET
H/1.1 200
OK YZ2TK-PC7PJ-K64DL-L53CR-P2G4E Show response
c.go-mpulse.net/boomerang/ Frame 916E 205 KB
50 KB 24ms
9ms Script
application/javascript 2a02:26f0:6c00:1b8::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1b8::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Akamai Resource Optimizer /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 05:52:57 GMT
Content-Encoding: br
Last-Modified: Thu, 14 Oct 2021 03:09:47 GMT
Server: Akamai Resource Optimizer
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800, s-maxage=604800
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 50393

GET
DATA 200
OK truncated
/ 31 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dp-zdnet-headshot-feb-20201.jpg
www.zdnet.com/a/img/resize/9259eca9a8f834cb7b14643148e61e3b39577a61/2020/02/06/6f24b751-729c-4ed9-9fae-979667f1d3b3/ 716 B
992 B 7ms
7ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/9259eca9a8f834cb7b14643148e61e3b39577a61/2020/02/06/6f24b751-729c-4ed9-9fae-979667f1d3b3/dp-zdnet-headshot-feb-20201.jpg?width=40&height=40&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7fbd386a534a28e9d0f78937d580f5a4dbe30977c8ba1add018490c736055513

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=32909 idim=685x644 ifmt=jpeg ofsz=716 odim=40x40 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1599085488055452
fastly-stats: io=1
content-length: 716
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "OwAW3yvt++heYB8h65SwvwfxWmlVQV7J+CMlYbmiqeY"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Tue, 16 Nov 2021 16:01:49 GMT

GET
H2 200 20210611-hultquist-danny.jpg
www.zdnet.com/a/img/resize/cef256c66f89f978f7aa3a456d6e4880b0d1208c/2021/06/11/8f6cd59a-a169-42b9-84a3-dbfc7dffec33/ 18 KB
18 KB 8ms
8ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/cef256c66f89f978f7aa3a456d6e4880b0d1208c/2021/06/11/8f6cd59a-a169-42b9-84a3-dbfc7dffec33/20210611-hultquist-danny.jpg?width=570&height=322&fit=crop&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a99a83803598dc9a2a3de0a91f9009bcb98a88cd73a0235ec095d82df8cd03d1

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=179512 idim=1920x1080 ifmt=jpeg ofsz=18190 odim=570x322 ofmt=webp
fastly-stats: io=1
content-length: 18190
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "oAl3qNSBy0Ss5+K5lfNDUg8D3pHlg8pP2zvvfXdrTFg"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Thu, 18 Nov 2021 10:24:06 GMT

GET
H2 200 istock-963131214.jpg
www.zdnet.com/a/img/resize/d546428d8308a8e7b3121eba1863e759fc4fd35e/2020/05/07/293f7a86-d90b-49a8-ba31-a6442ca37db3/ 2 KB
2 KB 8ms
8ms Image
image/webp 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/img/resize/d546428d8308a8e7b3121eba1863e759fc4fd35e/2020/05/07/293f7a86-d90b-49a8-ba31-a6442ca37db3/istock-963131214.jpg?width=220&height=165&fit=bounds&auto=webp

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

9d5840ff57a1d80ff69ba5204cfbf8b88fa944e7172c0778f6c0d764052cc926

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
fastly-io-info: ifsz=51217 idim=1254x836 ifmt=jpeg ofsz=2162 odim=220x147 ofmt=webp
x-goog-meta-x-goog-reserved-source-generation: 1599085517620829
fastly-stats: io=1
content-length: 2162
x-xss-protection: 1; mode=block
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "PCVTiVMmft1XtGhTVXPHCzmi8grJs9jdfcsHLOivkJQ"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Tue, 16 Nov 2021 19:21:59 GMT

GET
H2 200 require-2.1.2.js Show response
www.zdnet.com/a/fly/js/libs/ 16 KB
6 KB 6ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/libs/require-2.1.2.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 6169
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:18 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "3345dfd23470c3ecbb5fba75e9cb6bad"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:20:58 GMT

GET
H2 200 mag-white01.png
www.zdnet.com/a/fly/1637575705-asset/bundles/zdnetcss/images/core/ 1 KB
1 KB 7ms
5ms Image
image/png 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/fly/1637575705-asset/bundles/zdnetcss/images/core/mag-white01.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/core/main-c3419f1987-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/a/fly/css/core/main-c3419f1987-rev.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 943
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Nov 2021 20:04:42 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "2b3d6fa78213b58d79b72d8fb387d4b2"
strict-transport-security: max-age=31536000
content-type: image/png
via: 1.1 varnish
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Nov 2021 09:31:34 GMT

GET
H2 200 Semibold.woff2
www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/ 20 KB
20 KB 8ms
7ms Font
font/woff2 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/Semibold.woff2

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Origin: https://www.zdnet.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
content-length: 20344
x-xss-protection: 1; mode=block
last-modified: Fri, 12 Nov 2021 15:35:29 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "a96ff4477074c6395b7305d2d98fde8e"
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Nov 2022 18:20:56 GMT

GET
H2 200 Regular.woff2
www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/ 20 KB
20 KB 7ms
7ms Font
font/woff2 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/bundles/zdnetcss/fonts/Proxima%20Nova/Regular.woff2

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Origin: https://www.zdnet.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
content-length: 20256
x-xss-protection: 1; mode=block
last-modified: Fri, 12 Nov 2021 15:35:30 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "2d636d9395b2da27ce67040250333ca4"
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Nov 2022 18:20:56 GMT

GET
H2

200

33NSP2nYaXmvXSC8QLnpnS Show response
open.spotify.com/embed-podcast/episode/ Frame AAA1
Redirect Chain

https://open.spotify.com/embed/episode/33NSP2nYaXmvXSC8QLnpnS
https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS

38 KB
10 KB

194ms
194ms

Document
text/html

2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

30b526cdb42975c4c512d1806f764613cef1536b18dce916fd9cb64c74b83705

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
spotify-request-id: 0197fc4a-0468-40ad-a18e-e492672392ca
content-encoding: br
x-join-the-band: https://www.spotify.com/jobs/
sp-trace-id: dda645ca3d355335
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

Redirect headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-type: text/html
location: https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS
x-join-the-band: https://www.spotify.com/jobs/
sp-trace-id: b9f5210ac21302be
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
vary: Accept-Encoding
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H2 200 ring-animated.svg
www.zdnet.com/a/fly/1637575705-asset/bundles/zdnetcss/images/video/ 704 B
822 B 6ms
6ms Image
image/svg+xml 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/fly/1637575705-asset/bundles/zdnetcss/images/video/ring-animated.svg

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/video/htmlPlayerControls/controls-776b8acae1-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

0025565f0cddfceb7ebdbc4b21d2552c894998e443153f97a6e8b353dfd9bebd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/a/fly/css/video/htmlPlayerControls/controls-776b8acae1-rev.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
via: 1.1 varnish
vary: Accept-Encoding, Accept
content-length: 704
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Nov 2021 20:04:42 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5f87ac7f571b5a0b1cdc101b49cdc8de"
strict-transport-security: max-age=31536000
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Nov 2021 09:45:13 GMT

GET
H2 200 logo.png
www.zdnet.com/a/fly/1637575705-asset/bundles/zdnetcss/images/core/ 4 KB
4 KB 7ms
7ms Image
image/png 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zdnet.com/a/fly/1637575705-asset/bundles/zdnetcss/images/core/logo.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/css/core/main-c3419f1987-rev.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/a/fly/css/core/main-c3419f1987-rev.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 4140
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Nov 2021 20:04:42 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "6a582a0d8cb133a611ac4908a72c795f"
strict-transport-security: max-age=31536000
content-type: image/png
via: 1.1 varnish
cache-control: max-age=31536000
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Nov 2021 09:31:34 GMT

GET
H2 200 e70f246a-fd9b-4805-9fd4-fcd89020aca5.json Show response
cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/ 3 KB
2 KB 29ms
15ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/e70f246a-fd9b-4805-9fd4-fcd89020aca5.json

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eaf765d314b24473895a9ece61135d31023528c3b65129051b2c5a471d780604

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: xkIaWO5Hr0+rNu9IdoYHdw==
age: 13352
vary: Accept-Encoding
content-length: 1425
x-ms-lease-status: unlocked
last-modified: Thu, 08 Jul 2021 15:15:53 GMT
server: cloudflare
etag: 0x8D94223473B0939
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 6b7a330a-601e-004d-2d15-b61e04000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b305fc658da4ec2-FRA
expires: Wed, 24 Nov 2021 09:52:57 GMT

GET
H2 200 main.default.js Show response
www.zdnet.com/a/fly/141b7a-fly/js/ 223 KB
70 KB 7ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/141b7a-fly/js/main.default.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

a8a94d42c979e478050545342252366082c4e5f3aeff8dc27bae989a22f6ca34

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 71843
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:11 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "69d1331f41888834905b1646c2da70bb"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Nov 2021 10:12:59 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ Frame 916E 2 KB
1 KB 38ms
26ms XHR
application/json 2a02:26f0:6c00:1b8::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&d=www.zdnet.com&t=5459111&v=1.720.0&if=&sl=0&si=778d1f58-7099-455f-9f98-568779264271-r32b08&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by: Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1b8::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 0ab0291ca39c119635b19fbbc79468965640d338486f843f6682572271144b63

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 05:52:57 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 802

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 164 B
373 B 34ms
17ms Script
text/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b94f9074fc2ef1b63132fc70fe244cc5d5322e5982a80b6273a45a935ae335f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6b305fc6a8365c98-FRA

GET
H2 200 bidbarrel-zdnet-rv.min.js Show response
at.adtech.redventures.io/lib/dist/prod/ 607 KB
177 KB 31ms
7ms Script
application/javascript 151.101.2.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://at.adtech.redventures.io/lib/dist/prod/bidbarrel-zdnet-rv.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6c0cd7b80611259d4ccce9165e8b5dd062aad43e3e3e19a404fe967c49795d03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront), 1.1 varnish
age: 143
x-cache: Hit from cloudfront, HIT
content-encoding: gzip
content-length: 180330
x-served-by: cache-fra19162-FRA
last-modified: Thu, 28 Oct 2021 17:15:17 GMT
server: AmazonS3
x-timer: S1637733177.395153,VS0,VE1
etag: "873be44731952ce6844f825d0be702dd"
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: max-age=900, public, must-revalidate
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-amz-cf-id: D4NfEJKgXTL77xM0IAlWwPxZg3syRPHcXUl9nnU_H8MsPxibfaiADg==
x-cache-hits: 1

GET
H2 200 urs.js Show response
urs.zdnet.com/sdk/ 50 KB
50 KB 154ms
120ms Script
application/javascript 34.120.203.121
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://urs.zdnet.com/sdk/urs.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.203.121 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

121.203.120.34.bc.googleusercontent.com

Software

Resource Hash

fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
via: 1.1 google
last-modified: Tue, 12 Jan 2021 17:00:48 GMT
etag: "5ffdd5c0-c803"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
accept-ranges: bytes
alt-svc: clear
content-length: 51203

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.20.0/ 376 KB
84 KB 15ms
14ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.20.0/otBannerSdk.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

295c66c14524b77dd1271317457dec037b5ef0943da346b9b73681e54da826e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: jOOTzA5W9ewbfwCUPpt/mw==
age: 3131126
vary: Accept-Encoding
content-length: 86053
x-ms-lease-status: unlocked
last-modified: Wed, 07 Jul 2021 06:41:48 GMT
server: cloudflare
etag: 0x8D941124BEC2620
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b5562596-701e-0174-096c-c418f5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b305fc6cfe14dca-FRA

GET
H2 200 mpulse-1.0.2.js Show response
www.zdnet.com/a/fly/js/libs/ 61 KB
12 KB 6ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/libs/mpulse-1.0.2.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 12449
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:18 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "03f37dbcdf50983b1fe5955ff1800ddf"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 05:39:10 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/v2/ 2 KB
1 KB 26ms
25ms XHR
application/json 2a02:26f0:6c00:1b8::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/v2/config.json?key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&t=1637733177412&s=20da4f7de28c49d3d53fb80d9cc94571968c0691d4eb164135a88382cafde45c
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1b8::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 32a440354dfaafff8c9036af59dca85182cbfed5d474f01d58b716d01617a19f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 05:52:57 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 818

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/069e0a06-a1be-44f5-9a8f-926f2985d489/ 93 KB
20 KB 12ms
12ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/e70f246a-fd9b-4805-9fd4-fcd89020aca5/069e0a06-a1be-44f5-9a8f-926f2985d489/en.json

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c83de3876b70820a0a835648010dc49a5600d6c3dd65f1a1e19ff44d33663083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: AlmWtxV11YCExQkuyz0PJA==
age: 13397
vary: Accept-Encoding
content-length: 20136
x-ms-lease-status: unlocked
last-modified: Thu, 08 Jul 2021 15:15:59 GMT
server: cloudflare
etag: 0x8D942234AE979B3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 04e26c27-701e-00bc-7615-b6cf97000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b305fc6f9a74ec2-FRA
expires: Wed, 24 Nov 2021 09:52:57 GMT

OPTIONS
H2 200 diff
at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/ Frame 0
0 137ms
124ms Preflight
text/html 151.101.2.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/diff?variant=core

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: cat,content-type,variant,version
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

content-type: text/html; charset=utf-8
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://www.zdnet.com
access-control-allow-headers: *
allow: GET,HEAD
etag: W/"8-ZRAf8oNBS3Bjb/SU2GYZCmbtmXg"
x-cloud-trace-context: 4b69b3c94a6fbdf51d60ca976a541584
server: Google Frontend
accept-ranges: bytes
date: Wed, 24 Nov 2021 05:52:57 GMT
via: 1.1 varnish
x-served-by: cache-fra19129-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1637733178.505016,VS0,VE118
vary: Accept-Encoding, Origin
content-length: 8

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/ 164 KB
32 KB 29ms
6ms Script
text/javascript 151.101.129.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/J3UXFee1xclY-bfFlWh1mIZ_phU/gpt_and_prebid/config.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ebba9f268b421648df47ecdeb061ec11f7d47768215cf0fd5e8cbc8bcb5eff95

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 05:52:57 GMT
Content-Encoding: gzip
Age: 742
X-Cache: HIT
Connection: keep-alive
Content-Length: 32623
x-amz-id-2: 3YDP/WjYnk53OSYW3kT83UCOBUhsjHMtk/lskCEpfvLiaSjerdeoakslPUbcflQ9RcAAfImTY6Q=
X-Served-By: cache-fra19173-FRA
Last-Modified: Wed, 24 Nov 2021 05:34:23 GMT
Server: AmazonS3
X-Timer: S1637733177.491739,VS0,VE0
ETag: "98f0eba2f19e8b96a323a0cf49948fdf"
x-amz-request-id: 9CE4H4J2D9WEWZ0T
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 2

GET
H2 200 diff Show response
at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/ 25 KB
3 KB 9ms
9ms Fetch
application/json 151.101.2.154
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://at.adtech.redventures.io/lib/api/v1/zdnet-rv/prod/config/diff?variant=core

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.154 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

5e152b85a299406269b1042ec40e9367fbcd39d148fcd41f8123daa77d38baa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

cat: 5zTciER5s
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
variant: core
version: rv2.25.6

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
age: 540
x-dns-prefetch-control: off
x-cache: HIT
ttl: 900s
content-length: 2641
x-xss-protection: 1; mode=block
x-served-by: cache-fra19129-FRA
access-control-allow-origin: *
server: Google Frontend
x-timer: S1637733178.629663,VS0,VE1
x-frame-options: SAMEORIGIN
date: Wed, 24 Nov 2021 05:52:57 GMT
x-download-options: noopen
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
via: 1.1 varnish
x-cloud-trace-context: eb8e10cbf4f0e0e5fcd2e3c5f0dafc61
cache-control: max-age=900
etag: W/e7fb71ca085b706b3e28544f0f8f0d2ec48a5ada
accept-ranges: bytes
access-control-allow-headers: *
x-cache-hits: 1

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 77 KB
27 KB 46ms
23ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

c02cae5b2de27b0f12598ab23cf91b1e0e99dda2821e2d17510497e23093cbe7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1053 / 676 of 1000 / last-modified: 1637708807"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26862
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 24 Nov 2021 05:52:57 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.20.0/assets/ 13 KB
3 KB 14ms
14ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.20.0/assets/otFlat.json

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: /OL7qnwFOarng5AW29V9Pw==
age: 3131101
vary: Accept-Encoding
content-length: 2950
x-ms-lease-status: unlocked
last-modified: Wed, 07 Jul 2021 06:41:42 GMT
server: cloudflare
etag: 0x8D94112485FC2D3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 84c52ef2-f01e-0048-626c-c4ea7b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6b305fc77a514ec2-FRA

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/ 189 KB
60 KB 7ms
7ms Script
application/javascript 151.101.129.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c125e6a12e3dd1d1d1aec93292e90fb3c28f36646a954402702b1d9c25175b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 05:52:57 GMT
Content-Encoding: gzip
Age: 601
X-Cache: HIT
Connection: keep-alive
Content-Length: 61293
x-amz-id-2: jzXf5usRbJR3PYvp69Big/B/XsVaN007aaf8DzTo4oE6Ozrfyzq3/rqhk6J2PTv5JM4jjOX3BWs=
X-Served-By: cache-fra19173-FRA
Last-Modified: Wed, 17 Nov 2021 21:29:49 GMT
Server: AmazonS3
X-Timer: S1637733178.535028,VS0,VE0
ETag: "cb7589d017ac65aecf6dc6f5ec17c4b7"
x-amz-request-id: KY5DB13GGJV0P5XQ
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 195

GET
H2 200 cohesion-latest.min.js Show response
cdn.cohesionapps.com/cohesion/ 77 KB
21 KB 36ms
8ms Script
text/javascript 143.204.98.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cohesionapps.com/cohesion/cohesion-latest.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-91.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 15fc6da0c56525b38a69504e4d5e73d1126290aff814150c4468d303a73bc727

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
etag: W/"237f1a86ca36f84a0eb06096a5a162f7"
last-modified: Thu, 18 Nov 2021 13:26:43 GMT
server: AmazonS3
age: 59167
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
date: Tue, 23 Nov 2021 13:26:52 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: aLoetXVz7P5FfGUhyJMgmN87d07kJ2uOTbkRvRmnWKEXHgS3vAggVA==

GET
H/1.1 200
OK CircularSpUIv3T-Bold.8d0a45cc.woff2
open.scdn.co/cdn/fonts/ Frame AAA1 71 KB
72 KB 42ms
8ms Font
application/octet-stream 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Bold.8d0a45cc.woff2
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda

Request headers

Referer: https://open.spotify.com/
Origin: https://open.spotify.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 05:52:57 GMT
Last-Modified: Thu, 28 Oct 2021 13:16:22 GMT
Age: 2305873
ETag: "c147cc237b8b07e0a8875dfbbe857b29"
X-Served-By: cache-ord1730-ORD, cache-hhn11566-HHN
X-Cache: HIT, HIT
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 72840
X-Cache-Hits: 1, 1016

GET
H/1.1 200
OK spoticon_regular_2.d319d911.woff2
open.scdn.co/cdn/fonts/ Frame AAA1 56 KB
56 KB 42ms
7ms Font
application/octet-stream 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://open.scdn.co/cdn/fonts/spoticon_regular_2.d319d911.woff2
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1

Request headers

Referer: https://open.spotify.com/
Origin: https://open.spotify.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 05:52:57 GMT
Last-Modified: Wed, 06 Oct 2021 11:05:30 GMT
Age: 4212983
ETag: "3b7bbfac9ed3e75d426728e900579aa9"
X-Served-By: cache-ord1737-ORD, cache-hhn11573-HHN
X-Cache: HIT, HIT
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 56996
X-Cache-Hits: 1, 179934

GET
H/1.1 200
OK embed-podcast.3a62f418.css
open.scdn.co/cdn/build/embed-podcast/ Frame AAA1 9 KB
2 KB 41ms
6ms Stylesheet
text/css 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://open.scdn.co/cdn/build/embed-podcast/embed-podcast.3a62f418.css
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 379b0b87a8d5f2d6ab3e2d641c6ac0ab7cbaf49ba1b83a8ab610c66879240263

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 05:52:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 27 Oct 2021 15:33:13 GMT
Age: 2384098
ETag: "ebda2f52872f551dbbf912a25aeb0925"
X-Served-By: cache-ord1746-ORD, cache-hhn11569-HHN
X-Cache: HIT, HIT
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1201
X-Cache-Hits: 3, 134918

GET
H/1.1 200
OK vendor~embed-podcast.a5820da5.js Show response
open.scdn.co/cdn/build/embed-podcast/ Frame AAA1 2 MB
355 KB 23ms
8ms Script
application/javascript 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.a5820da5.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 64078cca2ea8a66431fc4858c30a9f021477865a6ea8407aaf0e1a8b52e4cfac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 05:52:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Nov 2021 00:11:43 GMT
Age: 20198
ETag: "09277de69b91e42b7a1d73ff20d048dc"
X-Served-By: cache-ord1725-ORD, cache-hhn11548-HHN
X-Cache: HIT, HIT
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 362995
X-Cache-Hits: 1, 1214

GET
H/1.1 200
OK embed-podcast.080462ed.js Show response
open.scdn.co/cdn/build/embed-podcast/ Frame AAA1 822 KB
187 KB 25ms
7ms Script
application/javascript 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://open.scdn.co/cdn/build/embed-podcast/embed-podcast.080462ed.js
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ba38b4bd83cc69407d65691feabf17def0db1d68db11304bec7cc6b4ad5c1d16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 05:52:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Nov 2021 00:11:43 GMT
Age: 20197
ETag: "3fbc3224f0f489fc8bf9e812058c309d"
X-Served-By: cache-ord1735-ORD, cache-hhn11529-HHN
X-Cache: HIT, HIT
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 190499
X-Cache-Hits: 2, 1195

GET
H2 200 pubads_impl_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ 344 KB
116 KB 18ms
18ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js?31063798

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118471
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 24 Nov 2021 05:52:57 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 217 B
153 B 35ms
17ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

12717f96c61a500136a8564d666db9b960869a71dd3176a438b53fb08be5c7bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128
x-xss-protection: 0
expires: Wed, 24 Nov 2021 05:52:57 GMT

GET
H2 200 article-86184d81e5-rev.js Show response
www.zdnet.com/a/fly/js/pages/ 104 KB
27 KB 8ms
7ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/pages/article-86184d81e5-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

364e9fa8e5ebd2723bceb6ad16241c713dbf20df34f4694041995de5b499eca3

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 27159
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:25 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "f9400dddd9df36d13ec7455e50015b28"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:20:55 GMT

GET
H2 200 moatheader.js Show response
z.moatads.com/redventuresgamheader644747280705/ 240 KB
82 KB 22ms
7ms Script
application/x-javascript 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5d44d3b24d8b2e108b687663364c97645d9975ff390dfbfe0d7ed1f22270a2c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
last-modified: Tue, 23 Nov 2021 00:50:09 GMT
server: AmazonS3
x-amz-request-id: QWQTNKA9EDH1J42X
etag: "74a126c5ca44a1637421099dcdbf91a3"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=18596
accept-ranges: bytes
content-length: 83685
x-amz-id-2: FwSR1Tw4J2DRG96ttncGfz3BBSvTzgAWHtGJPEAjRyvg/XxDzzlKcUSz6Lbbq4hCr8AmpQVcd9o=

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 316ms
100ms Preflight 54.172.4.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.4.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-4-218.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 315ms
102ms Preflight 54.172.4.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.4.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-4-218.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 314ms
102ms Preflight 54.172.4.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.4.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-4-218.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 313ms
102ms Preflight 54.172.4.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.4.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-4-218.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 114ms
114ms XHR
application/json 54.172.4.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.4.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-4-218.compute-1.amazonaws.com
Software: /
Resource Hash: a0159d0a73854c0a1c6add96ff1eb3608d011698b319b3709609958ecf9ff06c

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 124ms
124ms XHR
application/json 54.172.4.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.4.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-4-218.compute-1.amazonaws.com
Software: /
Resource Hash: 71dfd1a998f325d74006492171de94e1f377554b5704207e6eb0eb673fd02a8f

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 121ms
120ms XHR
application/json 54.172.4.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.4.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-4-218.compute-1.amazonaws.com
Software: /
Resource Hash: 175705b83ff0c8efb4604276f6b5927ac987468691d5a84f752ad88615d0b1c8

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 109ms
108ms XHR
application/json 54.172.4.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.4.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-4-218.compute-1.amazonaws.com
Software: /
Resource Hash: a8bfbe60462bd90eb25ccc0922eee4bf8dc9e2109b791e06e25a0f89cb5adaa2

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

GET
H2 200 xs1.html Show response
cdn.cohesionapps.com/cohesion/ Frame 5273 2 KB
1 KB 8ms
7ms Document
text/html 143.204.98.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cohesionapps.com/cohesion/xs1.html
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-91.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: afac3a301d848688d0748228296ec7ae26369f67c2df29f3f480ef3ab0bc6ef9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Response headers

content-type: text/html
last-modified: Thu, 18 Nov 2021 13:26:43 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
content-encoding: gzip
date: Tue, 23 Nov 2021 21:43:54 GMT
etag: W/"10b2c1751c2247b1aeccc91060f971cf"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: VJ2yehelpTp1x_vOt1R9aKBfVeKMWQGLrkOZulkCJw45STFmfuSWHw==
age: 29344

GET
H2 200 public Show response
taggy.cohesionapps.com/implementations/ 8 KB
8 KB 101ms
100ms XHR
application/json 3.224.13.241
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://taggy.cohesionapps.com/implementations/public
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.13.241 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-13-241.compute-1.amazonaws.com
Software: / Express
Resource Hash: 0a830965bf0ca79c75b43b1daac3fd85af97805d62d551b7773792b2a9eac461

Request headers

Source-Key: src_1kYsAcdpfzbZ8UlNLYht1RPg3m2
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Accept-Language: de-DE,de;q=0.9
Page-URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
x-powered-by: Express
etag: W/"2036-w2pJk5XK3C/Qt0xt8xobw0SHNLc"
content-length: 8246
content-type: application/json; charset=utf-8

OPTIONS
H2 204 public
taggy.cohesionapps.com/implementations/ Frame 0
0 311ms
101ms Preflight 3.224.13.241
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://taggy.cohesionapps.com/implementations/public
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.13.241 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-13-241.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,page-url,source-key
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type,page-url,source-key

GET
H/1.1 200
OK ab67656300005f1fd9725a9a6e9d75a3693721f5
i.scdn.co/image/ Frame AAA1 13 KB
14 KB 30ms
7ms Image
image/jpeg 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.scdn.co/image/ab67656300005f1fd9725a9a6e9d75a3693721f5
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c6cc3bcc9535b59bf7e2c8cc47f9fc55b35627703e85cb423624ee0bf16ad82c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 05:52:57 GMT
Last-Modified: Fri, 21 May 2021 16:03:01 GMT
Age: 149549
ETag: "5e8cd79c430899a519a31faa30b03781"
X-Served-By: cache-ord1738-ORD, cache-hhn11583-HHN
X-Cache: HIT, HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 13680
X-Cache-Hits: 1, 1

GET
H/1.1 200
OK CircularSpUIv3T-Book.3466e0ec.woff2
open.scdn.co/cdn/fonts/ Frame AAA1 67 KB
68 KB 11ms
11ms Font
application/octet-stream 2a04:4e42:62::760
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://open.scdn.co/cdn/fonts/CircularSpUIv3T-Book.3466e0ec.woff2
Requested by: Host: open.spotify.com
URL: https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:62::760 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47

Request headers

Referer: https://open.spotify.com/
Origin: https://open.spotify.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 05:52:57 GMT
Last-Modified: Wed, 08 Sep 2021 15:56:05 GMT
Age: 6615766
ETag: "6ff898ba447ac00bc6e457d25bcb0be8"
X-Served-By: cache-ord1734-ORD, cache-hhn11573-HHN
X-Cache: HIT, HIT
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 68852
X-Cache-Hits: 1, 248559

POST
H2 200 / Show response
o22381.ingest.sentry.io/api/1409086/envelope/ Frame AAA1 2 B
245 B 30ms
8ms Fetch
application/json 34.120.195.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://o22381.ingest.sentry.io/api/1409086/envelope/?sentry_key=80341f4271be4aec89050e48a0e4553e&sentry_version=7

Requested by

Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.a5820da5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://open.spotify.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
via: 1.1 google
server: nginx
vary: Origin
content-type: application/json
access-control-allow-origin: https://open.spotify.com
access-control-expose-headers: x-sentry-error, x-sentry-rate-limits, retry-after
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: clear
content-length: 2

GET
H2 200 / Show response
apresolve.spotify.com/ Frame AAA1 269 B
232 B 34ms
14ms Fetch
application/json 2600:1901:0:524d::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apresolve.spotify.com/?type=dealer&type=spclient
Requested by: Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.a5820da5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:524d:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0d67f64f9f7ececd08775df9f1c58efc8f27b1ddae48135e2620053361e2d9d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://open.spotify.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:57 GMT
content-encoding: gzip
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=0
alt-svc: clear
content-length: 104
via: 1.1 google

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 53ms
17ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 38ms
16ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
10 KB 324ms
324ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1370475171578121&correlator=1416493416513233&output=ldjh&impl=fifs&eid=31063798%2C31063811%2C31063183%2C31063246%2C44748553&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211124&iu_parts=22309610186%2Caw-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x66%7C5x5&prev_scp=pos%3Dnav%26sl%3Dnav-ad-plus-leader%253FT-1000%26iid%3Dunit%253Dnav-ad-plus-leader%257Cvguid%253Dcc8f261d-f599-4a03-9f72-b6f808059d4d%257Cpv%253D1&eri=1&cust_params=test%3Drelated_rr%257C1%257Cb%26buyingcycle%3Ddiscover%26topic%3Dsecurity%26tag%3Dransomware%252Ccyber-security%252Ctarget%26collection%3Da-winning-strategy-for-cybersecurity%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Db%26pv%3D1%26vguid%3Dcc8f261d-f599-4a03-9f72-b6f808059d4d&cookie_enabled=1&bc=31&abxe=1&lmt=1637733178&dt=1637733178044&dlt=1637733177212&idt=775&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=50&adks=3846852823&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x100&msz=1600x100&ga_vid=1107908080.1637733178&ga_sid=1637733178&ga_hid=2064920276&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

379abf770763f68460fa9a36a3631e76463ea3465573904b68f3d4a04b2799c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10641
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0F5C 6 KB
4 KB 51ms
14ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 24 Nov 2021 05:52:58 GMT
expires: Thu, 24 Nov 2022 05:52:58 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 v2 Show response
mb.moatads.com/yi/ 275 B
451 B 106ms
33ms Script
text/html 18.132.26.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/yi/v2?ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&callback=MoatNadoAllJsonpRequest_76921873
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.132.26.114 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-132-26-114.eu-west-2.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: 9ad82b38799a2d6ed68e01e4779f831a2990009768c3f40b574c7b9cbf8035c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
cache-control: max-age=900
server: TornadoServer/4.5.3
timing-allow-origin: *
etag: "9b8c70e65d9398e19d3f7dc1b83b86630af6d003"
content-length: 275
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 98 B
272 B 96ms
35ms Script
text/html 52.31.222.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=REDVENTURES_GAM_HEADER1&hp=1&wf=1&pxm=&sgs=3&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1637733178058&de=761358439717&m=0&ar=7829d9c2dd3-clean&iw=49869aa&q=1&cb=0&cu=1637733178058&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&pe=1%3A1615%3A1615%3A0%3A1634&jk=-1&jm=-1&fs=195814&na=91693387&cs=0&ord=1637733178058&jv=1618464388&callback=DOMlessLLDcallback_76921873
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.222.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-222-185.eu-west-1.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: 0623a076fb168368601401c17858f456aa86bafb3884e15d6648d7cb41ad24f0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
cache-control: max-age=900
server: TornadoServer/4.5.3
timing-allow-origin: *
etag: "47bb7408de7461f0f2da88455a50f03e46e5659d"
content-length: 98
content-type: text/html; charset=UTF-8

GET
H2 200 n.js Show response
geo.moatads.com/ 100 B
275 B 94ms
34ms Script
text/html 52.31.222.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&i=REDVENTURES_GAM_HEADER1&hp=1&wf=1&pxm=&sgs=3&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1637733178058&de=761358439717&m=0&ar=7829d9c2dd3-clean&iw=49869aa&q=2&cb=0&cu=1637733178058&ll=2&lm=0&ln=0&em=0&en=0&d=undefined%3Aundefined%3Aundefined%3Aundefined&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&bo=undefined&bd=undefined&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&pe=1%3A1615%3A1615%3A0%3A1634&jk=-1&jm=-1&fs=195814&na=1303061836&cs=0&callback=MoatDataJsonpRequest_76921873
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/redventuresgamheader644747280705/moatheader.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.222.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-222-185.eu-west-1.compute.amazonaws.com
Software: TornadoServer/4.5.3 /
Resource Hash: f64749cb42aa13db1f1cd61e690ac9d97a646db3ac06084aeb7ac1e3824cb654

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
cache-control: max-age=900
server: TornadoServer/4.5.3
timing-allow-origin: *
etag: "e546e8a1c560d0c16f8e580b793c9132adeddfec"
content-length: 100
content-type: text/html; charset=UTF-8

GET
H2 200 xs2.html Show response
cdn.cohesionapps.com/cohesion/ Frame 5273 473 B
835 B 7ms
7ms Document
text/html 143.204.98.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cohesionapps.com/cohesion/xs2.html
Requested by: Host: cdn.cohesionapps.com
URL: https://cdn.cohesionapps.com/cohesion/xs1.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-91.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 88b8a3cb9df436d6910440c58428516accee080be4fa556d3cf10ec6905cf1b9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cohesionapps.com/cohesion/xs1.html

Response headers

content-type: text/html
content-length: 473
last-modified: Thu, 18 Nov 2021 13:26:43 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Tue, 23 Nov 2021 19:55:03 GMT
etag: "ffa03bed298484a7755ca23c5431cb28"
x-cache: Hit from cloudfront
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: P4BjwmYnEut0TQ5LMcWBhCjEnhq3Bm_qH6FUKICobssRYFtbho94Xg==
age: 35876

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 13 KB
7 KB 398ms
398ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1370475171578121&correlator=2969378980001007&output=ldjh&impl=fifs&eid=31063798%2C31063811%2C31063183%2C31063246%2C44748553&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211124&iu_parts=22309610186%2Caw-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x600&prev_scp=pos%3Dtop%26sl%3Dmpu-plus-top%253FLL%257CT-1000%26iid%3Dunit%253Dmpu-plus-top%257Cvguid%253Dcc8f261d-f599-4a03-9f72-b6f808059d4d%257Cpv%253D1&eri=1&cust_params=test%3Drelated_rr%257C1%257Cb%26buyingcycle%3Ddiscover%26topic%3Dsecurity%26tag%3Dransomware%252Ccyber-security%252Ctarget%26collection%3Da-winning-strategy-for-cybersecurity%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Db%26pv%3D1%26vguid%3Dcc8f261d-f599-4a03-9f72-b6f808059d4d%26m_data%3Dwaiting%26m_safety%3Dwaiting%26m_categories%3Dwaiting%26m_mv%3Dwaiting%26m_gv%3Dwaiting&cookie_enabled=1&bc=31&abxe=1&lmt=1637733178&dt=1637733178210&dlt=1637733177212&idt=775&frm=20&biw=1600&bih=1200&oid=2&adxs=1050&adys=421&adks=36326968&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=370x280&msz=370x30&ga_vid=1107908080.1637733178&ga_sid=1637733178&ga_hid=2064920276&ga_fc=false&fws=4&ohw=370&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

c42352e42783eef20864e5a9c0272fb1a8eecf1e0863a57c2f7d153448e285de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7627
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
10 KB 289ms
289ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1370475171578121&correlator=2097622412476302&output=ldjh&impl=fifs&eid=31063798%2C31063811%2C31063183%2C31063246%2C44748553&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211124&iu_parts=22309610186%2Caw-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&prev_scp=pos%3Dmiddle%26sl%3Dmpu-middle%253FLL%257CT-1000%26iid%3Dunit%253Dmpu-middle%257Cvguid%253Dcc8f261d-f599-4a03-9f72-b6f808059d4d%257Cpv%253D1&eri=1&cust_params=test%3Drelated_rr%257C1%257Cb%26buyingcycle%3Ddiscover%26topic%3Dsecurity%26tag%3Dransomware%252Ccyber-security%252Ctarget%26collection%3Da-winning-strategy-for-cybersecurity%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Db%26pv%3D1%26vguid%3Dcc8f261d-f599-4a03-9f72-b6f808059d4d%26m_data%3Dwaiting%26m_safety%3Dwaiting%26m_categories%3Dwaiting%26m_mv%3Dwaiting%26m_gv%3Dwaiting&cookie_enabled=1&bc=31&abxe=1&lmt=1637733178&dt=1637733178212&dlt=1637733177212&idt=775&frm=20&biw=1600&bih=1200&oid=2&adxs=1050&adys=1304&adks=2638305364&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=370x30&msz=370x30&ga_vid=1107908080.1637733178&ga_sid=1637733178&ga_hid=2064920276&ga_fc=false&fws=4&ohw=370&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

d94f311307e974e8551ddddbf9fadce4e3886de34d539becdb153a53fde2ba25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10532
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content / Show response
684dd32d.akstat.io/ 0
354 B 44ms
22ms XHR
image/gif 2a02:26f0:6c00:2b9::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://684dd32d.akstat.io/?h.pg=article&h.ab=related_rr_b_1&when=1637733178184&cdim.Site_View=desktop&t_other=custom4%7C1536&d=zdnet.com&h.key=YZ2TK-PC7PJ-K64DL-L53CR-P2G4E&h.d=zdnet.com&h.cr=721ff82816bdce0a4214b45ea358cc60f14df0b2-d759083d-800602a4&h.t=1637733177427&http.initiator=api&rt.start=api&rt.si=80e28179-f6dd-4dcc-a80d-2a07f46aafc9&rt.ss=1637733179148&rt.sl=0&api=1&api.v=2&api.l=js&api.lv=0.0.1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Nov 2021 05:52:58 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Wed, 24 Nov 2021 05:52:58 GMT

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 106ms
106ms Preflight 54.172.4.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.4.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-4-218.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 200 t
ingest.make.rvapps.io/v2/ Frame 0
0 104ms
104ms Preflight 54.172.4.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.4.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-4-218.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 900
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 115ms
115ms XHR
application/json 54.172.4.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.4.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-4-218.compute-1.amazonaws.com
Software: /
Resource Hash: 927d604090a5f79c4aa15383b60d7d09070c0856771c95383cf05582e9f280eb

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

POST
H2 200 t Show response
ingest.make.rvapps.io/v2/ 138 B
271 B 113ms
112ms XHR
application/json 54.172.4.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ingest.make.rvapps.io/v2/t
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.172.4.218 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-172-4-218.compute-1.amazonaws.com
Software: /
Resource Hash: 4b88af3e9d8d55fb2196fb9e22209ff4a5ac841fc22e7b271cf4e766b88c750d

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Accept-Language: de-DE,de;q=0.9
Authorization: Basic d2tfMWtZc0FkSHN4MVhWd1Q1RWJYOU9RWWw0bkpNOg==
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
access-control-allow-credentials: true
content-length: 138
vary: Origin
content-type: application/json

GET
H2 200 get_access_token Show response
open.spotify.com/ Frame AAA1 188 B
440 B 34ms
34ms Fetch
application/json 2600:1901:1:c36::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://open.spotify.com/get_access_token?reason=transport&productType=embed_podcast

Requested by

Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.a5820da5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:c36:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

5e7f48dd890dbd233f7b8f81e439cadc04280dc08dcd7fe78e12935b8b724ace

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

sp-trace-id: 460d234d423c7473
date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
spotify-request-id: 733b328e-8dff-4e00-942c-d377528dee9a
vary: Accept-Encoding,Accept-Encoding
content-type: application/json; charset=utf-8
via: HTTP/2 edgeproxy, 1.1 google
strict-transport-security: max-age=31536000
alt-svc: clear
server: envoy
x-join-the-band: https://www.spotify.com/jobs/

POST
H2 200 events Show response
gew1-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame AAA1 13 B
139 B 123ms
122ms Fetch
application/json 2600:1901:1:5ca::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew1-spclient.spotify.com/gabo-receiver-service/public/v3/events

Requested by

Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.a5820da5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:5ca:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://open.spotify.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: application/json

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
server: envoy
access-control-allow-headers: Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
date: Wed, 24 Nov 2021 05:52:58 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=0
access-control-allow-credentials: true
alt-svc: clear
content-length: 39
via: HTTP/2 edgeproxy, 1.1 google

OPTIONS
H2 200 events
gew1-spclient.spotify.com/gabo-receiver-service/public/v3/ Frame 0
0 44ms
17ms Preflight 2600:1901:1:5ca::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew1-spclient.spotify.com/gabo-receiver-service/public/v3/events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:5ca:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://open.spotify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 24 Nov 2021 05:52:58 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H2 200 nr-spa-1212.min.js Show response
js-agent.newrelic.com/ 44 KB
17 KB 24ms
9ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1212.min.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id: wY72Ah.NJX5KzzqRFK3uhSo3Jh07tDe4
content-encoding: gzip
etag: "8bd93bf0ecb2f4e971a2055a41402bb6"
x-amz-request-id: VG6YBKXNYMJ05RRS
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 16636
x-amz-id-2: CN/OtP3A9z0ShcwSC84Dp2716OPSVqHtXjTa3tL4kDFfrY9FTweTMDz1ynWsKHz8NETzizCEpEw=
x-served-by: cache-fra19152-FRA
last-modified: Thu, 04 Nov 2021 21:16:16 GMT
server: AmazonS3
x-timer: S1637733178.260693,VS0,VE0
date: Wed, 24 Nov 2021 05:52:58 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 3191

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
10 KB 46ms
21ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f146ba8755a3946af03ba1d093e77930785ee4d283048cd746943b82bbf105d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9391
x-xss-protection: 0

GET
H2 200 / Show response
www.zdnet.com/components/breaking-news/xhr/ 1 KB
1 KB 127ms
127ms XHR
application/json 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/components/breaking-news/xhr/?slug=breaking-news-banner

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

286e70755d7f3c992160491acef1df053f7e75eef6d90cda72e1caee6ac69b0c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: VgEBVlJWCRAGXVRVDwMDUlc=
tracestate: 78034@nr=0-1-2767451-695782612-cc6aaed30d4daa98----1637733178263
traceparent: 00-275f8e8b1c3a7743597e967c797b85b0-cc6aaed30d4daa98-01
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI3Njc0NTEiLCJhcCI6IjY5NTc4MjYxMiIsImlkIjoiY2M2YWFlZDMwZDRkYWE5OCIsInRyIjoiMjc1ZjhlOGIxYzNhNzc0MzU5N2U5NjdjNzk3Yjg1YjAiLCJ0aSI6MTYzNzczMzE3ODI2MywidGsiOiI3ODAzNCJ9fQ==
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
X-Requested-With: XMLHttpRequest

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 24 Nov 2021 04:30:04 GMT
vary: Accept-Encoding, User-Agent
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-newrelic-app-data: PxQFVlBUDAYBR1dbAgYPVFAFBRFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFtcXRQODFJfQzkGQ1NSCQ8NBW8MXRVLGhgCHVUJUQFRH1JKBgRUX1MUHgFIQ1pTU1ZXXQACUAAEUQMGVgBAFF5VXkAAZA==
x-frame-options: SAMEORIGIN
date: Wed, 24 Nov 2021 05:52:58 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: d0e783d5-dd29-4232-bb45-01b2c1778b7c
content-type: application/json
via: 1.1 varnish
cache-control: max-age=5400, private
accept-ranges: bytes
expires: Wed, 24 Nov 2021 06:00:04 GMT

GET
H2 200 track-cwv-72dfb3ae38-rev.js Show response
www.zdnet.com/a/fly/js/components/ 239 B
341 B 6ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/track-cwv-72dfb3ae38-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

9b7909cb9edd007095b41a13617b66208e4210fff9c5e411a7db116efefc8e71

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 199
x-xss-protection: 1; mode=block
last-modified: Wed, 17 Nov 2021 18:32:48 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "bd633d6003a25b5783d556416b3f300d"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Nov 2021 06:24:16 GMT

GET
H2 200 zdnet-video-ea6f24fc09-rev.js Show response
www.zdnet.com/a/fly/js/components/ 31 KB
10 KB 6ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/zdnet-video-ea6f24fc09-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

53bd7793655d078b47da2e0dd784bb15c68ca2b79e0d242ef4f41c5dfa87b0a7

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 9744
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:24 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "82e8241da31ef0c9bca0cdc3c2aae5ea"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:21:10 GMT

GET
H2 200 my-finance-widget-068f12d78c-rev.js Show response
www.zdnet.com/a/fly/js/components/ 1 KB
766 B 6ms
5ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/my-finance-widget-068f12d78c-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

758c7d9d726719d14444ed93bfb64d21c84342d6ca479826b1477d7da24b3a14

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 553
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:25 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "9b230c03eb3701540a98b0653e3dd4f1"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 29 Nov 2021 10:13:15 GMT

GET
H2 200 disqus-loader-891338aca1-rev.js Show response
www.zdnet.com/a/fly/js/components/ 1 KB
775 B 6ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/disqus-loader-891338aca1-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

bb852945d8e9ae2dddadccfbce542830d5e86adf940a29239fa2742d6e79e2fb

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 685
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:25 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "6d7b6df2d13d78b5a3112ab2a52eab9c"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:20:56 GMT

GET
H2 200 front-door-carousel-dcdcc78ebc-rev.js Show response
www.zdnet.com/a/fly/js/components/ 5 KB
2 KB 6ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/front-door-carousel-dcdcc78ebc-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

0f23aaa9d0fec5942a9907b88ad801ff3eff3abede69bf286d869061201c67fe

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 1651
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:25 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "b7d4a8f2cfb4a354ee8023e103659757"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:20:56 GMT

GET
H2 200 zdnet+b983240d-96a6-41d7-aa3c-a486efbf60f6.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 131 KB
131 KB 44ms
8ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+b983240d-96a6-41d7-aa3c-a486efbf60f6.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: c754eb3f6d2e4328c48abd1bfaa6c0229175fecf45732e3c08f40efad59f6333

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 1276
x-guploader-uploadid: ADPycds2QlUpjjXBYF9hHe26ejMd3FzNsEaNEuqb6ZiutKW515OT44Ts3Z7153YajsFm7fu28mmHU--fW5fyZUhz1W4
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 1
content-length: 133641
x-served-by: cache-chi21158-CHI, cache-fra19156-FRA
last-modified: Mon, 12 Apr 2021 17:10:23 GMT
server: UploadServer
x-timer: S1637733178.311275,VS0,VE1
etag: "64f3756a9b1dee836c1752ac00bc3fc4"
x-goog-hash: crc32c=jibvPw==, md5=ZPN1apsd7oNsF1KsALw/xA==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:31:42 GMT

GET
H2 200 zdnet+6604d540-9eb0-41c2-9f00-6fbf24d996f7.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 152 KB
152 KB 178ms
142ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+6604d540-9eb0-41c2-9f00-6fbf24d996f7.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: bd9fa014c438fa34f81e2990c1be7fa5a1d486eecdcf79e1d95bf579599b4189

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 50773
x-guploader-uploadid: ADPycdvmwD3nk4HOyxS4dJNS9rBcZ5yG6unvgsFqZuy5kcSrHGjxfDuDqi0p_inVsnLqJaNtQRlcQW4Upi3Ooa7gVEc
x-cache: HIT, MISS
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 0
content-length: 155346
x-served-by: cache-chi21174-CHI, cache-fra19156-FRA
last-modified: Wed, 24 Feb 2021 17:15:42 GMT
server: UploadServer
x-timer: S1637733178.311349,VS0,VE136
etag: "1fa5837a446dfe9d3c71abd5db268e51"
x-goog-hash: crc32c=OWg+wg==, md5=H6WDekRt/p08cavV2yaOUQ==
content-type: image/png
cache-control: max-age=0, s-maxage=86400
accept-ranges: bytes
expires: Wed, 17 Nov 2021 15:23:37 GMT

GET
H2 200 zdnet+bcea6b2a-ccb3-450f-9bcf-a26206e1e84a.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 2 MB
2 MB 52ms
18ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+bcea6b2a-ccb3-450f-9bcf-a26206e1e84a.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 9eb90b705b62b01a8a98de7c6f6761e09a6abb1efa48b131cb0f0a46246fb526

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 323
x-guploader-uploadid: ADPycdsYQwaOQvAhTHIBVsoF6YvoqgTWHnsZvaJqt5k2poHqTV68m3FFv5YYP3Pv39hK4BI7fz7txFyUfmOs6g2PT04
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 1
content-length: 1995443
x-served-by: cache-chi21138-CHI, cache-fra19156-FRA
last-modified: Thu, 18 Nov 2021 15:34:11 GMT
server: UploadServer
x-timer: S1637733178.311430,VS0,VE3
etag: "596011150c56c619253390277786969e"
x-goog-hash: crc32c=9LOPLQ==, md5=WWARFQxWxhklM5And4aWng==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:30:51 GMT

GET
H2 200 zdnet+d304247f-2b3d-4c25-8b8c-bcbc70746371.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 15 MB
15 MB 4552ms
4519ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+d304247f-2b3d-4c25-8b8c-bcbc70746371.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 616703a71f22c0bb9c93b909921929109c7fb6584ff0f8c2827658c26cd6b9bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:53:02 GMT
via: 1.1 varnish, 1.1 varnish
age: 221
x-guploader-uploadid: ADPycdsX8AouOMh9L50tz-D9nVXVYMrYgmMW51X9-k_0Rm0PjSeEI1WLSE38tjxVK_e4JDsVfrBqdntUu4KrWoBakqY
x-cache: HIT, MISS
x-goog-storage-class: REGIONAL
x-cache-hits: 0, 0
content-length: 15539974
x-served-by: cache-chi21149-CHI, cache-fra19156-FRA
last-modified: Fri, 19 Nov 2021 11:08:14 GMT
server: UploadServer
x-timer: S1637733178.311488,VS0,VE4508
etag: "a6c51aaca86faf3575f9d0cdf7796f69"
x-goog-hash: crc32c=eSyA9w==, md5=psUarKhvrzV1+dDN93lvaQ==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:49:21 GMT

GET
H2 200 zdnet+c5756565-330f-4f7d-881f-d3992a8726c2.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 1 MB
1 MB 612ms
579ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+c5756565-330f-4f7d-881f-d3992a8726c2.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 072b0c7bb6daee67db911f435732cb9ac19a5e38712f94cdac3947c5d42f9907

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 20
x-guploader-uploadid: ADPycduA40zl2DZ0HGhAEArr3S7thwuAAvaF317jjGUi2OD3yhlwPUzRM7d5Jg30bah1JILVG5XTgSIXqFdsfq_BvwDSC91maA
x-cache: HIT, MISS
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 0
content-length: 1510718
x-served-by: cache-chi21147-CHI, cache-fra19156-FRA
last-modified: Thu, 11 Nov 2021 13:03:19 GMT
server: UploadServer
x-timer: S1637733178.311532,VS0,VE555
etag: "ec50094ba4df1fb3f9a77f06120f04e1"
x-goog-hash: crc32c=4g3KEQ==, md5=7FAJS6TfH7P5p38GEg8E4Q==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:52:38 GMT

GET
H2 200 zdnet+975b9e61-4f11-42a2-847e-a9c87ca1093e.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 2 MB
2 MB 646ms
613ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+975b9e61-4f11-42a2-847e-a9c87ca1093e.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 8049bf2ffa3e5210167d6ffdcd9b0cf3ac86fcfb27c55142f616b785eb2163af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 140
x-guploader-uploadid: ADPycdsidMkuCyjAWND6isoiojU_Y89hGdDO8092aDzQwEArym2jyb_m4o-5hoolaEXofcGjb5ozC9bsUhrpHknPrzo
x-cache: HIT, MISS
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 0
content-length: 2245784
x-served-by: cache-chi21148-CHI, cache-fra19156-FRA
last-modified: Mon, 22 Nov 2021 15:18:21 GMT
server: UploadServer
x-timer: S1637733178.311571,VS0,VE580
etag: "524a4e753ba91dfbc80e260f815ed822"
x-goog-hash: crc32c=lUVklA==, md5=UkpOdTupHfvIDiYPgV7YIg==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:50:37 GMT

GET
H2 200 zdnet+b8e87bb6-d657-4da5-8860-16a3555c5a76.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 1 MB
1 MB 19ms
18ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+b8e87bb6-d657-4da5-8860-16a3555c5a76.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 814f77060325c2cb194b296de9944cbc720009b50476ba341c863f701cf5b402

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 829
x-guploader-uploadid: ADPycdtD2Ntflrh0Ut9Z4dq95SIg5vTnTwvb_IfKnn0wM_l6pWCAfBVQW1FI4kqcELBlEV34CMKi0VQ9JhBSyqDShoQ
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 1
content-length: 1060377
x-served-by: cache-chi21173-CHI, cache-fra19156-FRA
last-modified: Tue, 28 Sep 2021 14:15:19 GMT
server: UploadServer
x-timer: S1637733178.311846,VS0,VE2
etag: "4ac69544cb22d03974ff749c03c78b3c"
x-goog-hash: crc32c=yszRtg==, md5=SsaVRMsi0Dl0/3ScA8eLPA==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:39:09 GMT

GET
H2 200 zdnet+455aade3-9b8b-435c-927d-9d5a2891c08f.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 2 MB
2 MB 19ms
18ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+455aade3-9b8b-435c-927d-9d5a2891c08f.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: cfe46c4a1e7bd682c69583032e5e74a5b4a223bdbf61e6ca7226753119a24167

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 664
x-guploader-uploadid: ADPycdvSHUxSFY875xz8wTGzjOF-VJ4iyQ3TxJvVbwdwV5ggkWQY26pXpRp-DWi9n04zizsvF6SV1Ns19F_WRuXYR4I
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 1
content-length: 2279905
x-served-by: cache-chi21134-CHI, cache-fra19156-FRA
last-modified: Wed, 22 Sep 2021 17:00:13 GMT
server: UploadServer
x-timer: S1637733178.311888,VS0,VE3
etag: "ef84002ff5c32cebaed28574c3b751ee"
x-goog-hash: crc32c=WK9yRQ==, md5=74QAL/XDLOuu0oV0w7dR7g==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:41:53 GMT

GET
H2 200 zdnet+e39b2ee1-7c73-4047-975b-55949a9158ee.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 81 KB
81 KB 18ms
18ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+e39b2ee1-7c73-4047-975b-55949a9158ee.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: f93fa3cef5bf93b0a552e9de0130cf801382e69d0b12de6deb64d0e0865181d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 35175
x-guploader-uploadid: ADPycds6U0jgREMSUXNr0eu12i_2Sls_vi6WZ7lyFDrgVgWuol0MkWsb95YIKidFPi1FhtABTnKzn4HosrUFdnSF2ya19WNXsA
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 1
content-length: 82452
x-served-by: cache-chi21175-CHI, cache-fra19156-FRA
last-modified: Wed, 24 Feb 2021 18:55:18 GMT
server: UploadServer
x-timer: S1637733178.311962,VS0,VE1
etag: "30a1b965650b6bbd9887d93e9c0e9558"
x-goog-hash: crc32c=rQaYfA==, md5=MKG5ZWULa72Yh9k+nA6VWA==
content-type: image/png
cache-control: max-age=0, s-maxage=86400
accept-ranges: bytes
expires: Sat, 13 Nov 2021 19:29:46 GMT

GET
H2 200 / Show response
www.zdnet.com/newsletter/xhr/widget-login/ 2 KB
1 KB 174ms
173ms XHR
application/json 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

12edaf893a6d73bfce58b4177d81eed6bd8b68c8bf5aa5e5420a4f62c18fff70

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: VgEBVlJWCRAGXVRVDwMDUlc=
tracestate: 78034@nr=0-1-2767451-695782612-3deeb10f3c42e81e----1637733178274
traceparent: 00-4d1140a0b3a6e2f67af4a8fcc6ed8180-3deeb10f3c42e81e-01
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI3Njc0NTEiLCJhcCI6IjY5NTc4MjYxMiIsImlkIjoiM2RlZWIxMGYzYzQyZTgxZSIsInRyIjoiNGQxMTQwYTBiM2E2ZTJmNjdhZjRhOGZjYzZlZDgxODAiLCJ0aSI6MTYzNzczMzE3ODI3NCwidGsiOiI3ODAzNCJ9fQ==
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
X-Requested-With: XMLHttpRequest

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding, User-Agent
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-newrelic-app-data: PxQFVlBUDAYBR1dbAgYPVFAFBRFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFZWRxcNB0NFUhQ7Rl9XBQMXPUMKVxVnVFtVWgsbTQFPA1JUBgdNVk0IAAhVVU4aABtEVwgCCgcFVgdTWwBSDFoEBBFJXwBdElY/
x-frame-options: SAMEORIGIN
date: Wed, 24 Nov 2021 05:52:58 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 3882d746-b841-4bfc-8b8f-000c43e3045f
content-type: application/json
via: 1.1 varnish
cache-control: max-age=0, must-revalidate, private
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:52:58 GMT

GET
H/1.1 200
OK NRBR-a22c617a7b2aab2da1c Show response
bam-cell.nr-data.net/1/ 49 B
725 B 461ms
440ms Script
text/javascript 162.247.243.147
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/NRBR-a22c617a7b2aab2da1c?a=695782443&v=1212.e95d35c&to=NgYBNkBYWEEEAURQWg9MIgFGUFlcSgNCTVwCDwY9QVBYVQkH&rst=2610&ck=1&ref=https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/&ap=476&be=1558&fe=2565&dc=1634&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1637733175677,%22n%22:0,%22f%22:178,%22dn%22:179,%22dne%22:225,%22c%22:225,%22s%22:225,%22ce%22:247,%22rq%22:247,%22rp%22:1532,%22rpe%22:1545,%22dl%22:1535,%22di%22:1633,%22ds%22:1633,%22de%22:1634,%22dc%22:2564,%22l%22:2564,%22le%22:2575%7D,%22navigation%22:%7B%7D%7D&fp=1615&fcp=1615&at=GkEWQAhCSx5HAxIDThwe&jsonp=NREUM.setToken
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Wed, 24 Nov 2021 05:52:58 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 6b305fcc6cbc5c02-FRA

GET
H2 200 core-web-vitals-16efe3ae21-rev.js Show response
www.zdnet.com/a/fly/js/managers/ 545 B
434 B 6ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/managers/core-web-vitals-16efe3ae21-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

82f947d14a0a198dfe3cec2fde7896f6e332eb798cc193dad8da9ed2225277cd

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 366
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:25 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "e729958cde8ae774fc8a24db8fdb8165"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:20:56 GMT

GET
H2 200 inlineMedia_core.js Show response
static.myfinance.com/widget/ 184 KB
63 KB 55ms
23ms Script
application/javascript 2a06:98c1:3121::15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.myfinance.com/widget/inlineMedia_core.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

829c410a6b21a34e4127e1ae45f244189a83493c13712d9e5d98f1d2dc19c3f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1317
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: PPE0TCCX8MS56HQ2
x-amz-id-2: ijmYvxrIQL9dPGG5er9wWMBSTgjdDuWZ1d9ZySmq5ugYeCB1xVv7t7sAfK1LYRkd3ima/wQsaYA=
last-modified: Tue, 16 Nov 2021 19:32:09 GMT
server: cloudflare
etag: W/"72763a8104cb9ae82dfbd403a0e82253"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qdFMkaO3qp5ecy7nmwbqVo9%2BinluKIvl7vgEqANWrfSm%2Fd2l2rd5s6atmglR24l2miJhk0M6pC0dDr6eL%2FnWxy7%2FgrXBbqDlX%2B23V2eyxVBM1QLkXzM%2FjMUJJyOqwmNhY9s%2Brc%2FmT9K%2FaBNz4Z%2BnpIuY%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 6b305fcc893e4dfa-FRA

GET
H2 200 video-58056d34a8-rev.js Show response
www.zdnet.com/a/fly/js/translations/ 704 B
566 B 6ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/translations/video-58056d34a8-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

de3450b75712ff6900adf144159d25698de8adc14989f342a6b67be749b78760

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 452
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:26 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "3ba921934828591397c7d5545062d75e"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:21:07 GMT

GET
H2 200 video-player.js Show response
www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/ 933 KB
248 KB 7ms
7ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/video-player/uvpjs-rv/3.2.1/video-player.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

f97926aa27fe2056e80467cdfe9c6bbbc8e628e28467f1bb7c5a4a36a4bfadf4

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 253770
x-xss-protection: 1; mode=block
last-modified: Wed, 18 Aug 2021 20:22:22 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "5c5fa9a5d2e282f0d520cd290ff4328d"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=604800
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
expires: Tue, 23 Nov 2021 18:18:56 GMT

GET
H2 200 waypoints.inview.js Show response
www.zdnet.com/a/fly/js/libs/jquery/ 3 KB
986 B 6ms
6ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/libs/jquery/waypoints.inview.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

6965b96e7b7a71a5f93c220862b5ac3397c5c81352ad6b6e47b46a27fb93b4b0

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 829
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:18 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "116a2817a3efd12df0e719fea1508077"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 18:20:56 GMT

POST
H2 200 events Show response
gew1-spclient.spotify.com/gabo-receiver-service/v3/ Frame AAA1 13 B
106 B 156ms
156ms Fetch
application/json 2600:1901:1:5ca::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew1-spclient.spotify.com/gabo-receiver-service/v3/events

Requested by

Host: open.scdn.co
URL: https://open.scdn.co/cdn/build/embed-podcast/vendor~embed-podcast.a5820da5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:5ca:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://open.spotify.com/
Accept-Language: de-DE,de;q=0.9
authorization: Bearer BQB9CRVF_m9x0k8RsWnTAmbObv3AerTqjNPslYbbeZXm4S_Ink2LLQscPcqrtWamLrRDEiZVNg3y3IyD--U
content-type: application/json

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
server: envoy
access-control-allow-headers: Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
date: Wed, 24 Nov 2021 05:52:58 GMT
access-control-max-age: 604800
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=0
access-control-allow-credentials: true
alt-svc: clear
content-length: 39
via: HTTP/2 edgeproxy, 1.1 google

GET
H2 200 show-hide-1.0-51cea9ac43-rev.js Show response
www.zdnet.com/a/fly/js/components/ 2 KB
789 B 11ms
11ms Script
application/javascript 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/a/fly/js/components/show-hide-1.0-51cea9ac43-rev.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ContentServer /

Resource Hash

cd715c0fa7d69e85432e8b08d0a02b9613edf40212cca2040bde31670167638e

Security Headers

Name	Value
Content-Security-Policy	default-src https://.zdnet.com:
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept
content-length: 671
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Nov 2021 10:11:24 GMT
server: ContentServer
x-frame-options: SAMEORIGIN
etag: "bfa97b27f2fe7c5241521d1ef01e1d42"
strict-transport-security: max-age=31536000
content-type: application/javascript
via: 1.1 varnish
cache-control: max-age=604800,no-transform
content-security-policy: default-src https://*.zdnet.com:*
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Nov 2021 06:05:42 GMT

OPTIONS
H2 200 events
gew1-spclient.spotify.com/gabo-receiver-service/v3/ Frame 0
0 17ms
17ms Preflight 2600:1901:1:5ca::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gew1-spclient.spotify.com/gabo-receiver-service/v3/events

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:5ca:: , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://open.spotify.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: *
access-control-allow-headers: Accept, Authorization, Origin, Content-Type, Spotify-App-Version, App-Platform, X-Spotify-Connection-Id, X-Client-Id, X-Spotify-Quicksilver-Uri, client-token, content-access-token, x-cloud-trace-context
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-length: 0
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 24 Nov 2021 05:52:58 GMT
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
alt-svc: clear

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 34ms
16ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 30ms
15ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 60ms
60ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1370475171578121&correlator=2747149742695983&output=ldjh&impl=fifs&eid=31063798%2C31063811%2C31063183%2C31063246%2C44748553&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211124&iu_parts=22309610186%2Caw-zdnet%2Csecurity&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&prev_scp=pos%3Dbottom%26sl%3Dmpu-bottom%253FLL%257CT-1000%26iid%3Dunit%253Dmpu-bottom%257Cvguid%253Dcc8f261d-f599-4a03-9f72-b6f808059d4d%257Cpv%253D1&eri=1&cust_params=test%3Drelated_rr%257C1%257Cb%26buyingcycle%3Ddiscover%26topic%3Dsecurity%26tag%3Dransomware%252Ccyber-security%252Ctarget%26collection%3Da-winning-strategy-for-cybersecurity%26device%3Ddesktop%26ptype%3Darticle%26cid%3Dthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%26env%3Dprod%26user%3Danon%26userGroup%3Dfirst_impression%26type%3Dgpt%26region%3Daw%26subses%3D5%26session%3Db%26pv%3D1%26vguid%3Dcc8f261d-f599-4a03-9f72-b6f808059d4d%26m_data%3D1%26m_safety%3Dunsafe%26m_categories%3Dgs_tech_computing%252Cgv_crime%252Cmoat_unsafe%26m_mv%3DnoHistData%26m_gv%3DnoHistData&cookie_enabled=1&bc=31&abxe=1&lmt=1637733178&dt=1637733178308&dlt=1637733177212&idt=775&frm=20&biw=1600&bih=1200&oid=2&adxs=1050&adys=1392&adks=3625754864&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=370x250&msz=370x30&ga_vid=1107908080.1637733178&ga_sid=1637733178&ga_hid=2064920276&ga_fc=false&fws=4&ohw=370&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

23262095f03ab8331ab0005acb9bc8f3bc673eade8566b3849cd268f57f7da01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9372
x-xss-protection: 0
google-lineitem-id: 5688542871
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138349983040
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 76ms
51ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 24 Nov 2021 05:52:58 GMT

GET
H2 200 zdnet+b983240d-96a6-41d7-aa3c-a486efbf60f6.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 131 KB
131 KB 19ms
18ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+b983240d-96a6-41d7-aa3c-a486efbf60f6.png
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/141b7a-fly/js/main.default.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: c754eb3f6d2e4328c48abd1bfaa6c0229175fecf45732e3c08f40efad59f6333

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 1276
x-guploader-uploadid: ADPycds2QlUpjjXBYF9hHe26ejMd3FzNsEaNEuqb6ZiutKW515OT44Ts3Z7153YajsFm7fu28mmHU--fW5fyZUhz1W4
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 2
content-length: 133641
x-served-by: cache-chi21158-CHI, cache-fra19156-FRA
last-modified: Mon, 12 Apr 2021 17:10:23 GMT
server: UploadServer
x-timer: S1637733178.332521,VS0,VE0
etag: "64f3756a9b1dee836c1752ac00bc3fc4"
x-goog-hash: crc32c=jibvPw==, md5=ZPN1apsd7oNsF1KsALw/xA==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:31:42 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F4D4 0
0 32ms
32ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstnnNUbuSzUkTIxzPBGEehLrQh4upjQcq2YXArTf-x9zTJ5EzRCplCFAGJgVZp8LOF54h1hdGBsKjKx-luXUQZJTFgp7JA1sTXoLwxkC4X37vtdHkq-uavOgPMiOBaSN8Wor314Z6hXdVQ9iMCgFrxOoX8KzGOey54RW-xWDU2T8G9sctAuzUbgS10Qj26h7BSAvDd1SHdhMPBX9VlQ3qsz4Z3BYwf5xNCGM1olLk1xOJM4tqgLVXDhDVg4NpdCTTnIqn6ZVs33JdnaS1w4YZ6FN1kjLxspx-Amep9WnNprvMV-dWPvPWCGoOpRVXZY&sai=AMfl-YSRY_79oujgKitWTC2JitUYmbZ0EakAf1zhvEIXqy-fMlyTdbUlUfmOkgCdxv-N0Y0FV9sAldWqQzWEwumZ07O01y1eqRwygRwo0IjtiP_5BqNJO24TzgxE_xxCWH0&sig=Cg0ArKJSzHo67GxgKkSiEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 24 Nov 2021 05:52:58 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame F4D4 77 KB
26 KB 24ms
23ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1053 / 170 of 1000 / last-modified: 1637708722"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26861
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 24 Nov 2021 05:52:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F4D4 119 KB
37 KB 50ms
23ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:52:58 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/redventuresgamdisplay60805146916/ Frame F4D4 335 KB
112 KB 12ms
11ms Script
application/x-javascript 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
last-modified: Thu, 04 Nov 2021 17:56:16 GMT
server: AmazonS3
x-amz-request-id: JKACD2Z83TEFNXN6
etag: "f312b221978540b1bae8fcc427275c6d"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=18599
accept-ranges: bytes
content-length: 114431
x-amz-id-2: vE4N63LrA6CCHExR0NYwfJggxV2yTQuh53zCWlNwnQ9e7dUGpKJcSGjoc1bCkJeUX0tkAeyjyBw=

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111011823000/ Frame 83A8 189 KB
55 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 22944
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55592
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:30:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "11dee2040f5fc1d7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:30:34 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 83A8 13 KB
5 KB 38ms
15ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 121242
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4992
x-xss-protection: 0
server: sffe
date: Mon, 22 Nov 2021 20:12:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "858600ba27ef7413"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 22 Nov 2022 20:12:16 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 83A8 89 KB
28 KB 39ms
16ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 791
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28555
x-xss-protection: 0
server: sffe
date: Wed, 24 Nov 2021 05:39:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a64e482645fd262b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 24 Nov 2022 05:39:47 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 83A8 5 KB
2 KB 40ms
18ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 24388
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1731
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:06:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cb4f0e89d7d37d9b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:06:30 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 83A8 40 KB
13 KB 41ms
19ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 24774
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12826
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:00:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f02165e023e70703"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:00:04 GMT

GET
DATA 200
OK truncated
/ Frame 83A8 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 92f36aa91623b9edebbeeaf503ae37d46442e1fb40c1a876f71d474b4699f503

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK pixel
protected-by.clarium.io/ 68 B
364 B 47ms
12ms Image
image/png 18.194.83.218
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://protected-by.clarium.io/pixel?tag=wt_SjNVWEZlZTF4Y2xZLWJmRmxXaDFtSVpfcGhVLzI4NzA3ODYwNzU6NzI4eDkw&v=5&s=v31fl88272n&sb=-1&h=www.zdnet.com&cb=5088802&d=eyJ3aCI6IlNqTlZXRVpsWlRGNFkyeFpMV0ptUm14WGFERnRTVnBmY0doVkx6STROekEzT0RZd056VTZOekk0ZURrdyIsIndkIjp7Im8iOjI4NzA3ODYwNzUsInciOiI3MjgiLCJoIjoiOTAifSwid3IiOjJ9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.83.218 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-83-218.eu-central-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Nov 2021 05:52:58 GMT
Server: nginx/1.14.0 (Ubuntu)
transfer-encoding: chunked
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3 200 9549539635794731952
tpc.googlesyndication.com/simgad/ Frame 83A8 47 KB
47 KB 25ms
8ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9549539635794731952?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmU15iUe04ir98jcZ4pwBMhYE7myA

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84c44e5110370931bb95b2149137c73d8139298e122c4fa0a20241de248ddfe0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 16:27:58 GMT
x-content-type-options: nosniff
age: 566700
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48520
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 20:29:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 17 Nov 2022 16:27:58 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 83A8 2 KB
2 KB 24ms
7ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 20:15:16 GMT
x-content-type-options: nosniff
server: cafe
age: 34662
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 24 Nov 2021 20:15:16 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 83A8 295 B
319 B 23ms
6ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 564
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 25 Nov 2021 05:43:34 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 83A8 0
0 38ms
38ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CL7_OOtOdYY27BaKGjuwP2Z6h0Ab-gOfqYZCRw5_jDcCNtwEQASD3u8eDAWCVgoCAuAegAc6B_9MDyAECqQJtkpHg_3eqPuACAKgDAcgDCKoE5AJP0HZ1Cmpbi8-VtTTe9lAiZJUeICc3y3SaEikvFPzuYVWW8P5ZxUWlI4V7sSIXvaQ1OQ_tbBakOUpQcmgEkXZbavwGne9IHrua7wga_5HA8_jzXEaTVwycM46Omb_ovVl5b06zLXRMXyxSO0P-WYNlZOUxGIvI_x8sqCY2zBYEVZ19YCTQ1gAswK_RbdilsYOTZF38OVbqFZKrcDkJV0YQpbePrn6NaGdkg__DcTzZDJhsuMIrf1C_RwQSA-BgKHSaF69aqVx3795squ6XhTTRvRsWcPKXzUBhnGUY0fLuo4bMtOoDEr6aBI14MqMI-K7k3RG_GbeL6ksMUMY2CKkDNTypOaH38ZuxVC4m0xROLb4efSPiBkyyYEV_WCDp-KgqhHoYbpjHWmTReKpXtBNjwD35bymmjKuUo6d-lFwAF33b4hjTaPzgklEvbd02bkGslko-rhLuoKshkQW3ALJz6UsV08AEiqvQosID4AQBkgUECAQYAZIFBAgFGASgBgKAB5r-gCyoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBD68BDSCAkIiOGAEBABGB2ACgPICwHYEw3QFQGYFgGAFwGyFx4KHAgAEhRwdWItODgyMDM2MjYwNTcxMTE5NhjJm3o&sigh=kOm_tE7P010&uach_m=[UACH]&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 12ms
7ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_HEADER1&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1637733178058&de=232761718021&rx=952852551145&m=0&ar=7829d9c2dd3-clean&iw=49869aa&q=3&cb=0&cu=1637733178058&ll=2&lm=0&ln=0&em=0&en=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&zMoatAType=content_article&zMoatTest=zdnet&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&bo=aw-zdnet&bd=security&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&zMoatpos=nav&zMoatvguid=-&zMoatptype=-&zMoatsl=nav-ad-plus-leader%3FT-1000&pe=1%3A1615%3A1615%3A2575%3A1634&jk=-1&jm=-1&fs=195814&na=1069930260&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:58 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:58 GMT

OPTIONS
H2 204 record
a.myfidevs.io/ Frame 0
0 577ms
110ms Preflight 34.199.156.235
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.myfidevs.io/record
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.199.156.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-199-156-235.compute-1.amazonaws.com
Software: Python/3.7 aiohttp/3.7.4.post0 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-api-key
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 24 Nov 2021 05:52:59 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-allow-headers: *
server: Python/3.7 aiohttp/3.7.4.post0

OPTIONS
H2 200 v1.5
www.myfinance.com/api/au/ Frame 0
0 440ms
410ms Preflight
text/html 2a06:98c1:3121::15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.myfinance.com/api/au/v1.5?imre=aHR0cHM6Ly93d3cuemRuZXQuY29tL2FydGljbGUvdGhlc2UtcmFuc29td2FyZS1jcm9va3MtYXJlLWNvbXBsYWluaW5nLXRoZXktYXJlLWdldHRpbmctcmlwcGVkLW9mZi1ieS1vdGhlci1yYW5zb213YXJlLWNyb29rcy8=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.zdnet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-type: text/html; charset=utf-8
vary: Origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.zdnet.com
access-control-allow-headers: x-requested-with, content-type, accept, origin, authorization, x-csrftoken, x-api-key, Access-Control-Allow-Origin
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-max-age: 86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SdEADlay8%2BKMB02evZdgHO1BhJXtsJc1KVOqzBpgHe5v7nkJB2t0oZgFAQ4LARtRsHvOA%2B7qHa9Bzo%2B%2BOPCXDemGAIO3CGLpvL3XwHcUmKAWnAdZz8AalBPmWFwj6ZBegLZ3XxIkdgm1xZxr7qZqwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6b305fcdfcb16951-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 inlineMedia.css
static.myfinance.com/widget/ 3 KB
2 KB 29ms
16ms Stylesheet
text/css 2a06:98c1:3121::15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.myfinance.com/widget/inlineMedia.css

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c50d5d10df377bd960648973b53891bfcaf48f457503eed023ad2c29f28e49b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1012
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: RM9EMK8GHMB7NW7G
x-amz-id-2: rO4/tb/v63P6c/qJxa0JBYiRUj2pmFCIHFUoYyKlU+xVn/UKNLDsHpQEB0iQ2jT47cP+krHxRTQ=
last-modified: Mon, 12 Jul 2021 14:22:18 GMT
server: cloudflare
etag: W/"528a38ce39fc58a866c1226253bbb189"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zCc7ZcKpcQO1FC%2BUFaSLCjNly9cH3ETZC3EMV92%2FRIvkXQNL7d4Y52VFOSImhLpvtGs%2BVcxHlreC4NPb4LEMDMTZSjfxfV1%2F3XoJ13v4SBgutlZGkVHjj3o1exjmMynA9Xtebsvx5Eucsyd7wDKDEvIKWg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 6b305fcdcb824a55-FRA

POST
H2 204 record Show response
a.myfidevs.io/ 0
166 B 152ms
151ms XHR
text/plain 34.199.156.235
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.myfidevs.io/record
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.199.156.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-199-156-235.compute-1.amazonaws.com
Software: Python/3.7 aiohttp/3.7.4.post0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
x-api-key: yuH27H1QId6afXAojow6Tafi7Vw9v1spaLD5Yznw
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Wed, 24 Nov 2021 05:52:59 GMT
access-control-allow-credentials: true
server: Python/3.7 aiohttp/3.7.4.post0
access-control-allow-headers: *
access-control-allow-methods: POST

POST
H3 200 v1.5 Show response
www.myfinance.com/api/au/ 1 KB
1 KB 340ms
328ms XHR
application/json 2a06:98c1:3121::15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bed0ee43ba7b026eac291dce97379e04cd8c152528d4f3d1aca1d06e62d3de72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 24 Nov 2021 05:52:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-type: application/json
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
allow: POST, GET
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dw3t55LKO%2B3yDCksBSuqDu75jZXZobJP7MQ5ZHXMLQq3OupD%2B08eOE3R0RAApoKjpSGx1Sk8xEQrE8E3EWXELsVrmYVTZwJo6A0fl5OAjZMKfvDfc0z2wYNDFkAMIf3VINdY%2F%2BeRigeAwnkUh8RXkA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language: en-us
access-control-allow-origin: https://www.zdnet.com
vary: Accept, Accept-Language, Origin, Cookie
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6b305fd099132ba1-FRA
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 / Show response
www.zdnet.com/newsletter/xhr/widget-login/ 2 KB
947 B 160ms
159ms XHR
application/json 2a04:4e42:4c::666
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.zdnet.com/newsletter/xhr/widget-login/?topic=security

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:4c::666 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

cde330ec06171a14785591eb8d560a7f878a99cd38d895cea33ff4ed8e313f86

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

X-NewRelic-ID: VgEBVlJWCRAGXVRVDwMDUlc=
tracestate: 78034@nr=0-1-2767451-695782612-ffcb1e2fd23b731a----1637733178528
traceparent: 00-81469b2b4c9b1bbab2e29996e5517150-ffcb1e2fd23b731a-01
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI3Njc0NTEiLCJhcCI6IjY5NTc4MjYxMiIsImlkIjoiZmZjYjFlMmZkMjNiNzMxYSIsInRyIjoiODE0NjliMmI0YzliMWJiYWIyZTI5OTk2ZTU1MTcxNTAiLCJ0aSI6MTYzNzczMzE3ODUyOCwidGsiOiI3ODAzNCJ9fQ==
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
X-Requested-With: XMLHttpRequest

Response headers

content-security-policy: frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding, User-Agent
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-newrelic-app-data: PxQFVlBUDAYBR1dbAgYPVFAFBRFORDQHUjZKA1ZLVVFHDFYPbU5yARBfWA86TFZWRxcNB0NFUhQ7Rl9XBQMXPUMKVxVnVFtVWgsbTQFPA1JUBgdNVk0IAAVWU04aABtEXQBTUFFSBgcHUglXDVlQAxFJXwBdElY/
x-frame-options: SAMEORIGIN
date: Wed, 24 Nov 2021 05:52:58 GMT
expect-ct: max-age=0, report-uri="https://7a8f8748a40805618a61b617481a6ebc.report-uri.com/r/d/ct/reportOnly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-tx-id: 5ffa2335-100f-4364-953f-79d70e0d5692
content-type: application/json
via: 1.1 varnish
cache-control: max-age=0, must-revalidate, private
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:52:58 GMT

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111011823000/ Frame 82ED 189 KB
54 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 22944
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55592
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:30:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "11dee2040f5fc1d7"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:30:34 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 82ED 13 KB
5 KB 33ms
18ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 121242
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4992
x-xss-protection: 0
server: sffe
date: Mon, 22 Nov 2021 20:12:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "858600ba27ef7413"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 22 Nov 2022 20:12:16 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 82ED 89 KB
28 KB 29ms
15ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 791
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28555
x-xss-protection: 0
server: sffe
date: Wed, 24 Nov 2021 05:39:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a64e482645fd262b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 24 Nov 2022 05:39:47 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 82ED 5 KB
2 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 24388
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1731
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:06:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cb4f0e89d7d37d9b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:06:30 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 82ED 40 KB
13 KB 33ms
18ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 24774
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12826
x-xss-protection: 0
server: sffe
date: Tue, 23 Nov 2021 23:00:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f02165e023e70703"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 23 Nov 2022 23:00:04 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 82ED 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 20:15:16 GMT
x-content-type-options: nosniff
server: cafe
age: 34662
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 24 Nov 2021 20:15:16 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 82ED 295 B
319 B 6ms
6ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202111171629/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 564
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 25 Nov 2021 05:43:34 GMT

GET
DATA 200
OK truncated
/ Frame 82ED 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f249ead44ba5c3ffb9e7ee3e8abb3886bbf91cc68c5dc9864743ba34b49cce43

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK pixel
protected-by.clarium.io/ 68 B
345 B 11ms
10ms Image
image/png 18.194.83.218
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://protected-by.clarium.io/pixel?tag=wt_SjNVWEZlZTF4Y2xZLWJmRmxXaDFtSVpfcGhVLzI4NzA3ODYwNzU6MzAweDI1MA==&v=5&s=v31fl882766&sb=-1&h=www.zdnet.com&cb=8883991&d=eyJ3aCI6IlNqTlZXRVpsWlRGNFkyeFpMV0ptUm14WGFERnRTVnBmY0doVkx6STROekEzT0RZd056VTZNekF3ZURJMU1BPT0iLCJ3ZCI6eyJvIjoyODcwNzg2MDc1LCJ3IjoiMzAwIiwiaCI6IjI1MCJ9LCJ3ciI6Mn0=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.83.218 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-83-218.eu-central-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Nov 2021 05:52:58 GMT
Server: nginx/1.14.0 (Ubuntu)
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 68
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3 200 856114496422413000
tpc.googlesyndication.com/simgad/ Frame 82ED 33 KB
33 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/856114496422413000?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qk_HHOql6urIoO0v4511fkWvJLnbw

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

245fa809aa43b27d3fe006d71779fe9ddbb79e0d1a566345f3bc480cb59cbe50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:43:16 GMT
x-content-type-options: nosniff
age: 582
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33806
x-xss-protection: 0
last-modified: Thu, 03 Dec 2020 00:29:04 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 24 Nov 2022 05:43:16 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 82ED 0
0 38ms
37ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CNoL-OtOdYfupD9nm3wOZiqfwBZ3-s8RmtMbOmsYMltPLeRABIPe7x4MBYJWCgIC4B6ABrveZ0gPIAQKpAqTzH0xEeKo-4AIAqAMByAMIqgT6Ak_QcQR503IDbiqE6_dW2cmL9S8QMEbIAknRWBGsa_QPeYlVyThbQnwlQtQ2xMoS170o_kIFHEHGwLQV13Ly_tlME1n-jXFq7xEbfmuYunZ46zXedTOOFWv_N3FxVMUOF-qwJopM1z0pumRowH8Lj2J_r8iJGnik9BcsSZBzeImeB9dqVLEKdSaBul4gYm2xU22aS6D6dNrQSBaIIH7fkFEe6P0gLr7RAkNsmWWkB-Dj2c1jo3nzSmXa6luFdh0qz-VoLgcw12wNowYHlZZki3q7wml1v3IHbZ7LRy_65J5U74HVonRsciM3YkD_7ZZVMWsb4KXlkV3R_-8MFY79eNquHybrpx2PsOXQJ8zk1x4JxxSJoShG39PjFxJCddu9CVtMhoiPDw8WZuuIN2IQgF8aWspCDHlPb-MICgtVUInJxCm6qp2ujDceLQ63gyPPOESQp0qxQBcUtZrMaM85iBCnAWkprQlfUfxG3JGSbu3GyF8HU0XcHA8M_cAEpNjm7cQD4AQBkgUECAQYAZIFBAgFGASgBgKAB7qI5i2oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCVjR_SCAkIiOGAEBABGB2ACgPICwHYEwzQFQGAFwGyFx4KHAgAEhRwdWItODgyMDM2MjYwNTcxMTE5NhjJm3o&sigh=ayfl5zhV99M&uach_m=[UACH]&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 1B75 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Wed, 24 Nov 2021 04:33:04 GMT
expires: Thu, 24 Nov 2022 04:33:04 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4794
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3D4C 783 B
1 KB 41ms
17ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

09b7e154a6de581604a07101c31996e36d2f20e839388106751f58f0215feb0d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jAZHoY496feYeF2b2wvATw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 24 Nov 2021 05:52:58 GMT
date: Wed, 24 Nov 2021 05:52:58 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-jAZHoY496feYeF2b2wvATw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 zdnet+e39b2ee1-7c73-4047-975b-55949a9158ee.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 81 KB
81 KB 7ms
6ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+e39b2ee1-7c73-4047-975b-55949a9158ee.png
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/141b7a-fly/js/main.default.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: f93fa3cef5bf93b0a552e9de0130cf801382e69d0b12de6deb64d0e0865181d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 35175
x-guploader-uploadid: ADPycds6U0jgREMSUXNr0eu12i_2Sls_vi6WZ7lyFDrgVgWuol0MkWsb95YIKidFPi1FhtABTnKzn4HosrUFdnSF2ya19WNXsA
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 2
content-length: 82452
x-served-by: cache-chi21175-CHI, cache-fra19156-FRA
last-modified: Wed, 24 Feb 2021 18:55:18 GMT
server: UploadServer
x-timer: S1637733179.596201,VS0,VE0
etag: "30a1b965650b6bbd9887d93e9c0e9558"
x-goog-hash: crc32c=rQaYfA==, md5=MKG5ZWULa72Yh9k+nA6VWA==
content-type: image/png
cache-control: max-age=0, s-maxage=86400
accept-ranges: bytes
expires: Sat, 13 Nov 2021 19:29:46 GMT

GET
H3 200 pubads_impl_2021111601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame F4D4 344 KB
116 KB 22ms
22ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118471
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 09:34:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 24 Nov 2021 05:52:58 GMT

GET
H2 200 zdnet+6604d540-9eb0-41c2-9f00-6fbf24d996f7.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 152 KB
152 KB 6ms
6ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+6604d540-9eb0-41c2-9f00-6fbf24d996f7.png
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/141b7a-fly/js/main.default.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: bd9fa014c438fa34f81e2990c1be7fa5a1d486eecdcf79e1d95bf579599b4189

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
via: 1.1 varnish, 1.1 varnish
age: 50773
x-guploader-uploadid: ADPycdvmwD3nk4HOyxS4dJNS9rBcZ5yG6unvgsFqZuy5kcSrHGjxfDuDqi0p_inVsnLqJaNtQRlcQW4Upi3Ooa7gVEc
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 1
content-length: 155346
x-served-by: cache-chi21174-CHI, cache-fra19156-FRA
last-modified: Wed, 24 Feb 2021 17:15:42 GMT
server: UploadServer
x-timer: S1637733179.606569,VS0,VE0
etag: "1fa5837a446dfe9d3c71abd5db268e51"
x-goog-hash: crc32c=OWg+wg==, md5=H6WDekRt/p08cavV2yaOUQ==
content-type: image/png
cache-control: max-age=0, s-maxage=86400
accept-ranges: bytes
expires: Wed, 17 Nov 2021 15:23:37 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
6ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_HEADER1&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1637733178058&de=818009599928&rx=952852551145&m=0&ar=7829d9c2dd3-clean&iw=49869aa&q=4&cb=0&cu=1637733178058&ll=2&lm=0&ln=0&em=0&en=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&zMoatAType=content_article&zMoatTest=zdnet&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&bo=aw-zdnet&bd=security&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&zMoatpos=middle&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-middle%3FLL%7CT-1000&pe=1%3A1615%3A1615%3A2575%3A1634&jk=-1&jm=-1&fs=195814&na=790557162&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:58 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:58 GMT

GET
DATA 200
OK truncated
/ Frame F4D4 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 015ee8ec161c06f6d9bc6f6fea95e231c9a398fcf4887fcfaf0b04b9aef18482

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A2BC 6 KB
3 KB 22ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 24 Nov 2021 05:52:58 GMT
expires: Thu, 24 Nov 2022 05:52:58 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 83A8
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

87ms
49ms

Image
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Protocol: H2
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Redirect headers

date: Wed, 24 Nov 2021 05:52:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 9549539635794731952
tpc.googlesyndication.com/simgad/ Frame 83A8 47 KB
47 KB 6ms
6ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9549539635794731952?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmU15iUe04ir98jcZ4pwBMhYE7myA

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84c44e5110370931bb95b2149137c73d8139298e122c4fa0a20241de248ddfe0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 16:27:58 GMT
x-content-type-options: nosniff
age: 566700
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48520
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 20:29:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 17 Nov 2022 16:27:58 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 83A8 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Nov 2021 20:15:16 GMT
x-content-type-options: nosniff
server: cafe
age: 34662
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 24 Nov 2021 20:15:16 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 83A8 295 B
319 B 8ms
7ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 564
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 25 Nov 2021 05:43:34 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
7ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22364980590&bd=undefined&zMoatNotCnet=true&zMoatPT=article&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=bottom&zMoatSZPS=300x250%20%7C%20bottom&zMoatPTAT=article%20%7C%20content_article&zMoatPTATSECT=article%20%7C%20content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1637733178654&de=200583387432&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=8&cb=0&ym=0&cu=1637733178654&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5688542871%3A138349983040&zMoatW=300&zMoatH=250&zMoatVGUID=cc8f261d-f599-4a03-9f72-b6f808059d4d&zMoatSN=b&zMoatSL=mpu-bottom%3FLL%7CT-1000&zMoatMMV=noHistData&zMoatMMV_MAX=noHistData&zMoatMGV=noHistData&zMoatMSafety=unsafe&zMoatMData=1&zMoatCURL=zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22364980590&dfp=0%2C1&la=22364980590&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A1615%3A1615%3A2575%3A1634&iq=noHistData&tt=noHistData&tu=1&tp=unsafe&jk=-1&jm=-1&fs=195602&na=1500968184&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:58 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:58 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 82ED
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

59ms
59ms

Image
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: H3
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Redirect headers

date: Wed, 24 Nov 2021 05:52:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame F4D4 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame F4D4 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.zdnet.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F4D4 0
20 B 46ms
32ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sra_setclickurl&pvsid=2435311087747591&lenfreqs=570%3A1&vrg=2021111601&nw_id=22309610186&nslots=1&eid=31063811&pub_url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame F4D4 28 KB
12 KB 56ms
55ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2435311087747591&correlator=2331592432120800&output=ldjh&impl=fif&eid=31063811&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211124&iu_parts=22309610186%2Caw-rv%2Civt&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250&click=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjssaxqepw4qkEgohdjJ4aP7p25EF7hSCELJB4cs8csuYjYrHOSRKCxRCVKsCd8-s4Qdx1aPp97552oM3GC9110BCsAlt3dAnxbpT6PZe4_5paOVRd_yLOJG5gxb6LdzWDawrAQfKZdWxTmbmpfun_3z36dcMW5gA88zj4WJNjR79mWM27gcwZjRpk1JjjYYjrgYPBVaXYw9Yw_docOwPmsrpfXNWx7_2okAp3GHd0Ew0Y_5FjseWRZ2i19u3ahRSF406dRZcUTzel-Hp0kD27m4ZGnd-7WhGNIt3B76K2LYJCJUjd34rwAbtzVoW%26sai%3DAMfl-YQD4aExvKpTkexBHbO5e_8Jlg_Rj1cUFa0FhRKssZ0sVvDZ6yVqFmjVu0gpb81CfuRadMn3aokD94A8bqJPdGGUX6SHKNt7lA2jMmHmUknoKsK1-Vm7MbS93oOHDZo%26sig%3DCg0ArKJSzMqSIr01ZoUjEAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26adurl%3D&prev_scp=campaign%3D5677026463&cookie=ID%3D8edac2c33945b848-228cc5f4facb0046%3AT%3D1637733178%3AS%3DALNI_MafsYhNTrpRB4btaq8zXbvi_e5O4g&cdm=www.zdnet.com&bc=31&abxe=1&lmt=1637733178&dt=1637733178866&dlt=1637733178401&idt=445&ea=0&frm=23&biw=1600&bih=1200&isw=300&ish=250&oid=2&adxs=1050&adys=1705&adks=1319207525&ucis=ie0w8ihlpqc2&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&top=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x0&msz=300x0&ga_vid=489646788.1637733179&ga_sid=1637733179&ga_hid=1546892095&ga_fc=false&fws=256&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

980966f335573e1707efe4b8f15f09e32d39ccee40a2168a86e24cd19698bca1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:58 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12039
x-xss-protection: 0
google-lineitem-id: 5677026463
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138355023537
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.zdnet.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
5e8d489c0db6ff75e43f102cf0229f29.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5912 6 KB
3 KB 32ms
18ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5e8d489c0db6ff75e43f102cf0229f29.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 24 Nov 2021 05:52:58 GMT
expires: Thu, 24 Nov 2022 05:52:58 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 15ms
14ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_HEADER1&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=11&f=0&j=&t=1637733178058&de=916876599163&rx=952852551145&m=0&ar=7829d9c2dd3-clean&iw=49869aa&q=9&cb=0&cu=1637733178058&ll=2&lm=0&ln=0&em=0&en=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&zMoatAType=content_article&zMoatTest=zdnet&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&bo=aw-zdnet&bd=security&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&gw=redventuresgamheader644747280705&fd=1&ac=1&it=500&zMoatpos=top&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-plus-top%3FLL%7CT-1000&pe=1%3A1615%3A1615%3A2575%3A1634&jk=-1&jm=-1&fs=195814&na=1789082712&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:58 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:58 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 323A 624 B
297 B 33ms
19ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CO67DRDRpiAYtpCytgEwAQ&v=APEucNWNx_zaDpX6qSTh5-t63gizyLHoVY4ZkB2OfI4V0Qfd3S92xoX8NYBPKGG9e2hmaXK_gAVV-LX8zvnFjGm1urI3GkX0g942YhdJDMy9qyEXARSi4lNwZh4IsQRQ2j0-WzHjG0XwrNGogvO8OrOMluwKyeA3gg

Requested by

Host: c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com
URL: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 24 Nov 2021 05:52:59 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A2BC 72 KB
30 KB 53ms
42ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AXvPqERVMfj3Oy0T5ioXyTcjY_J2fHhm1LGthD_wkRGnv981TBoTx6sCVPY41P3HHhvpGf6B1zHebJfjRZLoTk9WjUoxKhz9BoEQREQC3oHeeXpqtxcG7jHQYH8cuSdsTlOOHmDIMBencKtSpiW7G0SsOuTw&dbm_d=AKAmf-DI0LmLHpG2OXo6yCbu7iESEcHcYcQDK5teILRN406xU43AWHsCmDNOmSF-wrrHBJnpDnLfBvwH-uX-qwfJC_zg8nxyiFrkbvCDWUmPSVinF_0oyKdMoPrqmVMsqWs6R-G8pykex7rUVJAjqldI9xhRFHwxg4GQVmFi9QvCRI5VpHr7RNcIbR8Jvib0Oy5kTrUgVUc29CjdU47zPwWinshEoXicwPbxFlW7kUmwwJncr6e69Fskd0wnAQzm4TGRySL3UwIHb3JW_ilwWTzY39g905GOLOM3eba40IlU-ntefgH1IWniYl-zhT3-KLYksVu1EldLV5SJNgQURTdHYk_7yi9ZBMReendMdWfctppez9hCm8ao4hWMEjyLY16NCMRJhiHcT5qB3SmxEMhPuA3zilVB5MeDlqJKUVVDUt5Jm7E9XOVQT_uJ-0orbvJvJZlTcC0zpRfHVTR5_QrD198AZrQBI4SUC6h9FaJaoScKub_ch5WjcSoVNN3OFl8i2o_KlCYG53roPEXGWIK3Ly7ASOSNVgOOvyFaBiNr-iYjM49_JMwL3Awu_mIv2-fsZ5BmLgQBCw7kN7i3-wtkfGUOZJ6pRVtt7mhIwFNlgBCvd9TSqmanr8oGhIhJqrDC4sU8LJNXcS-96k49xLb6jw3H_WLlLZLn-N4Zb8ahsZFcAFf0pL7DM6d8tXC-XPkDikEpcT4NNz7W4RcHxFEVplmQQIAh2GctyJ-7iIQ73z4vq2HtJmDD839wIHAYPBOnnYRZEQsKNgPTavi8XayBqjGa1ZudYtaZjSjoweW1FVhlBk58f7Pyz17-1cQklsSk13DBSQaZmWqg22VX5maj82Dw-xjQQwedhAV4-yoYiJoyqrRlnaJqucDSfJJfMGeDxx6NY4950-MTzCTLQ87vEWvRfldduWmLpMnCPZL8rH9CpGikSyrKGJd3yaXRDlSLZtP1avIV0Vme9uNShhhyhhN4YhL78DfLdrESoWZvWauOsPkTHKZnMWAizERbfiB-bBi-BnhJZRVINaOeAGOY3af7ib6BTxEByII7OcDYwGScEgbqnM40swP8CbxJX5oKOoDfvFtWBk-Uvtr2LXf0_wArogEoNMSnlRYz_iY11IhBf67FscGUVUJa73xB6yh1CgEiZsh5xBWakwdtwnKP_23WVxYJS96aeFsEQiu5zMaiNr4_4pEVDSO7rEs_ZQbt366qyP3fvDu_W7ai79cBKrFdYBiN2fFlyYix3r9v8pzB_g_thiS-CNbv-Jx_7UuDxaCvn2hCzlvSdq1GzO-czK4JSlcxstnCytNSL8_vNJJJ8yZa-vZb87C1JgtK58Uo2bMeTcezbW4lFLVim0kj0_hdNpw9S0932Jn09rBIi-sywd3lwrATSh6tg1X02JXLe_POoU1w7KIW2lnsuejPfChahogGu2QgOanrnnvMXTJL6dbnKgBrdn-FWs7JL7aa_H3GZ6nF07En5hrnnsWDDMxwWNoJv75EAzIWXi8Zh6r4fFRYWAszRoNmkpclU3s4ngYOSAMMifZqgBGVNvgFsA0kDgULJP19Sj0IPeTjdMnrqBPpZMXlNNlb3bXIjUPbe-7TvDmsguxQ_Ww4HQ8l13LjVhBVhGHi9fEcPsUNalx7SEZUsiEFv11cTSgrvEVpUCSmwkYYeFeHQgBgGi7cXijCLeBSo2ri4NlcYSF--EWkdBxSJQOq9WJsWKE2aIVwp7UXdD39NOknkpN9wzlbbULAbzduf_IzytHhz-AewhjA1mGrjtGEnNY3ionANyV4kyzcjMfr343E4bT_Elx_rtYwmbBGDHU4ZvzON9cmuoLIlR8nSXyNdqkMM0AX-1DqRdx838sIDU4sIv9yzgKo4ebc2IdzdvTYWGPJUpKK0LSAtNS4mI98lPpN_mPk6MU6YevTjGNcfFJsdEpyp_rAqE7l7Khmc2LzndmXc4laHspWkX2Tq6zRrnx0Wx9ZUxZYFcNDSUjUAj8SWXDb8oLQpa9NPGOrlpP-rbMO2PNsske1blQ9KcSEFA55Nrf8U-8SsM9wFFY5QpiGFmxhIflIyrJYBmz7n_su3P1H7NBJgESuQmIrvn6GDMAvTd8HGzdqzGhfZRWvhy9H07I3rFP_5jtuutNdDzNH-dtVmiYyfrL36uEFxcSwsoW3xSnQ4Kpljyv17RRHsLtl7RUTObwZmavmdyvuFzVbzRwZZUeuruugCNpjIvX014v1jev6wRZVuKMVdsFznHXV_rAnjRPhhyj6A9ZpjbmnbLzOy6-7Pbpyx_5pzhkj3lof-zmlh9SwiE-QTJYSu62B7s-WJwzwYRol2m-een9uHEutMCfqZI2hsO12z-Bm-O6IcktKOXPzK9bnjrnjdSm8YZ8i9HInMG2SQ5IptQd_22cXRVP4i-7BGqkkPD_pKY8RBMDQ6Be2Py635l5FbmVxu-hWoEfEetC5LjahlRQ0rN2q8lbu4fz9PnCYXaVS3PHVGMsT54FFrdeEBG5K0kkT3Rdw2aKFXo33a44-nWRdtbcyl3nSj0xwUl7_N8guz9piFDlaF_j12nQPzZBQEUQmlWHzFWaTyFqTE2Fh9_mxR9kCkQyb9mHtSzxMHgxdaqTxtkhQSCOTjc9alDJajWzVxAX1QzqtooJB_XgwdMkOKbmWrjbBIZXq3ZndV0mLkjjmekDtGjlldJhvnNllQo0HcZ7zFgtto3EjTrsValhL59-YOJlpRQy1WUZwYyLJ9RDhtmoHdWeGbU0Coki7uw1GyPNZkP855L5bO5v9oemlNFkWZf0yWLZCGjGJrQ8wEOPSYSow_H0YeUyMD7oYwH2Dm4qBI-oXalwQrIFPsmXau5ln32BMgZlR65frz1ob-YJvgkWUZimRFkJ8ONvzwCFDn-2YgSR17Q1HbZn1RHPJvD7HOkrBQmRZ6NN_A0YTNEwneoATftyyyaufiqWesfnDfZdrkm8DvUwaYF_3lJeLSkz9j8pwZgavYeIBnDeTwS4sIJuS5hmZ-FBPN4mliE0Ez4hw0SrscTRuKJb4UYTn_SJv7iDb8lfpWbjv-i1f-BLX8j3u57GT1-i5MgYUEj7L-3pg3TpZoQMfspPutePcZAs7fvWZZnUNtH5d6ivaFVyLweXwRRMNpPwC5_kwBrqvfh6WXZ52W7aITu_5ecwHa6tI-vubJybDq_SEtZNIN2WiECgUM6I8sWrDbOUBw9dyvI_HFBPlyikTT3wimRp6GFJSLICZw3BTYWqry9kioRiIebnFzTnozWKMuFIlPoHzW9ZinG7XGnQ8l1oq7k0mVUd-MVfoHMBwLHNqzD2LVm6xrWv5kaDpfojRmEIqNJq7A6VQuEb8CsM6W9bqoWb9uJ0d8EJQQbYxM-AIc93FEgdT36VgOfxUEWK_Fyeg&cid=CAASFeRooZjkRck_tqfRg6sdyyDKDNJ0UA&rfl=1%2Chttps%253A%252F%252Fwww.zdnet.com%252Farticle%252Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%252F%240

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36cc65361d34b88795a2c35fe43c9ce69ef4bcb08b1e914ea15feebffbf6f253

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31013
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A2BC 42 B
63 B 29ms
29ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BKi0-lt9hTjqTrack6iZaNAVfZBJnLMIY6hYE8HItXx8q7AJpp0kvcXUCpQpqrTxnnjmN_koR7bSPQxhf8BFoA4Wu6p19dzGVn7pkTDtJpdkoOfXE

Requested by

Host: c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com
URL: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame A2BC 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com
URL: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:27:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1547
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 05:27:12 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A2BC 119 KB
36 KB 32ms
18ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com
URL: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame A2BC 15 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com
URL: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:39:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 782
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 16810888504096353422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 05:39:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A2BC 0
0 14ms
14ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTygTZN1aS6ybXFQyn9HufwpTIxikn3N5HAxFB-spPxS-G32HjqMuYS9aujFDe4JOod5v3Mk-mXKjYEBuLgkpYP55ioMw
Requested by: Host: c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com
URL: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H/1.1 200
OK pixel
protected-by.clarium.io/ Frame A2BC 68 B
345 B 12ms
11ms Image
image/png 18.194.83.218
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://protected-by.clarium.io/pixel?tag=wt_SjNVWEZlZTF4Y2xZLWJmRmxXaDFtSVpfcGhVLzI4NzA3ODYwNzU6MzAweDYwMA==&v=5&s=v31fl8827jn&id=eyJkZnAiOnsiYWQiOjUwMjQ0OTY5MTEsImMiOm51bGwsImwiOjAsIm8iOjI4NzA3ODYwNzUsIkEiOiIvMjIzMDk2MTAxODYvYXctemRuZXQvc2VjdXJpdHkiLCJ5IjoyODkwNzIsImNvIjowLCJzIjoibXB1LXBsdXMtdG9wIn19&sb=undefined&cb=1656198&h=www.zdnet.com&d=eyJ3aCI6IlNqTlZXRVpsWlRGNFkyeFpMV0ptUm14WGFERnRTVnBmY0doVkx6STROekEzT0RZd056VTZNekF3ZURZd01BPT0iLCJ3ZCI6eyJvIjoyODcwNzg2MDc1LCJ3IjoiMzAwIiwiaCI6IjYwMCJ9LCJ3ciI6Mn0=
Requested by: Host: c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com
URL: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.83.218 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-83-218.eu-central-1.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Nov 2021 05:52:59 GMT
Server: nginx/1.14.0 (Ubuntu)
Content-Type: image/png
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 68
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2302 0
0 30ms
29ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstEHBCjZzRkWzq8WtJ39ada9p4gkoz0yCKqKdX45HLOReyYFspS29_nELIe3Ss0mqmh0mj6XbwKoMp5r2zzjJn4hSn6HdTAFueS0dwqx7XusCXPPbT2PTLAP9Ck20dIJrWrcRLyzQH6fwUcDR7iXq6POGqCzdg-GxK9BnOL5EboPVrb706xL8yOMsbWJt8gbDPfABaF-BoOZUfdj3zNO6boOj7n5aJdTn_bZTj2lOjSNbAthPpJUaSa5SoMymG1CnPL_x3ZG578i4EU1x6fCZ8TLCh57FF4NWcGN9R1rpPhDZN5cO7JIQ&sig=Cg0ArKJSzBJM7PWhqZKbEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 2302 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:27:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1547
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 05:27:12 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2302 119 KB
36 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/redventuresgamdisplay60805146916/ Frame 2302 335 KB
112 KB 8ms
8ms Script
application/x-javascript 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/redventuresgamdisplay60805146916/moatad.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:59 GMT
content-encoding: gzip
last-modified: Thu, 04 Nov 2021 17:56:16 GMT
server: AmazonS3
x-amz-request-id: JKACD2Z83TEFNXN6
etag: "f312b221978540b1bae8fcc427275c6d"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=18598
accept-ranges: bytes
content-length: 114431
x-amz-id-2: vE4N63LrA6CCHExR0NYwfJggxV2yTQuh53zCWlNwnQ9e7dUGpKJcSGjoc1bCkJeUX0tkAeyjyBw=

GET
H3 200 16181266791146063110
tpc.googlesyndication.com/simgad/ Frame 2302 17 KB
17 KB 10ms
10ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16181266791146063110

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb3661ac37cbb213b64eb600c7c30da647babd9a2b2ffdbe5f30830fcebe2cc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 11:17:28 GMT
x-content-type-options: nosniff
age: 585331
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17729
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 21:34:20 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 17 Nov 2022 11:17:28 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3D4C 0
0 63ms
62ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=1370475171578121&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 54ms
6ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=119&fi=1&apd=237&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1637733178058&r=232761718021&t=meas&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=nav&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=nav-ad-plus-leader%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Fsecurity&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 55ms
7ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=119&fi=1&apd=237&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1637733178058&r=232761718021&t=fv&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=nav&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=nav-ad-plus-leader%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Fsecurity&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 56ms
8ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=119&fi=1&apd=237&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1637733178058&r=232761718021&t=nht&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=nav&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=nav-ad-plus-leader%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Fsecurity&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 10ms
8ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F9549539635794731952%3Fsqp%3D4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4%26rs%3DAOga4qmU15iUe04ir98jcZ4pwBMhYE7myA&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&bq=11&zMoatpos=nav&zMoatvguid=-&zMoatptype=-&zMoatsl=nav-ad-plus-leader%3FT-1000&g=0&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733178058&de=232761718021&cu=1637733178058&m=996&ar=7829d9c2dd3-clean&iw=49869aa&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3950&le=1&lf=128&lg=1&lh=88&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=0&ag=119&an=0&gf=119&gg=0&ix=119&ic=119&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=119&bx=0&dj=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=237&cd=0&ah=237&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=3&jm=-1&tc=0&fs=195814&na=400779141&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 51ms
9ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=133&fi=1&apd=251&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1637733178058&r=232761718021&t=hdn&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=nav&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=nav-ad-plus-leader%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Fsecurity&bedc=1&q=4&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

POST
H/1.1 200
OK NRBR-a22c617a7b2aab2da1c Show response
bam-cell.nr-data.net/events/1/ 24 B
501 B 132ms
132ms XHR
image/gif 162.247.243.147
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/NRBR-a22c617a7b2aab2da1c?a=695782443&v=1212.e95d35c&to=NgYBNkBYWEEEAURQWg9MIgFGUFlcSgNCTVwCDwY9QVBYVQkH&rst=3407&ck=1&ref=https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type: text/plain

Response headers

Date: Wed, 24 Nov 2021 05:52:59 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 6b305fd14d005c02-FRA
Content-Length: 24

GET
H3 200 IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js Show response
pagead2.googlesyndication.com/bg/ Frame 1B75 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:49:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 133438
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13371
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 16:49:01 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 20ms
13ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=33&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1637733178058&r=818009599928&t=meas&os=0&fi2=0&div1=0&ait=0&gpt_target_pos=middle&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-middle%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Fsecurity&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 19ms
12ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=33&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1637733178058&r=818009599928&t=nht&os=0&fi2=0&div1=0&ait=0&gpt_target_pos=middle&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-middle%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Fsecurity&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame A2BC 106 KB
38 KB 32ms
6ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
Origin: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 11:07:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67532
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 11:07:27 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame A2BC 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:47:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 308
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 05:47:51 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame A2BC 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:45:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 463
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9475
x-xss-protection: 0
server: cafe
etag: 15988442915344899701
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 08 Dec 2021 05:45:16 GMT

GET
H2 200 zdnet+b8e87bb6-d657-4da5-8860-16a3555c5a76.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 1 MB
1 MB 7ms
7ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+b8e87bb6-d657-4da5-8860-16a3555c5a76.png
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/141b7a-fly/js/main.default.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 814f77060325c2cb194b296de9944cbc720009b50476ba341c863f701cf5b402

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 830
x-guploader-uploadid: ADPycdtD2Ntflrh0Ut9Z4dq95SIg5vTnTwvb_IfKnn0wM_l6pWCAfBVQW1FI4kqcELBlEV34CMKi0VQ9JhBSyqDShoQ
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 2
content-length: 1060377
x-served-by: cache-chi21173-CHI, cache-fra19156-FRA
last-modified: Tue, 28 Sep 2021 14:15:19 GMT
server: UploadServer
x-timer: S1637733179.129512,VS0,VE0
etag: "4ac69544cb22d03974ff749c03c78b3c"
x-goog-hash: crc32c=yszRtg==, md5=SsaVRMsi0Dl0/3ScA8eLPA==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:39:09 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 8ms
8ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F856114496422413000%3Fsqp%3D4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4%26rs%3DAOga4qk_HHOql6urIoO0v4511fkWvJLnbw&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=middle&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-middle%3FLL%7CT-1000&g=0&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=250&w=300&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733178058&de=818009599928&cu=1637733178058&m=1036&ar=7829d9c2dd3-clean&iw=49869aa&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3950&le=1&lf=128&lg=1&lh=88&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=33&cd=0&ah=33&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&jk=2&jm=-1&tc=0&fs=195814&na=1793109235&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 323A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZdwcLUoFn5nk-XHSl_ppo&google_cver=1

43 B
1014 B

29ms
17ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZdwcLUoFn5nk-XHSl_ppo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO67DRDRpiAYtpCytgEwAQ&v=APEucNWNx_zaDpX6qSTh5-t63gizyLHoVY4ZkB2OfI4V0Qfd3S92xoX8NYBPKGG9e2hmaXK_gAVV-LX8zvnFjGm1urI3GkX0g942YhdJDMy9qyEXARSi4lNwZh4IsQRQ2j0-WzHjG0XwrNGogvO8OrOMluwKyeA3gg
Protocol: HTTP/1.1
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Nov 2021 05:52:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 24 Nov 2021 05:52:59 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZdwcLUoFn5nk-XHSl_ppo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 323A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YZ3TO5TNOkfnInbOxuEpwAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZdwcLUoFn5nk-XHSl_ppo&google_cver=1

43 B
894 B

21ms
20ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZdwcLUoFn5nk-XHSl_ppo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO67DRDRpiAYtpCytgEwAQ&v=APEucNWNx_zaDpX6qSTh5-t63gizyLHoVY4ZkB2OfI4V0Qfd3S92xoX8NYBPKGG9e2hmaXK_gAVV-LX8zvnFjGm1urI3GkX0g942YhdJDMy9qyEXARSi4lNwZh4IsQRQ2j0-WzHjG0XwrNGogvO8OrOMluwKyeA3gg
Protocol: HTTP/1.1
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Nov 2021 05:52:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 24 Nov 2021 05:52:59 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZdwcLUoFn5nk-XHSl_ppo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 323A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHQEUgQOnCNHWfj51k_B9Lo&google_cver=1

43 B
1006 B

18ms
7ms

Image
image/gif

37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHQEUgQOnCNHWfj51k_B9Lo&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO67DRDRpiAYtpCytgEwAQ&v=APEucNWNx_zaDpX6qSTh5-t63gizyLHoVY4ZkB2OfI4V0Qfd3S92xoX8NYBPKGG9e2hmaXK_gAVV-LX8zvnFjGm1urI3GkX0g942YhdJDMy9qyEXARSi4lNwZh4IsQRQ2j0-WzHjG0XwrNGogvO8OrOMluwKyeA3gg

Protocol

HTTP/1.1

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Nov 2021 05:52:59 GMT
X-Proxy-Origin: 136.243.198.84; 136.243.198.84; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 3ea93587-ce0e-43af-86d0-7105deaeab6e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHQEUgQOnCNHWfj51k_B9Lo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 323A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE0MzgyNTU5NDYwODY5MzY1Ng%3D%3D

170 B
188 B

15ms
15ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE0MzgyNTU5NDYwODY5MzY1Ng%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 24 Nov 2021 05:52:59 GMT
X-Proxy-Origin: 136.243.198.84; 136.243.198.84; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 4252c48d-901d-44e7-b6aa-68d97268c6ce
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE0MzgyNTU5NDYwODY5MzY1Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2302 0
0 30ms
29ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuEH8QfoMuHqB6LARTJN43fppkaujkWlxiP0jHinur3zYFGc9UKKY59Q1jWTFS7VX6mvdZS0Efp4tG2emTjbZQ2hwKAee-MRpTADEB3TzKC4CgSvEZDgsjFw2fd8HJmYiloRt9HG3sTpmcev4ycPhiTLdla7LLQcPSEWVqCXDCB4ZoL8Q7zJDk_sRPTHwQAC4xMxlzBMLvOmBzEyNFE28kmvNYEsLxOKU9IiEGjPlm9BLu3lB0M92nkiH-Htw0i5IlhnJSi2C4i-r-KYCSjCz_VL-vgF7XrjmIQmAGGaKtZyj_jxXL4nn3J&sig=Cg0ArKJSzGtPUiNzcdCkEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
DATA 200
OK truncated
/ Frame 2302 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a0cc8a3f3f26d60734dab851008489da424a184351a2d1f641a904bbcc37bde2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 17ms
6ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=6&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1637733179163&r=432206890530&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 18ms
8ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=6&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1637733179163&r=432206890530&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F4D4 0
0 30ms
29ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstIzPR3ykP56AkKAUqjiEBJ6gwNsU4mIoH-4kbQZuGggP_zBdZBKsvHArdXYIDuS4l_hYbFticYkR5VEBDuhX1oXxKoxlpNeVi04sYjAJ_qo3Ar8OyOqTYNN-2-jjByJGRYVrGa1J5749DHHjrVXmg4IOdrtvby7mPgJqUpZu2pIPPOFAAanzJAjJMqC9BpQRN3dA2PxedBiriBhkVVba0rygFhH9hsZH5KmrA0pMFdhxILENuEPQZczUjpg2dPSoJee7MB5Wd8EX3s9NtNK_EonFVf7PJ1yhA_lyZz5kYVBEdM62D4K02JTrSk9ryuGlY&sai=AMfl-YTt2blhupVtvyA9RXVHnUP_TFLs-CdvvUPsf3l900HaTdUCiilXH8cf-9hXzTRim_uDiU0Sx5h8fpFOZPAO6-WqVVvXHLfHw4x6YlkgPMo408X9C-BddSURxlEQp5Q&sig=Cg0ArKJSzAz9bXYkBk9hEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F4D4 12 KB
9 KB 35ms
19ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

291b6cbb804bb20f7890e28244a22e48cb72fb0d89df5613e22e5c2159dca03e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9356
x-xss-protection: 0

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
6ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=REDVENTURES_GAM_DISPLAY1&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&bq=0&f=0&j=&t=1637733179163&de=432206890530&m=0&ar=b4494b788bb-clean&iw=5b2ce75&q=13&cb=0&ym=0&cu=1637733179163&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatCURL=zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks&zMoatDev=Desktop&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&gw=redventuresgamdisplay60805146916&fd=1&ac=1&it=500&ti=0&ih=1&pe=1%3A1615%3A1615%3A2575%3A1634&iq=na&tt=na&tu=&tp=&jk=-1&jm=-1&fs=195602&na=1732709035&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F4D4 17 KB
6 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 7ms
6ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=185&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1637733178058&r=818009599928&t=hdn&os=0&fi2=0&div1=0&ait=0&gpt_target_pos=middle&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-middle%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Fsecurity&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 8ms
7ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=76&fi=1&apd=152&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1637733178058&r=916876599163&t=meas&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=top&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-plus-top%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Fsecurity&bedc=1&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 9ms
8ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=76&fi=1&apd=152&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1637733178058&r=916876599163&t=fv&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=top&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-plus-top%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Fsecurity&bedc=1&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 9ms
8ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=76&fi=1&apd=152&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1637733178058&r=916876599163&t=nht&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=top&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-plus-top%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Fsecurity&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/1893691/1633100134497/ Frame 2460 149 KB
23 KB 22ms
7ms Document
text/html 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/1893691/1633100134497/index.html

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

742b93db4b4e26a4baf59bdd2705486c7f2e4a89e95fb91776bac54df0a85f5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 23539
date: Tue, 23 Nov 2021 11:24:07 GMT
expires: Wed, 24 Nov 2021 11:24:07 GMT
last-modified: Fri, 01 Oct 2021 14:55:34 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 66532
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A2BC 0
107 B 261ms
41ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstOef-g4JtEixTopTmVWAraJ7MyaTL2oU-8GA5TLaO_nMQFmwpKTT5nPy-WCJS5ovkRXYX3oB4A5tZpqoEqt9uIBpmFtmwfM455T33RURz40EN9amhc3-4n0lQ3j-Dpn8II9cHuq53w4DY8pOZKyRY7rFNWhcZB4jc9cL-1LZZG2Mz5cYXoQDudqopQZmBnWkyizp6wORbJoNqpy1z4uaacyIKzEbOWP2BbVKywhrgECDtppi3OzjaA4bO4R5ckCFbOpESaB2Wfc5OeJ19627lkc2QG1w4CFkazTiV9HkAbTYHo9Qm-42arXK6j2CYrWJbT_nY94mm9tlCx1Kn5dO5hCpJ7CKd_hokJYAOK7ymB31CpqgM6I3XzugWYP0J73nJorV2VJlHl0wg3hI_0uuxeGj0E8jPsXR6C4-sQ4tO67FUETaOufHXHokyqC6gxYjw-ucRjQ5Hc02ak2wq5_V1a1VKZ7_LTZizz1J34yLV2J2YZkI78XguVHgmqnaRmCt59vJcHwQif0OUeKrxRk5lj-GnsRE9R25riB1SM44penVCSfWjMqLP5OF-7WcYK66-m6nvp64csVD69lpinOqspMFoJI5ai_eAXFaOEdysRsUQKJqukDevOnhqdkbOBrSAjNVJO73KSGj2zMg7temx1IMvJBt8ovhoecHn3sQPcHKURSO9HQBwTV68lU7RRYSS6hocQf2krkxenfu6YjdQoHn601_1xcQ0OJoLlHgg0WLeg9VyB6HgF2PeYoVZqaksVRx9CjPlhgg_wv2FxEcXh4cU3qomqK_hS6QO3w3yxdo6GlZESw8lXBhAJtPrAW4Z2fgTOS0JNMPQgmVcEMLToauHyVu0aF_OVBqC1dhpSt28ZHP6GpI8P7kHgOniXKtd9kf8it0UntpiJibCwmiuu2WH5HvLkoD7AEdJHcVFCRl7TvmPqhb6H7q93KqWyOyrstff6tCL5Ya0g9R7M-X8IboeSXKurXFIHts0c_y2s7RIUymCCGw7efVvdGs27aqp5Lo0HV-pKgoZ8kRMxKuly0gcYyo53Y8VK7kwDHoxPYWA89MJeF4z4-OcjNIMsVXJX8kyECe1iJdqygU1BmDnQ_WxSGCO_Vy9PRbQbDvNye2ocgqmPqRTMt9F9_5G0eg6YrUG_KU3jxVDYG_Y-n0Qh00dTX3JSu8M_COkcQNap4jv9SE04prr3NtUMwLvLYygG5CiHOcx7ngwwxLk&sai=AMfl-YSgymaxh_5iBF_hg3GH5pxZdh5JQzsZ-DFXGzA7Bj_el8e8v8S9OZi4LNJzE_idNWjXs86hkYneVYvE8cwZ9n4GxMB2L1sRu4IjPIXA0DjNEL8Hxjz1N2Ok052shVUeXucGKm5lXqP_RnoLSWBggaBP4QBclkJJ3fRc3QY&sig=Cg0ArKJSzMIf1PSzkMEsEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=133&cbvp=1&cstd=130&cisv=r20211111.53911&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 24 Nov 2021 05:52:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 8ms
7ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Ftpc.googlesyndication.com%2Fsimgad%2F16181266791146063110&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=0&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733179163&de=432206890530&cu=1637733179163&m=15&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3950&le=1&lf=0&lg=1&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=6&cd=0&ah=6&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-bottom&zMoatCURL=zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks&zMoatDev=Desktop&zMoatDfpSlotId=mpu-bottom&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&jk=2&jm=-1&tz=mpu-bottom&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=541364178&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 7ms
7ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=110&fi=1&apd=186&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1637733178058&r=916876599163&t=hdn&os=1&fi2=0&div1=0&ait=0&gpt_target_pos=top&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-plus-top%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Fsecurity&bedc=1&q=4&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A2BC 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 12:35:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 407867
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 19 Nov 2022 12:35:12 GMT

GET
DATA 200
OK truncated
/ Frame A2BC 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04fee3a67f6851eb7cec163c11659e3bebf8464bf87a07092c1ef515acb3db43

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 zdnet+bcea6b2a-ccb3-450f-9bcf-a26206e1e84a.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 2 MB
2 MB 7ms
7ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+bcea6b2a-ccb3-450f-9bcf-a26206e1e84a.png
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/141b7a-fly/js/main.default.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 9eb90b705b62b01a8a98de7c6f6761e09a6abb1efa48b131cb0f0a46246fb526

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 324
x-guploader-uploadid: ADPycdsYQwaOQvAhTHIBVsoF6YvoqgTWHnsZvaJqt5k2poHqTV68m3FFv5YYP3Pv39hK4BI7fz7txFyUfmOs6g2PT04
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 2
content-length: 1995443
x-served-by: cache-chi21138-CHI, cache-fra19156-FRA
last-modified: Thu, 18 Nov 2021 15:34:11 GMT
server: UploadServer
x-timer: S1637733179.336092,VS0,VE0
etag: "596011150c56c619253390277786969e"
x-goog-hash: crc32c=9LOPLQ==, md5=WWARFQxWxhklM5And4aWng==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:30:51 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 87F6 12 KB
5 KB 10ms
10ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Wed, 24 Nov 2021 04:33:04 GMT
expires: Thu, 24 Nov 2022 04:33:04 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4795
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7DEF 783 B
536 B 18ms
17ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d61457af7e63fd675585fbf389dd8608a5107b098c99fbf7f452c0774ee3ce60

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-C12DMUgtqAWiAPC9054HfQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 24 Nov 2021 05:52:59 GMT
date: Wed, 24 Nov 2021 05:52:59 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-C12DMUgtqAWiAPC9054HfQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 9ms
9ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=https%3A%2F%2Fc3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=top&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-plus-top%3FLL%7CT-1000&g=0&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=600&w=300&rm=1&fy=1050&gp=421.796875&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733178058&de=916876599163&cu=1637733178058&m=1189&ar=7829d9c2dd3-clean&iw=49869aa&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=421.796875&lb=3950&le=1&lf=128&lg=1&lh=88&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=0&ag=76&an=0&gf=76&gg=0&ix=76&ic=76&ez=1&aj=1&pg=100&pf=0&ib=0&cc=0&bw=76&bx=0&dj=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=152&cd=0&ah=152&am=0&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=findIframeAds&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=3&jm=-1&tc=0&fs=195814&na=1382227263&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
redventuresgamdisplay60805146916.s.moatpixel.com/ 43 B
260 B 8ms
7ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamdisplay60805146916.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=207&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=1&d=zdnet.com&L1id=5009920773&L2id=2848205265&L3id=5677026463&L4id=138355023537&S1id=22308610192&S2id=22383746382&ord=1637733179163&r=432206890530&t=hdn&os=0&fi2=0&div1=0&ait=0&zMoatVGUID=&zMoatCURL=zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks&zMoatPS=&zMoatPT=&zMoatSL=&moatClientSlicer3=0&bedc=1&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5DEE 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Fri, 19 Nov 2021 12:35:14 GMT
expires: Sat, 19 Nov 2022 12:35:14 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 407865
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 2460 29 KB
10 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/1893691/1633100134497/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 14:45:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54427
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 14:45:52 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A2BC 0
524 B 61ms
35ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstOef-g4JtEixTopTmVWAraJ7MyaTL2oU-8GA5TLaO_nMQFmwpKTT5nPy-WCJS5ovkRXYX3oB4A5tZpqoEqt9uIBpmFtmwfM455T33RURz40EN9amhc3-4n0lQ3j-Dpn8II9cHuq53w4DY8pOZKyRY7rFNWhcZB4jc9cL-1LZZG2Mz5cYXoQDudqopQZmBnWkyizp6wORbJoNqpy1z4uaacyIKzEbOWP2BbVKywhrgECDtppi3OzjaA4bO4R5ckCFbOpESaB2Wfc5OeJ19627lkc2QG1w4CFkazTiV9HkAbTYHo9Qm-42arXK6j2CYrWJbT_nY94mm9tlCx1Kn5dO5hCpJ7CKd_hokJYAOK7ymB31CpqgM6I3XzugWYP0J73nJorV2VJlHl0wg3hI_0uuxeGj0E8jPsXR6C4-sQ4tO67FUETaOufHXHokyqC6gxYjw-ucRjQ5Hc02ak2wq5_V1a1VKZ7_LTZizz1J34yLV2J2YZkI78XguVHgmqnaRmCt59vJcHwQif0OUeKrxRk5lj-GnsRE9R25riB1SM44penVCSfWjMqLP5OF-7WcYK66-m6nvp64csVD69lpinOqspMFoJI5ai_eAXFaOEdysRsUQKJqukDevOnhqdkbOBrSAjNVJO73KSGj2zMg7temx1IMvJBt8ovhoecHn3sQPcHKURSO9HQBwTV68lU7RRYSS6hocQf2krkxenfu6YjdQoHn601_1xcQ0OJoLlHgg0WLeg9VyB6HgF2PeYoVZqaksVRx9CjPlhgg_wv2FxEcXh4cU3qomqK_hS6QO3w3yxdo6GlZESw8lXBhAJtPrAW4Z2fgTOS0JNMPQgmVcEMLToauHyVu0aF_OVBqC1dhpSt28ZHP6GpI8P7kHgOniXKtd9kf8it0UntpiJibCwmiuu2WH5HvLkoD7AEdJHcVFCRl7TvmPqhb6H7q93KqWyOyrstff6tCL5Ya0g9R7M-X8IboeSXKurXFIHts0c_y2s7RIUymCCGw7efVvdGs27aqp5Lo0HV-pKgoZ8kRMxKuly0gcYyo53Y8VK7kwDHoxPYWA89MJeF4z4-OcjNIMsVXJX8kyECe1iJdqygU1BmDnQ_WxSGCO_Vy9PRbQbDvNye2ocgqmPqRTMt9F9_5G0eg6YrUG_KU3jxVDYG_Y-n0Qh00dTX3JSu8M_COkcQNap4jv9SE04prr3NtUMwLvLYygG5CiHOcx7ngwwxLk&sai=AMfl-YSgymaxh_5iBF_hg3GH5pxZdh5JQzsZ-DFXGzA7Bj_el8e8v8S9OZi4LNJzE_idNWjXs86hkYneVYvE8cwZ9n4GxMB2L1sRu4IjPIXA0DjNEL8Hxjz1N2Ok052shVUeXucGKm5lXqP_RnoLSWBggaBP4QBclkJJ3fRc3QY&sig=Cg0ArKJSzMIf1PSzkMEsEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=328&vt=11&dtpt=195&dett=3&cstd=130&cisv=r20211111.53911&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.zdnet.com
URL: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 24 Nov 2021 05:52:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7DEF 0
0 63ms
63ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=2435311087747591&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

GET
H3 200 IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js Show response
pagead2.googlesyndication.com/bg/ Frame 5DEE 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:49:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 133438
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13371
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 16:49:01 GMT

GET
H3 200 blende.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 5 KB
5 KB 7ms
7ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/blende.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee3e1898d44303624ba59189b20af55cdd046889c43e3837dca84041000ea128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 20:07:49 GMT
x-content-type-options: nosniff
age: 35110
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4874
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 20:07:49 GMT

GET
H3 200 Testsiegel-1.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 6 KB
6 KB 9ms
9ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/Testsiegel-1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

953019716ccefc684078b12cbec0f9cee5345976d141bc17116c42e69edb9495

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 11:16:17 GMT
x-content-type-options: nosniff
age: 67002
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6298
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 11:16:17 GMT

GET
H3 200 fluegel.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 9 KB
9 KB 9ms
9ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/fluegel.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52af5779c84afeb670abb52db5544f8296c40b53d93e0655ce12a8c4f0374079

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 21:40:39 GMT
x-content-type-options: nosniff
age: 29540
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9063
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 21:40:39 GMT

GET
H3 200 txt-4.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 5 KB
5 KB 9ms
9ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/txt-4.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dccb255c8e32f3dc758d4396911d36422bb63838da6aed74351e679e94f9aa63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 00:46:44 GMT
x-content-type-options: nosniff
age: 18375
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4887
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 25 Nov 2021 00:46:44 GMT

GET
H3 200 txt-3.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 5 KB
5 KB 9ms
9ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/txt-3.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20fa717cc6fa466e1676f24fa682ffc8bc96d1d99693e5082a520013a1a73d43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 15:57:17 GMT
x-content-type-options: nosniff
age: 50142
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4966
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 15:57:17 GMT

GET
H3 200 logo.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 2 KB
2 KB 10ms
10ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a103efe93f91cdcc33e0fff93efd2a69e610dcd7c88deb3d4ca1b637603dff94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 16:15:52 GMT
x-content-type-options: nosniff
age: 49027
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1885
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 16:15:52 GMT

GET
H3 200 cta.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 938 B
962 B 9ms
9ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/cta.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fc07a23bd87702781a36b928724b15f02c5cccb90dee8c6e9f521371194d843

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 20:02:30 GMT
x-content-type-options: nosniff
age: 35429
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 938
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 20:02:30 GMT

GET
H3 200 bubble-3.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 5 KB
5 KB 10ms
10ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/bubble-3.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8ac92284cf98a6cdfa88ffa24027a98f594542fe00062c69c41be1e18b4fff9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 11:27:39 GMT
x-content-type-options: nosniff
age: 66320
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5292
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 11:27:39 GMT

GET
H3 200 bubble-2.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 4 KB
4 KB 10ms
9ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/bubble-2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6dd48ba3cee7a69d470d49b596a39b06520eaac655b5f8216813b3e22b64bc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 20:02:30 GMT
x-content-type-options: nosniff
age: 35429
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3694
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 20:02:30 GMT

GET
H3 200 bubble-1.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 4 KB
4 KB 15ms
14ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/bubble-1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d625a08618e2b2e50024b402e67a13dd74c3af07ddb255043f1f256b86b737cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 11:58:17 GMT
x-content-type-options: nosniff
age: 64482
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4287
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 11:58:17 GMT

GET
H3 200 strich.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 825 B
852 B 15ms
14ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/strich.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b63621419098edebedcc317da19cf6dad26eb61767ad7dfaed1283024865ee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 11:36:18 GMT
x-content-type-options: nosniff
age: 65801
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 825
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 11:36:18 GMT

GET
H3 200 HG.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 1 KB
1 KB 16ms
15ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/HG.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dc91694a96185f5d4f7e961d518959456449fe2c90dd5c24d4dd9bf890e1e58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 06:56:07 GMT
x-content-type-options: nosniff
age: 82612
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1409
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 06:56:07 GMT

GET
H3 200 grau-blende.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 5 KB
5 KB 14ms
13ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/grau-blende.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d28ef207bb4632ddeeea48a8c888699a598a74cac1a2fe98050f96c65d74f43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:20:21 GMT
x-content-type-options: nosniff
age: 1958
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5244
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 25 Nov 2021 05:20:21 GMT

GET
H3 200 foto-1.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 19 KB
19 KB 12ms
11ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/foto-1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3577ecaee90e357d364dbb9633426b064227449b74b3732bff062dc5c27057c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 21:40:39 GMT
x-content-type-options: nosniff
age: 29540
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19284
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 21:40:39 GMT

GET
H3 200 foto-2.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 18 KB
18 KB 11ms
10ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/foto-2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b6ec14346d4c7566c82a17b0085befd5cca4c73a49e8d466180b2f9c0be480e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 11:27:39 GMT
x-content-type-options: nosniff
age: 66320
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18457
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 11:27:39 GMT

GET
H3 200 foto-3.png
s0.2mdn.net/1893691/1633100134497/ Frame 2460 15 KB
15 KB 11ms
11ms Image
image/png 2a00:1450:4001:801::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/1893691/1633100134497/foto-3.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9d24791c61488cd4a54f9cee52698874350e964115e5943277421987f682b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/1893691/1633100134497/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 06:14:37 GMT
x-content-type-options: nosniff
age: 85102
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14930
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 14:55:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 24 Nov 2021 06:14:37 GMT

GET
H2 200 zdnet+c5756565-330f-4f7d-881f-d3992a8726c2.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 1 MB
1 MB 11ms
5ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+c5756565-330f-4f7d-881f-d3992a8726c2.png
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/141b7a-fly/js/main.default.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 072b0c7bb6daee67db911f435732cb9ac19a5e38712f94cdac3947c5d42f9907

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 21
x-guploader-uploadid: ADPycduA40zl2DZ0HGhAEArr3S7thwuAAvaF317jjGUi2OD3yhlwPUzRM7d5Jg30bah1JILVG5XTgSIXqFdsfq_BvwDSC91maA
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 1
content-length: 1510718
x-served-by: cache-chi21147-CHI, cache-fra19156-FRA
last-modified: Thu, 11 Nov 2021 13:03:19 GMT
server: UploadServer
x-timer: S1637733180.527152,VS0,VE0
etag: "ec50094ba4df1fb3f9a77f06120f04e1"
x-goog-hash: crc32c=4g3KEQ==, md5=7FAJS6TfH7P5p38GEg8E4Q==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:52:38 GMT

GET
H3 200 IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js Show response
pagead2.googlesyndication.com/bg/ Frame 87F6 35 KB
13 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 16:49:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 133438
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13371
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 16:49:01 GMT

GET
H2 200 zdnet+455aade3-9b8b-435c-927d-9d5a2891c08f.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 2 MB
2 MB 20ms
19ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+455aade3-9b8b-435c-927d-9d5a2891c08f.png
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/141b7a-fly/js/main.default.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: cfe46c4a1e7bd682c69583032e5e74a5b4a223bdbf61e6ca7226753119a24167

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 665
x-guploader-uploadid: ADPycdvSHUxSFY875xz8wTGzjOF-VJ4iyQ3TxJvVbwdwV5ggkWQY26pXpRp-DWi9n04zizsvF6SV1Ns19F_WRuXYR4I
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 2
content-length: 2279905
x-served-by: cache-chi21134-CHI, cache-fra19156-FRA
last-modified: Wed, 22 Sep 2021 17:00:13 GMT
server: UploadServer
x-timer: S1637733180.543779,VS0,VE0
etag: "ef84002ff5c32cebaed28574c3b751ee"
x-goog-hash: crc32c=WK9yRQ==, md5=74QAL/XDLOuu0oV0w7dR7g==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:41:53 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 30ms
29ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=1370475171578121&bg=!kZKlktbNAAZQLpa_UC47ACkAdvg8Wjle2ZQdnWxWr5vgAG8_56QDmhX8sWHZG2aqXnvn8Ax-KrnOpgIAAAEtUgAAACtoAQcKAIDJd-QYF32Iv1_3BqZCnPQvBeacc2qb_Md_VQt1yjELmHCaxyFenBsQaM16MF7DLFTrzo7p1GwPxPz2-RUatXxRPwgDuEkp22mZEM8KBRXmm1LmJ78oNe-pT_X9YncQVgp-0e0t2wOiZCb-Hu7wioN-8ko1lGaEXYv4TzRAfToBnJkCehRf3bh2c4ZWU_hGMjy7D6f_c-n6dWodgjvnqkbe88eKPo_SBKYtfJuLUbgKDVzgrLN5soV5x6p3Jof9gDNV05WmkfPj-rMDZDeinxWGGxNH4nfAQ9l5vCDkXWgNg9ueKA9B3R9Zmoes1guuH7MPIBxTHLAtS6hJcirhBo_JJQWLn6BEyeRal9AJUulDCxp3vMnfJw-gwQ3qaAXmoZpeBkBJZN0F0IWgTd7azSP0LqXn6zL5PjV4kRKBJiEpDEPv_fbEmYgg85tJqkSejIisCCWo_nYBnWkpBmDPsYuM-TRKzOd2P8K1gwYr6rhHMgZ2tJLJfhgTSRQNiMIJ-9nXD5UzhbnlZgdB448xS6LE0jj6PLsDEm212M18cVnP4tRdPfr_dunUWM3WPDHoWxf5PxfYCrdMuSiPXTR_Ja0i0X8c9eUuz05h4LMBXulJQDLr49UeYNOgwBpa0XfczbT0PDhcUp3Cy7HrqOKtsq8pesXYVNAZRbym6IKn0iWcjHnY9HKwAn2ietGFo4BIW0WJAPs_BZum0OsCb_gRPMNO-x_axMYOlUt5_muhg9F64gRkshTubKD4BvJLXD-sf26gooOdJmjked_VMlZju9pxqxFgV7Y68KVtNaiKsQJDWmfVYqTNQ0TK7yq0jB66EITqzl8w_Si1ID1S7jJtbNshULOdSddIMtzWPiO-Gc2kqw7mBBswluJBoUGyVaT6JfVvt0f9IdezHtebGEhF1slGUY2wLUNc2j64dWN7qoV0bu3RTUa3d5jMYp435HPxV7EXlA8Vsfhh_MYcrNRpgXDPlIpihqxANv5M6ikYGF6_Mskt8lrJSTD--RMMsEI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 zdnet+975b9e61-4f11-42a2-847e-a9c87ca1093e.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 2 MB
2 MB 7ms
7ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+975b9e61-4f11-42a2-847e-a9c87ca1093e.png
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/141b7a-fly/js/main.default.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 8049bf2ffa3e5210167d6ffdcd9b0cf3ac86fcfb27c55142f616b785eb2163af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:52:59 GMT
via: 1.1 varnish, 1.1 varnish
age: 141
x-guploader-uploadid: ADPycdsidMkuCyjAWND6isoiojU_Y89hGdDO8092aDzQwEArym2jyb_m4o-5hoolaEXofcGjb5ozC9bsUhrpHknPrzo
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 1, 1
content-length: 2245784
x-served-by: cache-chi21148-CHI, cache-fra19156-FRA
last-modified: Mon, 22 Nov 2021 15:18:21 GMT
server: UploadServer
x-timer: S1637733180.725026,VS0,VE0
etag: "524a4e753ba91dfbc80e260f815ed822"
x-goog-hash: crc32c=lUVklA==, md5=UkpOdTupHfvIDiYPgV7YIg==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:50:37 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5DEE 0
20 B 29ms
29ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BxFnfO9OdYdPmAZSMlQe2irY4AAAAADgB4AQC&bg=!aWqlai7NAAZQLpa_UC47ACkAdvg8WtBennhOfihz0HQ3DzZ2LQkAQlajjq4xlpq9Z2xhyakNUXxYVAIAAAElUgAAAA1oAQcKAEGU253NqXEBLHB9Mis_tn_V9ZrsXDZu4GWaWpORO9CLu4qx5uUA2S16DGy0Q6Y_aeUaGRfPES45o0mRB6CXufk3UZkC0CcL4gyZWOkxiALpcnwg6Q1Ctw_mLI3xrddI67ZFXb6wAmBgH-bFEICwIdwVNFT-HdY5sk4UsJljkYKFCRwgUnRBOcglS0JlSVPIw1kqHp2RjaGSCSMmvCWu7OJxajs9-kd-dGKCrHNxL5d2YvWy0kvTnAj1wn___I_-29TadqeQ_fB5GAQ-XKI-ssZIjF5TnmFcAJqTwck9x08tKhPutP3Yl3k-ni9fpn4VXeUGF0J7PMWm7j8s-DXpJ1mU0GYy4G26piqzf__RCoGSE_Q3UuDhyt5eNsb6Uuig6NQox8qKti2hYYgt41otqeqsfTPOla6SEMAejTdCAMHzNbs1Y1qIHztC1_sgtAEXpLW3If7Nh-574aPW8AeWFrWbweM863SoYDgD3N8L2QtiZNt0rOOm79h8sPxOM72aAwZ1TEx3omuBCZohiB104-NcJJBVSHmvCiXN9uD6daUSxVMvHQDFppvjCwf-ZfsS7fkPJNOmc3V6cKybJhgRr-1nacbKef2XVG71kwLeE1Tcndq55USuUAN_hODesogdCyZkqGfhpaSPjt3xK6SBmKEBDmwqMYTWCieGwhuBBryxH7xCOv19LCBxw8pGjciMc4LrzGAFooqN0_6pBwZyc-5ER_s8z_GaG7BI3EYwbmthFkkNDNYz7hnzLqqu8zv1aok2RbmxP1kEi8Sr282NzrkQK0CfgE0ow92lBjFlYX9r1RzW4LPw5JTeu1f_YlJbR3iKuMtcmOZavh9AT9YZ_EKnn_UieWvd1-VOw_C8wE9RK-6Irdxdc3eYs7CVQlcASrcC9ZtH_AiZyDkwuE75oxuA9IA_-a3kzEnxLbOfLfRaywZMNZdJ4koyXDaqRKVJEgDDo0nT9JG9kZWSwl5Iz-MNI8m84AJTqDxAEdDSf_VPUict-k3xNVysgvivpQHhFkh1xI1VTV9KN0WKfSIYYaM4bEsfYw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F4D4 0
20 B 30ms
29ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=2435311087747591&bg=!JSalJmLNAAZQLpa_UC47ACkAdvg8Wkq-g1cfjUyw-wmEpmyWnWH0a6oxNOkBvkICYEeW4bmgF03lUgIAAAEWUgAAAAxoAQeZAo7CZm6oHJzBf3k7J6ayG2RhXjT-jzTDGxHeG0XkQrVUgxeW34pbnmV9DrNv3iEhO9DulEZY9hmVPbY-ljQvS8GmLYDCmdBQojP8cXcu8JD6KxRO5q0L1N1-g4qI9nAaju-37GWIXvcMQXZ3cT9D_vGXJafo_VUQlSTP8IlfqeVFZ_VRA619TBYhGKR0OYkun-yNsX0aRd2mJK9k0jsXpGXu7g6tbbOiN0ihJ-3cWZNok9XAOEi5nnfRzi7BLZvd3hDkwKLbIbNOBCFnMEXFzMRJW6UUu0_fVXsouA9_3ShPAoQtuqOOwP53pSOUc3n8PhNL5PnH-Nyk3CUCvRgvyEHU6F6CUPilgsQUdTj5eVcfCH2YhweL_5Pwy8PmD8iD898uR0v25Lk5Yq5oknNpK-IBh3i1WLXSYLknkh3BU-yNUa0KO_nKgEesHE6UjZTPLzQYDkYyv-yHuD-i_YcuOQEy2NnBD1Mi1JK_ve8Q9Sazjl-kbsVHB0ZVGOIqUmp2m0Y18qgbB-UalBSk6oPDbzWNoXV-2RYxrxJf0lSSpbCRw1wIV5EtuTPePN2CTLct_YdJtc8sz8A1Xd2Kh8ukDWHjEz_ip50b-FjW3YJJwz1rZABsl2Kvww64s6xEGLaWi2YmvBMLkzeQ8oJ1ayxicAl_0McISh9bLWOBk9SnjKAFBMV2jsqTUuTk6FiuutjpcJm_1xNB5x8ppW3QFpB-Mnq4oHQLJ3xpdpGeFBfzAv_IGF1dCyNVtpR3oDpVlGiM-ZlRhL-_uatqZhAzj8fS9mK_RRMDXhHnxn0UL6XsFi_Ht4F52Xffko3kqTKiXPlDAKjgbAcXMu4Y-85DoF6XPJByUCYDPOT6_sAw8ez6M44

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 10ms
10ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=nav&zMoatvguid=-&zMoatptype=-&zMoatsl=nav-ad-plus-leader%3FT-1000&g=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733178058&de=232761718021&cu=1637733178058&m=1874&ar=7829d9c2dd3-clean&iw=49869aa&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3950&le=1&lf=128&lg=1&lh=88&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=1&ag=1004&an=119&gi=1&gf=1004&gg=119&ix=1004&ic=1004&ez=1&ck=1004&kw=920&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1004&bx=119&ci=1004&jz=920&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=920&cd=237&ah=920&am=237&xd=00&rf=0&re=1&ft=762&fv=0&fw=762&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=4&jm=-1&tc=0&fs=195814&na=1867402275&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 7ms
6ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=920&tet=1004&fi=1&apd=1122&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1637733178058&r=232761718021&t=iv&os=1&fi2=0&div1=1&ait=762&gpt_target_pos=nav&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=nav-ad-plus-leader%3FT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Fsecurity&bedc=1&q=5&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 83A8 42 B
64 B 29ms
29ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu-Ezo_I9D3IVUjb83nZj2c6JIGVe4M88tMcdb6zumwW5Asi86X6t0RSvjDrs9Kgdz198SJrGejgVQsw_FtTI10hbx5e8eAtkfwBkn5ioEOdgYB2NdvjQ&sai=AMfl-YSRtuL9DDxUnXJzh82zvN4OdJFjHSvFjbswoVhF7aRSWJZcr6iOGiZdQwide_97iBbAEwHDcgziC8izeOnYadqTzZzTCbWrByWuDwp_GU3gjNWpmLWGtkneTIYdYMQ&sig=Cg0ArKJSzGB6_zqOmQbwEAE&id=ampim&o=436,5&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=266&tls=1267&g=100&h=100&tt=1267&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=3846852823

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
7ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=nav&zMoatvguid=-&zMoatptype=-&zMoatsl=nav-ad-plus-leader%3FT-1000&g=2&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733178058&de=232761718021&cu=1637733178058&m=1875&ar=7829d9c2dd3-clean&iw=49869aa&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3950&le=1&lf=128&lg=1&lh=88&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=1&ag=1004&an=1004&gi=1&gf=1004&gg=1004&ix=1004&ic=1004&ez=1&ck=1004&kw=920&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1004&bx=1004&ci=1004&jz=920&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=920&cd=920&ah=920&am=920&xd=00&rf=0&re=1&ft=762&fv=762&fw=762&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=4&jm=-1&tc=0&fs=195814&na=799998613&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
7ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=nav&zMoatvguid=-&zMoatptype=-&zMoatsl=nav-ad-plus-leader%3FT-1000&g=3&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733178058&de=232761718021&cu=1637733178058&m=1875&ar=7829d9c2dd3-clean&iw=49869aa&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3950&le=1&lf=128&lg=1&lh=88&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=1&ag=1004&an=1004&gi=1&gf=1004&gg=1004&ix=1004&ic=1004&ez=1&ck=1004&kw=920&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1004&bx=1004&ci=1004&jz=920&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=920&cd=920&ah=920&am=920&xd=00&rf=0&re=1&ft=762&fv=762&fw=762&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=4&jm=-1&tc=0&fs=195814&na=1692985418&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:52:59 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:52:59 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A2BC 42 B
64 B 30ms
30ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstDUVlMiQZbeRsXFHH00OoDfbAli0kOJJFJ8R1OoOIrNQQFyI704KhC6s0WHmXAVvWq5_-MFLWJCJV4wjMkqDl3v22yYWtF49n5WfhqCNwC39-4IrgOVg&sai=AMfl-YRETBz3o3jCSZou9Aj7VKE79MeCTsjUGyNtVru_IJ1MG97ARVSAFg04hMQgG8AeTrxOGwolBirChbHZXhUjyGw6A6IAtOLB4q5NfRff4oiH4Bh6GRjqaa6fPuG0WzQ5&sig=Cg0ArKJSzJZIjVD8uSILEAE&cid=CAASFeRooZjkRck_tqfRg6sdyyDKDNJ0UA&id=lidar2&mcvt=1001&p=422,1050,1022,1350&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=36326968&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637733178712&rpt=608&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:53:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
7ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=top&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-plus-top%3FLL%7CT-1000&g=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=600&w=300&rm=1&fy=1050&gp=421.796875&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733178058&de=916876599163&cu=1637733178058&m=2284&ar=7829d9c2dd3-clean&iw=49869aa&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=421.796875&lb=3950&le=1&lf=128&lg=1&lh=88&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=1&ag=1173&an=76&gi=1&gf=1173&gg=76&ix=1173&ic=1173&ez=1&ck=1173&kw=1048&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1173&bx=76&ci=1173&jz=1048&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1048&cd=152&ah=1048&am=152&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=findIframeAds&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=4&jm=-1&tc=0&fs=195814&na=739023846&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:53:00 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:53:00 GMT

GET
H2 200 pixel.gif
redventuresgamheader644747280705.s.moatpixel.com/ 43 B
260 B 7ms
7ms Image
image/gif 184.30.25.161
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redventuresgamheader644747280705.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1048&tet=1173&fi=1&apd=1249&ui=0&uit=0&h=0&th=-1&s=0&ts=-1&bfa=0&d=zdnet.com&L1id=5024496911&L2id=2870786075&L3id=5718138840&L4id=138352803033&S1id=aw-zdnet&S2id=security&ord=1637733178058&r=916876599163&t=iv&os=1&fi2=0&div1=1&ait=0&gpt_target_pos=top&gpt_target_vguid=-&gpt_target_ptype=-&gpt_target_sl=mpu-plus-top%3FLL%7CT-1000&fullAdUnitPath=%2F22309610186%2Faw-zdnet%2Fsecurity&bedc=1&q=5&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.161 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-161.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:53:00 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:53:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
7ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=top&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-plus-top%3FLL%7CT-1000&g=2&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=600&w=300&rm=1&fy=1050&gp=421.796875&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733178058&de=916876599163&cu=1637733178058&m=2285&ar=7829d9c2dd3-clean&iw=49869aa&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=421.796875&lb=3950&le=1&lf=128&lg=1&lh=88&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=1&ag=1173&an=1173&gi=1&gf=1173&gg=1173&ix=1173&ic=1173&ez=1&ck=1173&kw=1048&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1173&bx=1173&ci=1173&jz=1048&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1048&cd=1048&ah=1048&am=1048&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=findIframeAds&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=4&jm=-1&tc=0&fs=195814&na=572185510&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:53:00 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:53:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
7ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=top&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-plus-top%3FLL%7CT-1000&g=3&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=600&w=300&rm=1&fy=1050&gp=421.796875&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733178058&de=916876599163&cu=1637733178058&m=2286&ar=7829d9c2dd3-clean&iw=49869aa&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=421.796875&lb=3950&le=1&lf=128&lg=1&lh=88&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=1&ag=1173&an=1173&gi=1&gf=1173&gg=1173&ix=1173&ic=1173&ez=1&ck=1173&kw=1048&aj=1&pg=100&pf=100&ib=0&cc=1&bw=1173&bx=1173&ci=1173&jz=1048&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1048&cd=1048&ah=1048&am=1048&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=findIframeAds&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=4&jm=-1&tc=0&fs=195814&na=1821703432&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:53:00 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:53:00 GMT

POST
H/1.1 204
No Content /
684dd32d.akstat.io/ 0
354 B 45ms
31ms Ping
image/gif 2a02:26f0:6c00:2b9::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://684dd32d.akstat.io/

Requested by

Host: c.go-mpulse.net
URL: https://c.go-mpulse.net/boomerang/YZ2TK-PC7PJ-K64DL-L53CR-P2G4E

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 24 Nov 2021 05:53:01 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.zdnet.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-XSS-Protection: 0
Expires: Wed, 24 Nov 2021 05:53:01 GMT

GET
H2 200 zdnet+d304247f-2b3d-4c25-8b8c-bcbc70746371.png
media-mtml.mt.rvapps.io/image-assets/zdnet/ 15 MB
15 MB 7ms
7ms Image
image/png 2a04:4e42:4d::666
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media-mtml.mt.rvapps.io/image-assets/zdnet/zdnet+d304247f-2b3d-4c25-8b8c-bcbc70746371.png
Requested by: Host: www.zdnet.com
URL: https://www.zdnet.com/a/fly/141b7a-fly/js/main.default.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:4d::666 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 616703a71f22c0bb9c93b909921929109c7fb6584ff0f8c2827658c26cd6b9bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:53:03 GMT
via: 1.1 varnish, 1.1 varnish
age: 222
x-guploader-uploadid: ADPycdsX8AouOMh9L50tz-D9nVXVYMrYgmMW51X9-k_0Rm0PjSeEI1WLSE38tjxVK_e4JDsVfrBqdntUu4KrWoBakqY
x-cache: HIT, HIT
x-goog-storage-class: REGIONAL
x-cache-hits: 0, 0
content-length: 15539974
x-served-by: cache-chi21149-CHI, cache-fra19156-FRA
last-modified: Fri, 19 Nov 2021 11:08:14 GMT
server: UploadServer
x-timer: S1637733183.177700,VS0,VE0
etag: "a6c51aaca86faf3575f9d0cdf7796f69"
x-goog-hash: crc32c=eSyA9w==, md5=psUarKhvrzV1+dDN93lvaQ==
content-type: image/png
cache-control: private, max-age=0
accept-ranges: bytes
expires: Wed, 24 Nov 2021 05:49:21 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
7ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=nav&zMoatvguid=-&zMoatptype=-&zMoatsl=nav-ad-plus-leader%3FT-1000&g=4&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=90&w=728&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733178058&de=232761718021&cu=1637733178058&m=5909&ar=7829d9c2dd3-clean&iw=49869aa&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3950&le=1&lf=128&lg=1&lh=88&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=1&ag=5039&an=1004&gi=1&gf=5039&gg=1004&ix=5039&ic=5039&ez=1&ck=1004&kw=920&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5039&bx=1004&ci=1004&jz=920&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=4956&cd=920&ah=4956&am=920&xd=00&rf=0&re=1&ft=4797&fv=762&fw=762&wb=2&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=5&jm=-1&tc=0&fs=195814&na=218448599&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:53:03 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:53:03 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
7ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=middle&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-middle%3FLL%7CT-1000&g=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=250&w=300&rm=1&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733178058&de=818009599928&cu=1637733178058&m=6311&ar=7829d9c2dd3-clean&iw=49869aa&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3950&le=1&lf=128&lg=1&lh=88&ch=0&vv=1&vw=1%3A0%3A0&vp=0&vx=0%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&aj=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&dj=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5108&cd=33&ah=5108&am=33&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&jk=3&jm=-1&tc=0&fs=195814&na=2064781387&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:53:04 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:53:04 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
7ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=top&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-plus-top%3FLL%7CT-1000&g=4&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=600&w=300&rm=1&fy=1050&gp=421.796875&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733178058&de=916876599163&cu=1637733178058&m=6312&ar=7829d9c2dd3-clean&iw=49869aa&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=421.796875&lb=3950&le=1&lf=128&lg=1&lh=88&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=1&ag=5200&an=1173&gi=1&gf=5200&gg=1173&ix=5200&ic=5200&ez=1&ck=1173&kw=1048&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5200&bx=1173&ci=1173&jz=1048&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5075&cd=1048&ah=5075&am=1048&xd=00&rf=0&re=0&wb=2&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=findIframeAds&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=5&jm=-1&tc=0&fs=195814&na=1975079340&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:53:04 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:53:04 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
7ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&wf=1&ra=1&pxm=&sgs=3&bo=22308610192&bp=22383746382&bd=undefined&zMoatNotCnet=true&zMoatPT=Not%20Specified&zMoatFT=Not%20Specified&zMoatSZ=300x250&zMoatPS=Not%20Specified&zMoatSZPS=Not%20Specified&zMoatPTAT=Not%20Specified&zMoatPTATSECT=content_article&zMoatAType=content_article&zMoatTest=zdnet&zMoatAB=content_article-zdnet&vb=6&kq=1&lo=0&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_DISPLAY1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=0&g=1&hq=0&hs=0&hu=0&hr=0&ht=0&dnt=0&h=250&w=300&fy=0&gp=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733179163&de=432206890530&cu=1637733179163&m=5375&ar=b4494b788bb-clean&iw=5b2ce75&cb=0&ym=0&rd=1&ll=2&lm=0&ln=1&r=0&dl=0&dn=0&gh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=3950&le=1&lf=0&lg=1&lh=36&gm=1&io=1&ch=0&vv=1&vw=1%3A3%3A0&vp=0&vx=0%3A0%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=0&ag=0&an=0&gf=0&gg=0&ix=0&ic=0&aj=0&pg=0&pf=0&ib=1&cc=0&bw=0&bx=0&dj=0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&cq=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=1%3A1%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5169&cd=6&ah=5169&am=6&xd=00&rf=0&re=0&wb=1&cl=0&at=0&d=5009920773%3A2848205265%3A5677026463%3A138355023537&gw=redventuresgamdisplay60805146916&zMoatOrigSlicer1=22308610192&zMoatOrigSlicer2=22383746382&dfp=0%2C1&la=22383746382&zMoatW=300&zMoatH=250&zMoatMMV_MAX=na&zMoatSlotId=mpu-bottom&zMoatCURL=zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks&zMoatDev=Desktop&zMoatDfpSlotId=mpu-bottom&hv=Standard%20Image%20Ad%20finding%20&ab=1&ac=1&fd=1&kt=strict&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&jk=3&jm=-1&tz=mpu-bottom&iq=na&tt=na&tu=&tp=&tc=0&fs=195602&na=1204922770&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:53:04 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:53:04 GMT

GET
H2 200 pixel.gif
px.moatads.com/ 43 B
260 B 7ms
7ms Image
image/gif 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=1&hp=1&zMoatAdUnit1=aw-zdnet&zMoatAdUnit2=security&wf=1&ra=3&pxm=&sgs=3&vb=6&kq=1&lo=1&uk=null&pk=1&wk=1&rk=1&tk=0&ak=-&i=REDVENTURES_GAM_HEADER1&ol=0&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5BvmjrG%3DH%3C%5B*C%24MRH%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-1SJH-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=1%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-R2Uyp4lKfRkj2QMKvovmHE5i7dy8ZWS4aztFOewYCG7c8eOm5Kk0%2FX%2FtDJ5WspFf7egP&rs=1-0muc80RvHSbFpA%3D%3D&sc=1&os=1-KA%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&qr=0&url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&pcode=redventuresgamheader644747280705&rx=952852551145&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&vf=1&vg=100&bq=11&zMoatpos=top&zMoatvguid=-&zMoatptype=-&zMoatsl=mpu-plus-top%3FLL%7CT-1000&g=5&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&h=600&w=300&rm=1&fy=1050&gp=421.796875&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&id=1&ii=4&f=0&j=&t=1637733178058&de=916876599163&cu=1637733178058&m=6659&ar=7829d9c2dd3-clean&iw=49869aa&cb=0&rd=1&ll=2&lm=0&ln=0&gh=1&xx=undefined%3A875484570224&td=1&lk=421.796875&lb=3950&le=1&lf=128&lg=1&lh=88&ch=0&vv=1&vw=1%3A0%3A0&vp=100&vx=100%3A-%3A-&pe=1%3A1615%3A1615%3A2575%3A1634&as=1&ag=5547&an=5200&gi=1&gf=5547&gg=5200&ix=5547&ic=5547&ez=1&ck=1173&kw=1048&aj=1&pg=100&pf=100&ib=0&cc=1&bw=5547&bx=5200&ci=1173&jz=1048&dj=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5276&cd=5075&ah=5276&am=5075&xd=00&rf=0&re=0&wb=2&cl=0&at=0&d=5024496911%3A2870786075%3A5718138840%3A138352803033&bo=aw-zdnet&bd=security&gw=redventuresgamheader644747280705&zMoatOrigSlicer1=undefined&zMoatOrigSlicer2=undefined&zMoatAType=content_article&zMoatTest=zdnet&hv=findIframeAds&ab=2&ac=1&fd=1&kt=strict&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&jk=5&jm=-1&tc=0&fs=195814&na=1694246271&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Nov 2021 05:53:04 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Nov 2021 05:53:04 GMT

Verdicts & Comments Add Verdict or Comment

153 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

38 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks	1970-01-19 22:56:56	Name: pv Value: 1
www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks	1969-12-31 23:59:59	Name: zdnet_ad Value: %7B%22type%22%3A%22gpt%22%2C%22region%22%3A%22aw%22%2C%22subses%22%3A%225%22%2C%22session%22%3A%22b%22%7D
.zdnet.com/	1970-01-19 22:57:07	Name: nemo_highlander Value: related_rr:1:b
.zdnet.com/	1970-01-19 23:05:37	Name: fly_geo Value: {"countryCode": "de"}
.zdnet.com/	1970-01-19 23:05:37	Name: fly_device Value: desktop
.zdnet.com/	1969-12-31 23:59:59	Name: fly_preferred_edition Value: eu
.zdnet.com/	1969-12-31 23:59:59	Name: fly_default_edition Value: eu
.spotify.com/	1970-01-20 07:41:09	Name: sp_t Value: 2b23fe7f272e986ee66bc0d75833d3af
.spotify.com/	1970-01-19 22:56:59	Name: sp_landing Value: https%3A%2F%2Fopen.spotify.com%2Fembed-podcast%2Fepisode%2F33NSP2nYaXmvXSC8QLnpnS
.zdnet.com/	1970-01-20 07:41:09	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Wed+Nov+24+2021+05%3A52%3A57+GMT%2B0000+(GMT)&version=6.20.0&hosts=&consentId=2e0b692f-2582-4eb0-87f2-17c5295df808&interactionCount=0&landingPath=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fthese-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks%2F&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
.zdnet.com/	1970-01-19 23:38:45	Name: arrowImp Value: true
.zdnet.com/	1970-01-19 23:38:45	Name: arrowImpCnt Value: 1
.zdnet.com/	1969-12-31 23:59:59	Name: zdnetSessionStarted Value: true
.zdnet.com/	1970-01-19 23:38:45	Name: zdnetSessionCount Value: 1
.www.zdnet.com/	1970-01-20 16:26:45	Name: chsn_cnsnt Value: tglr_ref%2Ctglr_req%2Ctglr_sess_id%2Ctglr_sess_count%2Ctglr_anon_id%2Ctglr_tenant_id%2Ctglr_virtual_ref%2Ctglr_transit_id%2Cchsn_dcsn_cache%2Cpmpdid%2Cpmpredirected%2Cpmpredir%2Cfuseid%2Ccohsn_xs_id%2Cchsn_auth_id%2ChashID%2CetagID%2CreinforcedID%2ChttpOnlyID%2CfpID%2CflID%2Ctglr_smpl%2Ctglr_reinforce%2Ctglr_gpc_sess_id%2Ctglr_hash_id
.www.zdnet.com/	1970-01-20 16:26:45	Name: tglr_tenant_id Value: src_1kYsAcdpfzbZ8UlNLYht1RPg3m2
.www.zdnet.com/	1970-01-19 22:55:34	Name: tglr_sess_id Value: fc3e7592-3b70-43ff-82b8-03d4d757813a
.www.zdnet.com/	1970-01-20 16:26:45	Name: tglr_sess_count Value: 1
.www.zdnet.com/	1970-01-19 22:55:34	Name: tglr_req Value: https://www.zdnet.com/article/these-ransomware-crooks-are-complaining-they-are-getting-ripped-off-by-other-ransomware-crooks/
.www.zdnet.com/	1970-01-19 22:55:34	Name: tglr_ref Value:
.www.zdnet.com/	1970-01-20 16:26:45	Name: tglr_anon_id Value: 79e80b4f-4ac9-4e03-a4b0-137c08c9eb9b
.cohesionapps.com/	1970-01-20 16:26:45	Name: cohsn_xs_id Value: 4b94c3f5-6452-41b3-8f20-abaedd8c6f34
.www.zdnet.com/	1970-01-20 16:26:45	Name: cohsn_xs_id Value: 4b94c3f5-6452-41b3-8f20-abaedd8c6f34
www.zdnet.com/	1969-12-31 23:59:59	Name: viewGuid Value: cc8f261d-f599-4a03-9f72-b6f808059d4d
.doubleclick.net/	1970-01-20 08:17:09	Name: IDE Value: AHWqTUm8BWsVjEn4ep94IjjEKS_CN-g7okDgVNmk1PjgHWf_xa_cBExOUm0CcpwPohQ
.zdnet.com/	1969-12-31 23:59:59	Name: fly_session Value: dc99b4825192d0ff4fd5aeaea364ab96
www.zdnet.com/	1970-01-20 07:41:09	Name: _mfuuid_ Value: dcc2f45f-4037-4541-9749-df0bb43a9ead
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 1fe0c4ddeb5e33dc
.doubleclick.net/	1970-01-19 22:55:36	Name: DSID Value: NO_DATA
.zdnet.com/	1970-01-20 08:17:09	Name: __gads Value: ID=8edac2c33945b848:T=1637733178:S=ALNI_MbjjvZbg_VDQJW0ZFpFOnOcXulU4Q
.casalemedia.com/	1970-01-20 07:41:09	Name: CMID Value: YZ3TO5TNOkfnInbOxuEpwAAA
.casalemedia.com/	1970-01-20 01:05:09	Name: CMPS Value: 5236
.adnxs.com/	1970-01-20 01:05:09	Name: uuid2 Value: 9143825594608693656
.casalemedia.com/	1970-01-20 01:05:09	Name: CMPRO Value: 1124
.casalemedia.com/	1970-01-19 22:56:59	Name: CMST Value: YZ3TO2Gd0zsA
.casalemedia.com/	1970-01-20 07:41:09	Name: CMRUM3 Value: 2d619dd33b2760CAESEBZdwcLUoFn5nk-XHSl_ppo
.adnxs.com/	1970-01-20 01:05:09	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In?gj)=-!]tbPl1M>e)ZlrFUfJ+tGXxo3XTN7jXV[UBX4A03UHs?=bXb3kc?32NmlA!%bpRzqF1`b`y*<>i2
.zdnet.com/	1970-01-19 23:05:37	Name: RT Value: "z=1&dm=zdnet.com&si=80e28179-f6dd-4dcc-a80d-2a07f46aafc9&ss=kwd41px9&sl=1&tt=38m&bcn=%2F%2F684dd32d.akstat.io%2F&ld=40t"

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://open.scdn.co/cdn/build/embed-podcast/embed-podcast.080462ed.js Message: It is recommended that a robustness level be specified. Not specifying the robustness level could result in unexpected behavior.
other	warning	URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.
javascript	warning	URL: https://open.spotify.com/embed-podcast/episode/33NSP2nYaXmvXSC8QLnpnS Message: The resource https://open.scdn.co/cdn/fonts/spoticon_regular_2.d319d911.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .zdnet.com .ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5e8d489c0db6ff75e43f102cf0229f29.safeframe.googlesyndication.com
684dd32d.akstat.io
a.myfidevs.io
adservice.google.com
adservice.google.de
apresolve.spotify.com
at.adtech.redventures.io
bam-cell.nr-data.net
c.go-mpulse.net
c3f880c0debda323957a9a6827b2dcfb.safeframe.googlesyndication.com
cdn.ampproject.org
cdn.cohesionapps.com
cdn.cookielaw.org
cm.g.doubleclick.net
confiant-integrations.global.ssl.fastly.net
dsum-sec.casalemedia.com
edt.computerworld.com
geo.moatads.com
geolocation.onetrust.com
gew1-spclient.spotify.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i.scdn.co
ib.adnxs.com
ingest.make.rvapps.io
js-agent.newrelic.com
mb.moatads.com
media-mtml.mt.rvapps.io
o22381.ingest.sentry.io
open.scdn.co
open.spotify.com
pagead2.googlesyndication.com
protected-by.clarium.io
px.moatads.com
redventuresgamdisplay60805146916.s.moatpixel.com
redventuresgamheader644747280705.s.moatpixel.com
s0.2mdn.net
securepubads.g.doubleclick.net
static.myfinance.com
taggy.cohesionapps.com
tpc.googlesyndication.com
urs.zdnet.com
www.google.com
www.googletagservices.com
www.myfinance.com
www.zdnet.com
z.moatads.com
142.250.185.130
142.250.186.162
142.250.186.98
143.204.98.115
143.204.98.91
151.101.129.194
151.101.130.137
151.101.2.154
162.247.243.147
18.132.26.114
18.194.83.218
184.30.25.161
23.218.208.246
23.218.209.154
2600:1901:0:524d::
2600:1901:1:5ca::
2600:1901:1:c36::
2606:4700:10::6814:b944
2606:4700::6810:9440
2a00:1450:4001:801::2006
2a00:1450:4001:802::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::2004
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a02:26f0:6c00:1b8::11a6
2a02:26f0:6c00:2b9::11a6
2a04:4e42:4c::666
2a04:4e42:4d::666
2a04:4e42:62::760
2a06:98c1:3121::15
3.224.13.241
34.120.195.249
34.120.203.121
34.199.156.235
37.252.172.250
52.31.222.185
54.172.4.218
0025565f0cddfceb7ebdbc4b21d2552c894998e443153f97a6e8b353dfd9bebd
015ee8ec161c06f6d9bc6f6fea95e231c9a398fcf4887fcfaf0b04b9aef18482
04fee3a67f6851eb7cec163c11659e3bebf8464bf87a07092c1ef515acb3db43
0623a076fb168368601401c17858f456aa86bafb3884e15d6648d7cb41ad24f0
072b0c7bb6daee67db911f435732cb9ac19a5e38712f94cdac3947c5d42f9907
09b7e154a6de581604a07101c31996e36d2f20e839388106751f58f0215feb0d
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0a830965bf0ca79c75b43b1daac3fd85af97805d62d551b7773792b2a9eac461
0ab0291ca39c119635b19fbbc79468965640d338486f843f6682572271144b63
0b19d7b02efa2e63180e064f2801718bccb6fd3c2c307ee41110e21e2e4ad390
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d67f64f9f7ececd08775df9f1c58efc8f27b1ddae48135e2620053361e2d9d6
0d9d24791c61488cd4a54f9cee52698874350e964115e5943277421987f682b3
0f23aaa9d0fec5942a9907b88ad801ff3eff3abede69bf286d869061201c67fe
12717f96c61a500136a8564d666db9b960869a71dd3176a438b53fb08be5c7bb
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12edaf893a6d73bfce58b4177d81eed6bd8b68c8bf5aa5e5420a4f62c18fff70
15fc6da0c56525b38a69504e4d5e73d1126290aff814150c4468d303a73bc727
175705b83ff0c8efb4604276f6b5927ac987468691d5a84f752ad88615d0b1c8
1b94f9074fc2ef1b63132fc70fe244cc5d5322e5982a80b6273a45a935ae335f
1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47
1fc07a23bd87702781a36b928724b15f02c5cccb90dee8c6e9f521371194d843
203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51
20fa717cc6fa466e1676f24fa682ffc8bc96d1d99693e5082a520013a1a73d43
21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a
23262095f03ab8331ab0005acb9bc8f3bc673eade8566b3849cd268f57f7da01
245fa809aa43b27d3fe006d71779fe9ddbb79e0d1a566345f3bc480cb59cbe50
286e70755d7f3c992160491acef1df053f7e75eef6d90cda72e1caee6ac69b0c
291b6cbb804bb20f7890e28244a22e48cb72fb0d89df5613e22e5c2159dca03e
295c66c14524b77dd1271317457dec037b5ef0943da346b9b73681e54da826e0
2c125e6a12e3dd1d1d1aec93292e90fb3c28f36646a954402702b1d9c25175b1
2dc91694a96185f5d4f7e961d518959456449fe2c90dd5c24d4dd9bf890e1e58
30b526cdb42975c4c512d1806f764613cef1536b18dce916fd9cb64c74b83705
32a440354dfaafff8c9036af59dca85182cbfed5d474f01d58b716d01617a19f
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
364e9fa8e5ebd2723bceb6ad16241c713dbf20df34f4694041995de5b499eca3
36cc65361d34b88795a2c35fe43c9ce69ef4bcb08b1e914ea15feebffbf6f253
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
379abf770763f68460fa9a36a3631e76463ea3465573904b68f3d4a04b2799c9
379b0b87a8d5f2d6ab3e2d641c6ac0ab7cbaf49ba1b83a8ab610c66879240263
3c2c275622093f9012768ff2e30be9dafee750f18b0938feacb193559db34ebd
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b88af3e9d8d55fb2196fb9e22209ff4a5ac841fc22e7b271cf4e766b88c750d
4d28ef207bb4632ddeeea48a8c888699a598a74cac1a2fe98050f96c65d74f43
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
52af5779c84afeb670abb52db5544f8296c40b53d93e0655ce12a8c4f0374079
53bd7793655d078b47da2e0dd784bb15c68ca2b79e0d242ef4f41c5dfa87b0a7
5d44d3b24d8b2e108b687663364c97645d9975ff390dfbfe0d7ed1f22270a2c0
5e152b85a299406269b1042ec40e9367fbcd39d148fcd41f8123daa77d38baa4
5e7f48dd890dbd233f7b8f81e439cadc04280dc08dcd7fe78e12935b8b724ace
616703a71f22c0bb9c93b909921929109c7fb6584ff0f8c2827658c26cd6b9bd
64078cca2ea8a66431fc4858c30a9f021477865a6ea8407aaf0e1a8b52e4cfac
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6965b96e7b7a71a5f93c220862b5ac3397c5c81352ad6b6e47b46a27fb93b4b0
69721aa2f1085046c84d1943a1daa0515be8e2f060c21063024ea117789e425c
6b6ec14346d4c7566c82a17b0085befd5cca4c73a49e8d466180b2f9c0be480e
6c0cd7b80611259d4ccce9165e8b5dd062aad43e3e3e19a404fe967c49795d03
71dfd1a998f325d74006492171de94e1f377554b5704207e6eb0eb673fd02a8f
72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4
742b93db4b4e26a4baf59bdd2705486c7f2e4a89e95fb91776bac54df0a85f5c
758c7d9d726719d14444ed93bfb64d21c84342d6ca479826b1477d7da24b3a14
7fa1c7b1686f9f116183456c39f7b3ed9cce063cfb428e575fe4a29ae05c4fa6
7fbd386a534a28e9d0f78937d580f5a4dbe30977c8ba1add018490c736055513
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8049bf2ffa3e5210167d6ffdcd9b0cf3ac86fcfb27c55142f616b785eb2163af
814f77060325c2cb194b296de9944cbc720009b50476ba341c863f701cf5b402
829c410a6b21a34e4127e1ae45f244189a83493c13712d9e5d98f1d2dc19c3f7
82f947d14a0a198dfe3cec2fde7896f6e332eb798cc193dad8da9ed2225277cd
84c44e5110370931bb95b2149137c73d8139298e122c4fa0a20241de248ddfe0
88b8a3cb9df436d6910440c58428516accee080be4fa556d3cf10ec6905cf1b9
897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
927d604090a5f79c4aa15383b60d7d09070c0856771c95383cf05582e9f280eb
92f36aa91623b9edebbeeaf503ae37d46442e1fb40c1a876f71d474b4699f503
953019716ccefc684078b12cbec0f9cee5345976d141bc17116c42e69edb9495
95783bf43b78701a92daf5ec7268db97c7144599c774821126b8cc5396724bfa
980966f335573e1707efe4b8f15f09e32d39ccee40a2168a86e24cd19698bca1
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
9ad82b38799a2d6ed68e01e4779f831a2990009768c3f40b574c7b9cbf8035c2
9b63621419098edebedcc317da19cf6dad26eb61767ad7dfaed1283024865ee9
9b7909cb9edd007095b41a13617b66208e4210fff9c5e411a7db116efefc8e71
9d5840ff57a1d80ff69ba5204cfbf8b88fa944e7172c0778f6c0d764052cc926
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
9eb90b705b62b01a8a98de7c6f6761e09a6abb1efa48b131cb0f0a46246fb526
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0159d0a73854c0a1c6add96ff1eb3608d011698b319b3709609958ecf9ff06c
a0a97a5a7dc2b30e9a76ff211332f36d435293c19ed91ca1ad6a66adc1dc50cd
a0cc8a3f3f26d60734dab851008489da424a184351a2d1f641a904bbcc37bde2
a103efe93f91cdcc33e0fff93efd2a69e610dcd7c88deb3d4ca1b637603dff94
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a70d5b9ad136255942779acf94da5cc72316fde5c10c5e7707d6f1888f43dcb8
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8a94d42c979e478050545342252366082c4e5f3aeff8dc27bae989a22f6ca34
a8bfbe60462bd90eb25ccc0922eee4bf8dc9e2109b791e06e25a0f89cb5adaa2
a99a83803598dc9a2a3de0a91f9009bcb98a88cd73a0235ec095d82df8cd03d1
afac3a301d848688d0748228296ec7ae26369f67c2df29f3f480ef3ab0bc6ef9
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3577ecaee90e357d364dbb9633426b064227449b74b3732bff062dc5c27057c
ba38b4bd83cc69407d65691feabf17def0db1d68db11304bec7cc6b4ad5c1d16
bb3661ac37cbb213b64eb600c7c30da647babd9a2b2ffdbe5f30830fcebe2cc4
bb852945d8e9ae2dddadccfbce542830d5e86adf940a29239fa2742d6e79e2fb
bd9fa014c438fa34f81e2990c1be7fa5a1d486eecdcf79e1d95bf579599b4189
bed0ee43ba7b026eac291dce97379e04cd8c152528d4f3d1aca1d06e62d3de72
c02cae5b2de27b0f12598ab23cf91b1e0e99dda2821e2d17510497e23093cbe7
c3ab98a11303695462aaa63309ffa207915c6ec8c6f514c6193cfa57c6796d8d
c42352e42783eef20864e5a9c0272fb1a8eecf1e0863a57c2f7d153448e285de
c50d5d10df377bd960648973b53891bfcaf48f457503eed023ad2c29f28e49b2
c6cc3bcc9535b59bf7e2c8cc47f9fc55b35627703e85cb423624ee0bf16ad82c
c754eb3f6d2e4328c48abd1bfaa6c0229175fecf45732e3c08f40efad59f6333
c83de3876b70820a0a835648010dc49a5600d6c3dd65f1a1e19ff44d33663083
cd715c0fa7d69e85432e8b08d0a02b9613edf40212cca2040bde31670167638e
cde330ec06171a14785591eb8d560a7f878a99cd38d895cea33ff4ed8e313f86
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfe46c4a1e7bd682c69583032e5e74a5b4a223bdbf61e6ca7226753119a24167
d61457af7e63fd675585fbf389dd8608a5107b098c99fbf7f452c0774ee3ce60
d625a08618e2b2e50024b402e67a13dd74c3af07ddb255043f1f256b86b737cc
d6dd48ba3cee7a69d470d49b596a39b06520eaac655b5f8216813b3e22b64bc6
d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1
d8ac92284cf98a6cdfa88ffa24027a98f594542fe00062c69c41be1e18b4fff9
d94f311307e974e8551ddddbf9fadce4e3886de34d539becdb153a53fde2ba25
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dccb255c8e32f3dc758d4396911d36422bb63838da6aed74351e679e94f9aa63
de3450b75712ff6900adf144159d25698de8adc14989f342a6b67be749b78760
debf84af8d66827e1cbc6791aa686504e3116d8cb20f4697fef23108333061f8
dfd272053c730cd470302af475eb401d9be41c81f0081c20d7910f6c12732c9d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
ea7373d7059ab32d4304249b48a91311f91d2dce5e1ebf10450f33f9a8c5f5ec
eaf765d314b24473895a9ece61135d31023528c3b65129051b2c5a471d780604
ebba9f268b421648df47ecdeb061ec11f7d47768215cf0fd5e8cbc8bcb5eff95
ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c
ee3e1898d44303624ba59189b20af55cdd046889c43e3837dca84041000ea128
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f146ba8755a3946af03ba1d093e77930785ee4d283048cd746943b82bbf105d6
f249ead44ba5c3ffb9e7ee3e8abb3886bbf91cc68c5dc9864743ba34b49cce43
f3e2e0f12c5badfe408d69bf6c0fa9ce6247f9a45c849851a53b8647637cfcd0
f40e742b5c3fbfe8b422267d62427039ea3fc64f314e0507ad8f9418069b5796
f64749cb42aa13db1f1cd61e690ac9d97a646db3ac06084aeb7ac1e3824cb654
f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a
f93fa3cef5bf93b0a552e9de0130cf801382e69d0b12de6deb64d0e0865181d2
f97926aa27fe2056e80467cdfe9c6bbbc8e628e28467f1bb7c5a4a36a4bfadf4
fa3c2e6e0681eb8d99c0bc06918e317abac8bd4d184290d05d21cf94a490f023
fb7a86f12d2f0ac2f4111c147415ab30f9c7d84c5e15faba3875fce7ce590127
fda8aca3dd49c5fc600f5c6d80a4c1aa125e5863a204dcc78e1a7e564674e024
ff2ae991ac0efdb5ae8b4428ba8555a0aeb0fd94b8014ce290c484242c524097

www.zdnet.com Open in urlscan Pro 2a04:4e42:4c::666 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

255 Requests

98 %HTTPS

48 %IPv6

29 Domains

47 Subdomains

40 IPs

4 Countries

52324 kBTransfer

59643 kBSize

38 Cookies

18 Outgoing links

Page URL History

Redirected requests

255 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.zdnet.com Open in urlscan Pro
2a04:4e42:4c::666 Public Scan

Screenshot
Live screenshot

Full Image

255
Requests

98 %
HTTPS

48 %
IPv6

29
Domains

47
Subdomains

40
IPs

4
Countries

52324 kB
Transfer

59643 kB
Size

38
Cookies

255 HTTP transactions
8 data transactions