urlscan.io logo urlscan.io
SecurityTrails logo

que.com Open in urlscan Pro
192.0.78.250  Public Scan

Go To Rescan Add Verdict Report
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Submission: On September 03 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 25 IPs in 3 countries across 18 domains to perform 128 HTTP transactions. The main IP is 192.0.78.250, located in United States and belongs to AUTOMATTIC, US. The main domain is que.com.
TLS certificate: Issued by R3 on July 12th 2021. Valid for: 3 months.
This is the only time que.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
33 192.0.78.250 2635 (AUTOMATTIC)
1 2a00:1450:400... 15169 (GOOGLE)
8 192.0.76.3 2635 (AUTOMATTIC)
15 2a00:1450:400... 15169 (GOOGLE)
1 3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
14 192.0.77.2 2635 (AUTOMATTIC)
1 18.66.105.35 16509 (AMAZON-02)
9 192.0.77.32 2635 (AUTOMATTIC)
7 2a04:fa87:fff... 2635 (AUTOMATTIC)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
10 2a00:1450:400... 15169 (GOOGLE)
1 192.0.78.33 2635 (AUTOMATTIC)
1 142.250.185.162 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f02... 32934 (FACEBOOK)
2 104.75.88.209 16625 (AKAMAI-AS)
3 2a03:2880:f02... 32934 (FACEBOOK)
1 192.0.78.23 2635 (AUTOMATTIC)
2 4 2a03:2880:f12... 32934 (FACEBOOK)
2 2a00:1450:400... 15169 (GOOGLE)
128 25
33    192.0.78.250 (United States)

ASN2635 (AUTOMATTIC, US)
que.com
1    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
8    192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
15    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
3    2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
14    192.0.77.2 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: i2.wp.com
i2.wp.com
i0.wp.com
i1.wp.com
1    18.66.105.35 (United States)

ASN16509 (AMAZON-02, US)
z-na.amazon-adsystem.com
9    192.0.77.32 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com
s0.wp.com
7    2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)
secure.gravatar.com
1.gravatar.com
0.gravatar.com
2    2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.google-analytics.com
3    2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
10    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.de
1    192.0.78.33 (United States)

ASN2635 (AUTOMATTIC, US)
jetpack.wordpress.com
1    142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net
partner.googleadservices.com
2    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
3    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
2    2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    104.75.88.209 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-209.deploy.static.akamaitechnologies.com
api.pinterest.com
3    2a03:2880:f02d:e:face:b00c:0:2 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
graph.facebook.com
1    192.0.78.23 (United States)

ASN2635 (AUTOMATTIC, US)
public-api.wordpress.com
4    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
Domain Requested by
33 que.com que.com
15 pagead2.googlesyndication.com que.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
9 googleads.g.doubleclick.net pagead2.googlesyndication.com
9 s0.wp.com que.com
jetpack.wordpress.com
s0.wp.com
public-api.wordpress.com
7 i2.wp.com que.com
6 pixel.wp.com que.com
4 www.facebook.com 2 redirects connect.facebook.net
4 i0.wp.com que.com
3 0.gravatar.com jetpack.wordpress.com
0.gravatar.com
3 graph.facebook.com que.com
3 adservice.google.com pagead2.googlesyndication.com
3 adservice.google.de pagead2.googlesyndication.com
3 fonts.gstatic.com fonts.googleapis.com
3 secure.gravatar.com que.com
secure.gravatar.com
3 i1.wp.com que.com
3 www.google.com 1 redirects que.com
tpc.googlesyndication.com
2 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 api.pinterest.com que.com
2 connect.facebook.net que.com
connect.facebook.net
2 ssl.google-analytics.com que.com
2 stats.wp.com que.com
1 public-api.wordpress.com jetpack.wordpress.com
1 1.gravatar.com jetpack.wordpress.com
1 www.googletagservices.com pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 jetpack.wordpress.com que.com
1 z-na.amazon-adsystem.com que.com
1 www.gstatic.com que.com
1 fonts.googleapis.com que.com
0 cdn.api.twitter.com Failed que.com
128 30
Subject Issuer Validity Valid
tls.automattic.com
R3		 2021-07-12 -
2021-10-10		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-08-16 -
2021-11-08		 3 months crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2020-04-02 -
2022-07-05		 2 years crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
z-na.amazon-adsystem.com
Amazon		 2020-12-12 -
2022-01-10		 a year crt.sh
*.gravatar.com
Sectigo RSA Domain Validation Secure Server CA		 2020-08-14 -
2022-11-16		 2 years crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
*.wordpress.com
Sectigo RSA Domain Validation Secure Server CA		 2020-08-12 -
2022-11-14		 2 years crt.sh
*.googleadservices.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-06-13 -
2021-09-11		 3 months crt.sh
*.pinterest.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-26 -
2022-08-05		 a year crt.sh
*.googleusercontent.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-08-16 -
2021-11-08		 3 months crt.sh

This page contains 16 frames:

Primary Page: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Frame ID: 4C20F0E202E4B4A2D59C0594093791A0
Requests: 102 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/zrt_lookup.html
Frame ID: D7B5A67868EB5D05D26951F67A90247A
Requests: 1 HTTP requests in this frame

Frame: https://jetpack.wordpress.com/jetpack-comment/?blogid=84971211&postid=45997&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=10.0&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=c04552460d0de64d78f505d81de018b8adbfbc9d
Frame ID: 75378D4553AC0126D25EA3559E39568C
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&adk=1812271804&adf=3025194257&lmt=1630675147&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147497&bpp=4&bdt=829&idt=180&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4289306766509&frm=20&pv=2&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=208
Frame ID: 7C805925E58B671D981D4DD974BF9D7A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=280&slotname=6782976732&adk=1920496107&adf=2181533201&pi=t.ma~as.6782976732&w=770&fwrn=4&fwrnh=100&lmt=1630675147&rafmt=1&tp=site_kit&psa=0&format=770x280&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147505&bpp=4&bdt=836&idt=233&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=6c46KvvhgB&p=https%3A//que.com&dtd=242
Frame ID: D5AA90900F33DC7185CDC520C38B9E30
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=193&slotname=2534306146&adk=1926075097&adf=3150342478&pi=t.ma~as.2534306146&w=770&fwrn=4&lmt=1630675147&rafmt=11&tp=site_kit&psa=0&format=770x193&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147509&bpp=1&bdt=840&idt=286&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C770x280&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1390&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=iVHWX0CZy2&p=https%3A//que.com&dtd=386
Frame ID: 306590BA2234FA44F76EC4817E9F4125
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=280&slotname=6782976732&adk=1920496107&adf=47597618&pi=t.ma~as.6782976732&w=770&fwrn=4&fwrnh=100&lmt=1630675148&rafmt=1&tp=site_kit&psa=0&format=770x280&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147512&bpp=1&bdt=843&idt=479&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C770x280%2C770x193&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=H1Ia6MJ5X6&p=https%3A//que.com&dtd=499
Frame ID: 9928C68BA1FAF2379E2AAD620BF8439B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=462&slotname=2314861051&adk=792444155&adf=3489136023&pi=t.ma~as.2314861051&w=770&cr_col=4&cr_row=2&fwrn=2&lmt=1630675148&rafmt=9&tp=site_kit&psa=0&format=770x462&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147513&bpp=1&bdt=845&idt=730&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48139ec31078793f-22d3ee896fca0009%3AT%3D1630675147%3ART%3D1630675147%3AS%3DALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA&prev_fmts=0x0%2C770x280%2C770x193%2C770x280&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3888&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=XKyjW5YCre&p=https%3A//que.com&dtd=752
Frame ID: 56183B2BE2664F2C0443F9F36D35D67C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=250&slotname=6782976732&adk=3608597977&adf=678854797&pi=t.ma~as.6782976732&w=310&fwrn=4&fwrnh=100&lmt=1630675148&rafmt=1&tp=site_kit&psa=0&format=310x250&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147577&bpp=2&bdt=909&idt=749&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48139ec31078793f-22d3ee896fca0009%3AT%3D1630675147%3ART%3D1630675147%3AS%3DALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA&prev_fmts=0x0%2C770x280%2C770x193%2C770x280%2C770x462&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1060&ady=394&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=yMShW2Gfsg&p=https%3A//que.com&dtd=756
Frame ID: 457A2A2FDE1236E1836B7B140977D824
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=250&slotname=6782976732&adk=1334510058&adf=1538581077&pi=t.ma~as.6782976732&w=310&fwrn=4&fwrnh=100&lmt=1630675148&rafmt=1&tp=site_kit&psa=0&format=310x250&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147641&bpp=1&bdt=973&idt=724&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48139ec31078793f-22d3ee896fca0009%3AT%3D1630675147%3ART%3D1630675147%3AS%3DALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA&prev_fmts=0x0%2C770x280%2C770x193%2C770x280%2C770x462%2C310x250&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1060&ady=1562&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=WMe3hBf9DW&p=https%3A//que.com&dtd=734
Frame ID: 02464940829E143ACC57C11FA70E5CEE
Requests: 1 HTTP requests in this frame

Frame: https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fjetpack.wordpress.com&color_scheme=light
Frame ID: 7A827AE35A21848C2C8134E5EBAD57CA
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df2137816167ff6c%2526domain%253Dque.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fque.com%25252Ff160c20c0c89008%2526relation%253Dparent.parent%26container_width%3D450%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fdomainnetwork%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D500
Frame ID: 826ACF27837768F728CCABEA01DEFCC9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=280&slotname=6782976732&adk=2290629976&adf=151267453&pi=t.ma~as.6782976732&w=1140&fwrn=4&fwrnh=100&lmt=1630675148&rafmt=1&tp=site_kit&psa=0&format=1140x280&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147655&bpp=13&bdt=986&idt=770&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48139ec31078793f-22d3ee896fca0009%3AT%3D1630675147%3ART%3D1630675147%3AS%3DALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA&prev_fmts=0x0%2C770x280%2C770x193%2C770x280%2C770x462%2C310x250%2C310x250&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4727&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=5&fsb=1&xpc=cswY1ARqJx&p=https%3A//que.com&dtd=926
Frame ID: 43E34D13CFD5349429C64A6B19CD95EF
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df32f97bf62fad9c%2526domain%253Dque.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fque.com%25252Ff160c20c0c89008%2526relation%253Dparent.parent%26container_width%3D0%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fdomainnetwork%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D500
Frame ID: 78D02367FDFECA97022CAEA7729FE900
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: FC7E2067BD15F0D949066F28F0958439
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 37CDE8822D4FABC1ACCFB173B9ED83D2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

QUE.com SynAck ransomware decryptor lets victims recover files for free

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • html /<link[^>]+s\d+\.wp\.com/i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • html /<link[^>]+s\d+\.wp\.com/i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • html /<link[^>]+s\d+\.wp\.com/i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /underscore.*\.js(?:\?ver=([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

128
Requests

98 %
HTTPS

63 %
IPv6

18
Domains

30
Subdomains

25
IPs

3
Countries

1285 kB
Transfer

4150 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 301
  • https://www.gstatic.com/prose/brandjs.js
Request Chain 103
  • https://www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2137816167ff6c%26domain%3Dque.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fque.com%252Ff160c20c0c89008%26relation%3Dparent.parent&container_width=450&height=432&hide_cover=false&hide_cta=false&href=https%3A%2F%2Fwww.facebook.com%2Fdomainnetwork&locale=en_US&sdk=joey&show_facepile=true&small_header=false&tabs=false&width=500 HTTP 302
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df2137816167ff6c%2526domain%253Dque.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fque.com%25252Ff160c20c0c89008%2526relation%253Dparent.parent%26container_width%3D450%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fdomainnetwork%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D500
Request Chain 122
  • https://www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df32f97bf62fad9c%26domain%3Dque.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fque.com%252Ff160c20c0c89008%26relation%3Dparent.parent&container_width=0&height=432&hide_cover=false&hide_cta=false&href=https%3A%2F%2Fwww.facebook.com%2Fdomainnetwork&locale=en_US&sdk=joey&show_facepile=true&small_header=false&tabs=false&width=500 HTTP 302
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df32f97bf62fad9c%2526domain%253Dque.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fque.com%25252Ff160c20c0c89008%2526relation%253Dparent.parent%26container_width%3D0%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fdomainnetwork%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D500

128 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/ 		165 KB
31 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
eb25618182252b94b4a80393a0dcfc095c3953b39214c45e5fadc82a0ad0228b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
que.com
:scheme
https
:path
/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

server
nginx
date
Fri, 03 Sep 2021 13:19:06 GMT
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=31536000
vary
Accept-Encoding Cookie
x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
host-header
WordPress.com
x-pingback
https://que.com/xmlrpc.php
set-cookie
pmpro_visit=1; path=/; secure; HttpOnly mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F; expires=Sun, 03-Oct-2021 13:19:06 GMT; Max-Age=2592000; path=/ mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F; expires=Sun, 03-Oct-2021 13:19:06 GMT; Max-Age=2592000; path=/
link
<https://que.com/wp-json/>; rel="https://api.w.org/" <https://que.com/wp-json/wp/v2/posts/45997>; rel="alternate"; type="application/json" <https://wp.me/p5KwTp-bXT>; rel=shortlink
content-encoding
br
x-ac
2.hhn _atomic_ams
/
que.com/_static/ 		1 MB
133 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://que.com/_static/??-eJytlt1W3CAQgF+oSD1Ve9XTR/FMYDbiQuAwYEyfvgNE3VQ33RhvdsMwfAzD/DAGYQZls0aSikhqQ0l21qujsKaLECdJabJ45cxwxQrfxiCUHxIOSQabezOQ7LLWU4jIy7syG7GiKoWk9awkDj66yxkOXYeRTjFN9AUI2sXQ0wDOKLGZBSqZJ5OmhWsgIaWXKYMbcIdocNAL02bR5Yw++hwWiCrZDdhlwouDt5Ic/0OPCxaZhKPRKAafjFp3r4XJ58TbGj1H/Kz4mh6PJYK0AbToysrTQeDlGIXFHtR0us3Z1WMx+W28ZtrovegzizjiehGi11klEvWQ7AVjtRxVG5J44hjwkcTiDLuIH5JcFq+woLyjB9l2lpCTd5DY4TLhc2qnFHwNPabGanc0S4rOOTPBwR8/CCDyypRc4Zo0HEU1EGOlANjuvgMyis7GSdeCJKELNeOkxgNkm1qotNnVQCOYD1tcJUhFExJ6TriqqJshRJjkqtc3cDJxNAUY0O6D2Z3rqzEwGL7QrziWeoB49rY3cFj1SgFXCNrroIorp4sGrOBENf1XxEE2QkOCYNSRm9b2BlFKgvHDalhyEnPiOYwK265zXr2JRStqnwecW/mIKQCXCseFo+SzNUf+/TD40wPXNwZ7yy8AqMXmcsUDz8GI5F17UpSxmAVrrvnXPspdu63i0+XoUkQrV2wCKOy8L8+jI388r6f8OUryQQRP6YzT3kdIK6Ps6K61EbGpC32Cu6E/vaNBCKcBFVMV70SIHKwHzQ0jutW8eHf5XHRQA29QP83Q/2/lPXdtWXuOFfx89bQYXLJ3sXn+Lqq/3a/rux/f737eXt/c/gUBeWjq
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
b5d0392d4f6d7e7ee4c15950a61d7d348cdd12732a65f83000053a62eae3e888
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/_static/??-eJytlt1W3CAQgF+oSD1Ve9XTR/FMYDbiQuAwYEyfvgNE3VQ33RhvdsMwfAzD/DAGYQZls0aSikhqQ0l21qujsKaLECdJabJ45cxwxQrfxiCUHxIOSQabezOQ7LLWU4jIy7syG7GiKoWk9awkDj66yxkOXYeRTjFN9AUI2sXQ0wDOKLGZBSqZJ5OmhWsgIaWXKYMbcIdocNAL02bR5Yw++hwWiCrZDdhlwouDt5Ic/0OPCxaZhKPRKAafjFp3r4XJ58TbGj1H/Kz4mh6PJYK0AbToysrTQeDlGIXFHtR0us3Z1WMx+W28ZtrovegzizjiehGi11klEvWQ7AVjtRxVG5J44hjwkcTiDLuIH5JcFq+woLyjB9l2lpCTd5DY4TLhc2qnFHwNPabGanc0S4rOOTPBwR8/CCDyypRc4Zo0HEU1EGOlANjuvgMyis7GSdeCJKELNeOkxgNkm1qotNnVQCOYD1tcJUhFExJ6TriqqJshRJjkqtc3cDJxNAUY0O6D2Z3rqzEwGL7QrziWeoB49rY3cFj1SgFXCNrroIorp4sGrOBENf1XxEE2QkOCYNSRm9b2BlFKgvHDalhyEnPiOYwK265zXr2JRStqnwecW/mIKQCXCseFo+SzNUf+/TD40wPXNwZ7yy8AqMXmcsUDz8GI5F17UpSxmAVrrvnXPspdu63i0+XoUkQrV2wCKOy8L8+jI388r6f8OUryQQRP6YzT3kdIK6Ps6K61EbGpC32Cu6E/vaNBCKcBFVMV70SIHKwHzQ0jutW8eHf5XHRQA29QP83Q/2/lPXdtWXuOFfx89bQYXLJ3sXn+Lqq/3a/rux/f737eXt/c/gUBeWjq
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Fri, 03 Sep 2021 13:19:05 GMT
server
nginx
x-page-optimize
uncached
etag
W/"c57f8cf4b49bdeb3a9282921bbaf5a09"
vary
Accept-Encoding
content-type
text/css;charset=utf-8
cache-control
max-age=31536000
date
Fri, 03 Sep 2021 13:19:06 GMT
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
/
que.com/_static/ 		54 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://que.com/_static/??wp-content/plugins/buddypress/bp-templates/bp-legacy/css/buddypress.min.css,wp-content/plugins/paid-memberships-pro/css/frontend.css?m=1629933480
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
29ab67eeda170b04a1d394ab359c846f980f7a6633af3d7b3eb4556e8a370ff7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/_static/??wp-content/plugins/buddypress/bp-templates/bp-legacy/css/buddypress.min.css,wp-content/plugins/paid-memberships-pro/css/frontend.css?m=1629933480
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 25 Aug 2021 23:18:00 GMT
server
nginx
x-page-optimize
uncached
etag
W/"72fe0793808f9a8fbcfba3cfc3ba7594"
vary
Accept-Encoding
content-type
text/css;charset=utf-8
cache-control
max-age=31536000
date
Fri, 03 Sep 2021 13:19:06 GMT
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
css
fonts.googleapis.com/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Rock+Salt%7COpen+Sans%3A400%2C600&ver=5.8
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
165731c115250012b9317b61207c46479cd6fb2d20a048bf6d14dc8b60da877b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Origin
https://que.com
Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 03 Sep 2021 13:19:06 GMT
server
ESF
date
Fri, 03 Sep 2021 13:19:06 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 03 Sep 2021 13:19:06 GMT
masterbar.css
que.com/wp-content/mu-plugins/wpcomsh/vendor/automattic/wc-calypso-bridge/store-on-wpcom/assets/css/ 		728 B
468 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-content/mu-plugins/wpcomsh/vendor/automattic/wc-calypso-bridge/store-on-wpcom/assets/css/masterbar.css?ver=1.8.0
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
c5964852604fae6fb0997a80858f9f2ee0cb6159896741625306a3a9654d9f78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-content/mu-plugins/wpcomsh/vendor/automattic/wc-calypso-bridge/store-on-wpcom/assets/css/masterbar.css?ver=1.8.0
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 02 Aug 2021 01:19:07 GMT
server
nginx
etag
W/"6107480b-2d8"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
date
Fri, 03 Sep 2021 13:19:06 GMT
x-ac
2.hhn _atomic_ams
expires
Thu, 31 Dec 2037 23:55:55 GMT
dashicons.min.css
que.com/wp-includes/css/ 		58 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-includes/css/dashicons.min.css?ver=5.8
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-includes/css/dashicons.min.css?ver=5.8
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 03 Mar 2021 21:16:22 GMT
server
nginx
etag
W/"603ffca6-e688"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
date
Fri, 03 Sep 2021 13:19:06 GMT
x-ac
2.hhn _atomic_ams
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.min.js
que.com/wp-includes/js/jquery/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 10 Mar 2021 15:07:24 GMT
server
nginx
etag
W/"6048e0ac-15db1"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
date
Fri, 03 Sep 2021 13:19:06 GMT
x-ac
2.hhn _atomic_ams
expires
Thu, 31 Dec 2037 23:55:55 GMT
/
que.com/_static/ 		27 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://que.com/_static/??-eJyljMsKwjAQRX/ISbCL6kb8lBDTEKdNZmIetP69wQbpXrgww7mXs0ZAMr5ONsu55VVtevcDAV3SxYqAJOZ8WiMYpmKpyOirQ8qyNchJk7PguRHgaAkneXQGVjtVu1YY5gX/t3YKmQ1qr77LLjwOyxPN8uDt97TNPdzO43AdLi3jB86OYeY=
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
a9f631b16d2f05fcd9a4d591a5c6740fb7a9f1dacc79444ae878763733dd9a1c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/_static/??-eJyljMsKwjAQRX/ISbCL6kb8lBDTEKdNZmIetP69wQbpXrgww7mXs0ZAMr5ONsu55VVtevcDAV3SxYqAJOZ8WiMYpmKpyOirQ8qyNchJk7PguRHgaAkneXQGVjtVu1YY5gX/t3YKmQ1qr77LLjwOyxPN8uDt97TNPdzO43AdLi3jB86OYeY=
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Fri, 06 Aug 2021 19:31:16 GMT
server
nginx
x-page-optimize
uncached
etag
W/"9af5918a35b824540fc4f8ded25758bd"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
date
Fri, 03 Sep 2021 13:19:06 GMT
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
underscore.min.js
que.com/wp-includes/js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-includes/js/underscore.min.js?ver=1.8.3
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-includes/js/underscore.min.js?ver=1.8.3
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 27 May 2021 19:33:19 GMT
server
nginx
etag
W/"60aff3ff-4a84"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
date
Fri, 03 Sep 2021 13:19:06 GMT
x-ac
2.hhn _atomic_ams
expires
Thu, 31 Dec 2037 23:55:55 GMT
/
que.com/_static/ 		313 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://que.com/_static/??-eJylkt1OxCAQhV9IStzs+nNhfBYWZlu6wOAMbO3bS6k1NTHG2ruBOfMB5zBEYYN22QDLniV3SEmjgcbb0PR8N0ShTKmnpgdjlcjRoTKrvsaQICQZXW5tYHlmJeZaRELBmmxMgPJCVWjqOXVzB6B/y0Bjc7MwxOnKHegr0A6g7hTtuVDRNFoRZga3/11sfXRjUaBbaOuYCqWmID2+23VWP4qW4rfMsjFjJOBSTl2C6gmGiyW/eW6wpoUkPPgzEG8enz0QsxNbh2/FSKSFoRGv3wz6D2SOQST8MydBiU8lqAsHrdJj/SNfok/Sq3+5fzg8H55Ox8fjBzm0WiI=
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
d3b88cd17875ec9abe460e1fc1c7e6a9167f539484ad0fb7acfed73c1eebca9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/_static/??-eJylkt1OxCAQhV9IStzs+nNhfBYWZlu6wOAMbO3bS6k1NTHG2ruBOfMB5zBEYYN22QDLniV3SEmjgcbb0PR8N0ShTKmnpgdjlcjRoTKrvsaQICQZXW5tYHlmJeZaRELBmmxMgPJCVWjqOXVzB6B/y0Bjc7MwxOnKHegr0A6g7hTtuVDRNFoRZga3/11sfXRjUaBbaOuYCqWmID2+23VWP4qW4rfMsjFjJOBSTl2C6gmGiyW/eW6wpoUkPPgzEG8enz0QsxNbh2/FSKSFoRGv3wz6D2SOQST8MydBiU8lqAsHrdJj/SNfok/Sq3+5fzg8H55Ox8fjBzm0WiI=
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 18 Aug 2021 11:17:54 GMT
server
nginx
x-page-optimize
uncached
etag
W/"4e1c4231bea7538ab5d1d38edb490899"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
date
Fri, 03 Sep 2021 13:19:06 GMT
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
s-202135.js
stats.wp.com/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/s-202135.js
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
21b1c346a04696c68f33050088b8bbda850a1d9c015bd70df23d7bb34f6d0e1c

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT ams
date
Fri, 03 Sep 2021 13:19:07 GMT
content-encoding
gzip
server
nginx
etag
W/"5e98e496-3ec1"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
expires
Mon, 29 Aug 2022 20:25:55 GMT
/
que.com/_static/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://que.com/_static/??wp-content/themes/colormag-pro/js/html5shiv.min.js,wp-content/themes/colormag-pro/js/loadmore.min.js?m=1513871330
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
8da7d561f89a23c1a19fe05cef6e9ce17d6837a3fe9bb9ab9e6541c3aad68613
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/_static/??wp-content/themes/colormag-pro/js/html5shiv.min.js,wp-content/themes/colormag-pro/js/loadmore.min.js?m=1513871330
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 21 Dec 2017 15:48:50 GMT
server
nginx
x-page-optimize
uncached
etag
W/"bf46ad3eafa900d9db2a8be6475564b5"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
date
Fri, 03 Sep 2021 13:19:06 GMT
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		138 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e683bc71365ab9cc3a47f56f3ed871ba48dbc1862075af20c18bf05ae5e3b6da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49525
x-xss-protection
0
server
cafe
etag
17398181835939896550
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 03 Sep 2021 13:19:07 GMT
brandjs.js
www.gstatic.com/prose/
Redirect Chain
  • https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
  • https://www.gstatic.com/prose/brandjs.js
14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/prose/brandjs.js
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 08:56:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15753
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5807
x-xss-protection
0
last-modified
Tue, 06 Apr 2021 15:14:29 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Sat, 04 Sep 2021 08:56:33 GMT

Redirect headers

date
Fri, 03 Sep 2021 13:07:07 GMT
x-content-type-options
nosniff
server
sffe
age
719
content-type
text/html; charset=UTF-8
location
https://www.gstatic.com/prose/brandjs.js
cache-control
public, max-age=1800
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
237
x-xss-protection
0
expires
Fri, 03 Sep 2021 13:37:07 GMT
wp-emoji-release.min.js
que.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-includes/js/wp-emoji-release.min.js?ver=5.8
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 08 Jun 2021 22:15:12 GMT
server
nginx
etag
W/"60bfebf0-4705"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
expires
Thu, 31 Dec 2037 23:55:55 GMT
print.css
que.com/wp-content/plugins/paid-memberships-pro/css/ 		86 B
131 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-content/plugins/paid-memberships-pro/css/print.css?m=1629933480
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
914cb6fe13efdf97379c1a2910d677144821201ff3f41b67a5a6ddb367e1a27b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-content/plugins/paid-memberships-pro/css/print.css?m=1629933480
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
last-modified
Wed, 25 Aug 2021 23:18:00 GMT
server
nginx
etag
"6126cfa8-56"
strict-transport-security
max-age=31536000
content-type
text/css
cache-control
max-age=315360000
accept-ranges
bytes
content-length
86
expires
Thu, 31 Dec 2037 23:55:55 GMT
woocommerce-smallscreen.css
que.com/wp-content/plugins/woocommerce/assets/css/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?m=1629242274
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
a7a83e60e7e3b8cadeed69327ba498b4cd68605db6e408729fa1b946758e7501
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?m=1629242274
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 17 Aug 2021 23:17:54 GMT
server
nginx
etag
W/"611c43a2-1b83"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=315360000
date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
expires
Thu, 31 Dec 2037 23:55:55 GMT
moscom-logo2.png
i2.wp.com/que.com/wp-content/uploads/2014/01/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i2.wp.com/que.com/wp-content/uploads/2014/01/moscom-logo2.png?w=800&ssl=1
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
f9dd4d6baffc6009196ce8d1159dc2dc1f6c2cfe51eca0e68fdf0ae9d7a543a0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 10:47:04 GMT
server
nginx
etag
"d839e5e68a3aa61a"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://que.com/wp-content/uploads/2014/01/moscom-logo2.png>; rel="canonical"
content-length
11950
expires
Sat, 05 Nov 2022 22:47:04 GMT
minifan-com-logo.png
i0.wp.com/que.com/wp-content/uploads/2017/05/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/que.com/wp-content/uploads/2017/05/minifan-com-logo.png
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
45f4a45f4e70974558e477b7f64169a4e46ed84230497cf23cfeb413f72d6484
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
x-bytes-saved
2839
content-length
4776
x-nc
HIT hhn 4
last-modified
Sun, 09 Jun 2019 03:33:40 GMT
server
nginx
etag
"95fd4092e0674f8a"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://que.com/wp-content/uploads/2017/05/minifan-com-logo.png>; rel="canonical"
expires
Tue, 08 Jun 2021 15:33:40 GMT
onejs
z-na.amazon-adsystem.com/widgets/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z-na.amazon-adsystem.com/widgets/onejs?MarketPlace=US&adInstanceId=35499e81-f171-47a5-9066-4d9417adae07
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.105.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
20ca7abd3a8716b1255a15e436c8bf4032793bfa8e3306263489fd35137cc10a

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
Public
date
Fri, 03 Sep 2021 13:19:07 GMT
content-encoding
gzip
server
Server
x-amz-cf-pop
FRA56-P5
x-cache
Miss from cloudfront
content-type
application/javascript;charset=UTF-8
access-control-allow-origin
*
charset
UTF-8
cache-control
public,max-age=300,s-maxage=300,no-transform
x-amz-cf-id
cpj-mlfaBzpmn2ZU6kHzhAJg4e4gUkXQoHp3xoy271l6bei-9hH13g==
via
1.1 5c14dc328191a14142654d833f772c6d.cloudfront.net (CloudFront)
expires
Fri, 03 Sep 2021 13:24:07 GMT
g.png
que.com/wp-content/plugins/miniorange-login-openid/includes/images/icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://que.com/wp-content/plugins/miniorange-login-openid/includes/images/icons/g.png
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
0919f0d77b443057cc39d9258c3004b85c15d69e56a2a9727c90ffa8aaa02b76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-content/plugins/miniorange-login-openid/includes/images/icons/g.png
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
last-modified
Fri, 06 Aug 2021 19:31:16 GMT
server
nginx
etag
"610d8e04-495"
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
max-age=604800
accept-ranges
bytes
content-length
1173
expires
Fri, 10 Sep 2021 13:19:07 GMT
20150507.BuyNow.Blue_.png
i1.wp.com/que.com/wp-content/uploads/2017/07/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/que.com/wp-content/uploads/2017/07/20150507.BuyNow.Blue_.png?w=800&ssl=1
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
6582375db69e33bffa8cbdb94c1f04a33b9d2c1880c88a0a6a2e54ebebad742a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
last-modified
Tue, 10 Aug 2021 19:44:46 GMT
server
nginx
etag
"c72d12d33c1432fb"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://que.com/wp-content/uploads/2017/07/20150507.BuyNow.Blue_.png>; rel="canonical"
content-length
5420
expires
Fri, 11 Aug 2023 07:44:46 GMT
moscom-logo2.png
i2.wp.com/que.com/wp-content/uploads/2014/01/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i2.wp.com/que.com/wp-content/uploads/2014/01/moscom-logo2.png
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
f9dd4d6baffc6009196ce8d1159dc2dc1f6c2cfe51eca0e68fdf0ae9d7a543a0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 09:32:17 GMT
server
nginx
etag
"713f44a5e2ef8ed6"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://que.com/wp-content/uploads/2014/01/moscom-logo2.png>; rel="canonical"
content-length
11950
expires
Wed, 25 Jan 2023 21:32:17 GMT
cav-com-logo.png
i0.wp.com/que.com/wp-content/uploads/2017/03/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/que.com/wp-content/uploads/2017/03/cav-com-logo.png?w=800&ssl=1
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
4e9bc3430a65da48912e35c5ff5c37668a23f9a237f9110c88562ce932e03984
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 10:47:04 GMT
server
nginx
etag
"a192c6ba3d385c92"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://que.com/wp-content/uploads/2017/03/cav-com-logo.png>; rel="canonical"
content-length
4594
expires
Sat, 05 Nov 2022 22:47:04 GMT
bilmur.min.js
s0.wp.com/wp-content/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/js/bilmur.min.js?m=202135
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
ccd1ae8d139b4ddb53c470f4a9ff95259b89b0572b88bc33b4baf78636f2782d

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Fri, 03 Sep 2021 13:19:07 GMT
content-encoding
gzip
server
nginx
etag
W/"612678e4-1386"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
x-ac
2.hhn _dca
timing-allow-origin
*
expires
Tue, 30 Aug 2022 00:00:01 GMT
loading.gif
que.com/wp-content/plugins/jetpack/modules/sharedaddy/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://que.com/wp-content/plugins/jetpack/modules/sharedaddy/images/loading.gif
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
3fa54e29f88aee644eaaac38e11681ea07858eb1ea76b1baae12597aae83fe82
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-content/plugins/jetpack/modules/sharedaddy/images/loading.gif
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
last-modified
Wed, 09 Mar 2011 16:12:50 GMT
server
nginx
etag
"4d77a702-9e2"
strict-transport-security
max-age=31536000
content-type
image/gif
cache-control
max-age=604800
accept-ranges
bytes
content-length
2530
expires
Fri, 10 Sep 2021 13:19:07 GMT
/
que.com/_static/ 		168 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://que.com/_static/??-eJytks1ORDEIhV9IpnEWoxvjo9x0WhxRWkhpb19/uP5sRk00Y8KGA+cLtEyFJLVj7UF5nKhaeMGuMb2GInkwWmjIsWMGFesX2S6Z3cyviEKVpMV6QmBxBUSxUg5UE4/sTPc5H57cB3GiScGdm67kLe/y8tazkFOum/Ao0q23qGCSKPL/wLZFQRuuhPMn4uUfpNhkGHKwSYoNjqNmxj+7PwrwKfwW0J+xIHQR3g7A1B+WVoSVMso3yoZ9LA+3h/39/s7jcAZfZuzD
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
74d4eb9fa3b6418c4077890dfef585104fad931836550503c85f5a603043cd12
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/_static/??-eJytks1ORDEIhV9IpnEWoxvjo9x0WhxRWkhpb19/uP5sRk00Y8KGA+cLtEyFJLVj7UF5nKhaeMGuMb2GInkwWmjIsWMGFesX2S6Z3cyviEKVpMV6QmBxBUSxUg5UE4/sTPc5H57cB3GiScGdm67kLe/y8tazkFOum/Ao0q23qGCSKPL/wLZFQRuuhPMn4uUfpNhkGHKwSYoNjqNmxj+7PwrwKfwW0J+xIHQR3g7A1B+WVoSVMso3yoZ9LA+3h/39/s7jcAZfZuzD
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Fri, 06 Aug 2021 19:31:16 GMT
server
nginx
x-page-optimize
uncached
etag
W/"55c3535e96008375e3be93ed97789c53"
vary
Accept-Encoding
content-type
text/css;charset=utf-8
cache-control
max-age=31536000
date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
/
que.com/_static/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://que.com/_static/??wp-content/plugins/jetpack/_inc/build/photon/photon.min.js,wp-includes/js/jquery/ui/core.min.js?m=1616089703
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f0b7d796d7a918907e1e4daa7e994c4a9253341251f4fc5e806e9cee698fab65
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/_static/??wp-content/plugins/jetpack/_inc/build/photon/photon.min.js,wp-includes/js/jquery/ui/core.min.js?m=1616089703
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 18 Mar 2021 17:48:23 GMT
server
nginx
x-page-optimize
uncached
etag
W/"d95748e114587a76ad64484009d7bd79"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
datepicker.min.js
que.com/wp-includes/js/jquery/ui/ 		35 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.12.1
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
9fd95260ee110232e2e143adfb5c5f0df7ffee9d2513288ff4102d9e401c663c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.12.1
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 08 Jun 2021 17:15:15 GMT
server
nginx
etag
W/"60bfa5a3-8d34"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
expires
Thu, 31 Dec 2037 23:55:55 GMT
backbone.min.js
que.com/wp-includes/js/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-includes/js/backbone.min.js?ver=1.4.0
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
bfa9441fac08fbebcfc65e202a788744aab8e4b1f634eaaf800256dce5012813
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-includes/js/backbone.min.js?ver=1.4.0
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 18 Mar 2021 17:48:23 GMT
server
nginx
etag
W/"60539267-5d0a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
expires
Thu, 31 Dec 2037 23:55:55 GMT
/
que.com/_static/ 		198 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://que.com/_static/??-eJylkMtSBCEMRX9ImnJqfC0s1y5c+gE8oqYbCBIYqv/egR6rejNjq7uE3Bxubo3CUMgQsoyuvGNgqYu1c0zALDxYVNKhlr0S4MA3aY3L6NQPHsMw8lXdAFMxSsUMmeXIMuX++h/ASwdoZSZNAX6kSN2mCdryAYKlJMfPAmkejEqw7ZTzDJXrB21mKJPxgHlunJYjUuDVMgbjioV+pyHfFCJBdPOFDypRlyYDq5QWd0I7MlPBb7O9fX3+Ne0tdZmVylqRSRyDu5TbGUt8FNKELcRhqf5uZDU+QZ784/Xt7mF3f7O/238B2QgaYg==
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
8e2d1acccd468c002649546c361958a7f773e1768a62329227bd356bc4b97653
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/_static/??-eJylkMtSBCEMRX9ImnJqfC0s1y5c+gE8oqYbCBIYqv/egR6rejNjq7uE3Bxubo3CUMgQsoyuvGNgqYu1c0zALDxYVNKhlr0S4MA3aY3L6NQPHsMw8lXdAFMxSsUMmeXIMuX++h/ASwdoZSZNAX6kSN2mCdryAYKlJMfPAmkejEqw7ZTzDJXrB21mKJPxgHlunJYjUuDVMgbjioV+pyHfFCJBdPOFDypRlyYDq5QWd0I7MlPBb7O9fX3+Ne0tdZmVylqRSRyDu5TbGUt8FNKELcRhqf5uZDU+QZ784/Xt7mF3f7O/238B2QgaYg==
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 18 Aug 2021 11:17:54 GMT
server
nginx
x-page-optimize
uncached
etag
W/"f2b20da0e88ca8f471b99983a063bc40"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
cart-fragments.min.js
que.com/wp-content/plugins/woocommerce/assets/js/frontend/ 		3 KB
1001 B 		Script
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.6.0
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
9c7c023f91428234ca0ea4df1199758686f4dcd04da96ba63571788fb3389c0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=5.6.0
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 17 Aug 2021 23:17:54 GMT
server
nginx
etag
W/"611c43a2-b7a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
expires
Thu, 31 Dec 2037 23:55:55 GMT
gprofiles.js
secure.gravatar.com/js/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.gravatar.com/js/gprofiles.js?ver=202135
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
3742b8f2006b7a23df3252c615bb113e94f77729ac9cc4b021e35517285cf0c2

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
content-encoding
gzip
last-modified
Thu, 02 Apr 2020 15:50:36 GMT
server
nginx
etag
W/"5e8609cc-5dea"
content-type
application/javascript
cache-control
max-age=604800
expires
Fri, 10 Sep 2021 13:19:07 GMT
/
que.com/_static/ 		288 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://que.com/_static/??-eJyVU0FywyAM/FAJaWbS9tLpI9p7B4PiKAZEEcTj3xc7cZp0HNe9sZJ2hVbQBqHJJ/BJBptr9CwPkILSjXRksgWWbagj7Wl14If2pzrtwZWkJkvRqVqESPLAkhPqppOHrwyxW53QyqFfxvbQsug5EEeJPvQxRP4ho45Yq4Tkl3N2mI5oeGx7hsv5vFcxRrhMfoLL+ResMydyE8Tf+/lEr2WV0Rq5UxoqokaAq8DMcIOqQVj0TbGZpEFOveciqeoOocrGdCECs3BgUEmLlRxOAmwZpJQO6AyE8kYEq7rJdc2KJsp6zy2Gi4dD5L2PXGmVoW02xcDiGRa/gC0pczP0dYlTTD52d7KnRmO/+doC/3J3YjMRrEpQPCFOfItmhFSD7CCdhHblXSxvqFWkzGDHnBgDC+49/vjhiZYHQra/MgfyjEcQ5UMATUTOym/u9fFp87JeP2+3m2/qZafQ
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
973ad13ad70d4bf7b268bf859c8b27f2a59664105bc8f2ac132c9bd2fa829799
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/_static/??-eJyVU0FywyAM/FAJaWbS9tLpI9p7B4PiKAZEEcTj3xc7cZp0HNe9sZJ2hVbQBqHJJ/BJBptr9CwPkILSjXRksgWWbagj7Wl14If2pzrtwZWkJkvRqVqESPLAkhPqppOHrwyxW53QyqFfxvbQsug5EEeJPvQxRP4ho45Yq4Tkl3N2mI5oeGx7hsv5vFcxRrhMfoLL+ResMydyE8Tf+/lEr2WV0Rq5UxoqokaAq8DMcIOqQVj0TbGZpEFOveciqeoOocrGdCECs3BgUEmLlRxOAmwZpJQO6AyE8kYEq7rJdc2KJsp6zy2Gi4dD5L2PXGmVoW02xcDiGRa/gC0pczP0dYlTTD52d7KnRmO/+doC/3J3YjMRrEpQPCFOfItmhFSD7CCdhHblXSxvqFWkzGDHnBgDC+49/vjhiZYHQra/MgfyjEcQ5UMATUTOym/u9fFp87JeP2+3m2/qZafQ
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 03 Aug 2021 16:19:12 GMT
server
nginx
x-page-optimize
uncached
etag
W/"37ab24c47a8b383ff63c237d5a92ecc8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000
date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
sharing.min.js
que.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=10.0
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
80ee2d8ce5d2a3f78fc3b8eaa67bc266645c58b96d8a804556f1e6cb8737d0cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=10.0
pragma
no-cache
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 26 Jan 2021 16:25:48 GMT
server
nginx
etag
W/"6010428c-2f6d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
expires
Thu, 31 Dec 2037 23:55:55 GMT
e-202135.js
stats.wp.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202135.js
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT ams
date
Fri, 03 Sep 2021 13:19:07 GMT
content-encoding
gzip
server
nginx
etag
W/"5c6340e3-350a"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Mon, 22 Aug 2022 00:34:26 GMT
ga.js
ssl.google-analytics.com/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
2685
date
Fri, 03 Sep 2021 12:34:22 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17168
expires
Fri, 03 Sep 2021 14:34:22 GMT
mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v23/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v23/mem8YaGs126MiZpBA-UFVZ0b.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Rock+Salt%7COpen+Sans%3A400%2C600&ver=5.8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://que.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 02 Sep 2021 01:46:58 GMT
x-content-type-options
nosniff
age
127929
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14440
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:23:25 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 02 Sep 2022 01:46:58 GMT
mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v23/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v23/mem5YaGs126MiZpBA-UNirkOUuhp.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Rock+Salt%7COpen+Sans%3A400%2C600&ver=5.8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c298433cc9eb86f4c0be0a447b0faf398dee9186d2bcf26683297de2758cddc7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://que.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 02 Sep 2021 01:42:38 GMT
x-content-type-options
nosniff
age
128189
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14956
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:23:40 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 02 Sep 2022 01:42:38 GMT
fontawesome-webfont.woff2
que.com/wp-content/themes/colormag-pro/fontawesome/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-content/themes/colormag-pro/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: que.com
URL: https://que.com/_static/??-eJytlt1W3CAQgF+oSD1Ve9XTR/FMYDbiQuAwYEyfvgNE3VQ33RhvdsMwfAzD/DAGYQZls0aSikhqQ0l21qujsKaLECdJabJ45cxwxQrfxiCUHxIOSQabezOQ7LLWU4jIy7syG7GiKoWk9awkDj66yxkOXYeRTjFN9AUI2sXQ0wDOKLGZBSqZJ5OmhWsgIaWXKYMbcIdocNAL02bR5Yw++hwWiCrZDdhlwouDt5Ic/0OPCxaZhKPRKAafjFp3r4XJ58TbGj1H/Kz4mh6PJYK0AbToysrTQeDlGIXFHtR0us3Z1WMx+W28ZtrovegzizjiehGi11klEvWQ7AVjtRxVG5J44hjwkcTiDLuIH5JcFq+woLyjB9l2lpCTd5DY4TLhc2qnFHwNPabGanc0S4rOOTPBwR8/CCDyypRc4Zo0HEU1EGOlANjuvgMyis7GSdeCJKELNeOkxgNkm1qotNnVQCOYD1tcJUhFExJ6TriqqJshRJjkqtc3cDJxNAUY0O6D2Z3rqzEwGL7QrziWeoB49rY3cFj1SgFXCNrroIorp4sGrOBENf1XxEE2QkOCYNSRm9b2BlFKgvHDalhyEnPiOYwK265zXr2JRStqnwecW/mIKQCXCseFo+SzNUf+/TD40wPXNwZ7yy8AqMXmcsUDz8GI5F17UpSxmAVrrvnXPspdu63i0+XoUkQrV2wCKOy8L8+jI388r6f8OUryQQRP6YzT3kdIK6Ps6K61EbGpC32Cu6E/vaNBCKcBFVMV70SIHKwHzQ0jutW8eHf5XHRQA29QP83Q/2/lPXdtWXuOFfx89bQYXLJ3sXn+Lqq/3a/rux/f737eXt/c/gUBeWjq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-fetch-mode
cors
origin
https://que.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
:path
/wp-content/themes/colormag-pro/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
que.com
referer
https://que.com/_static/??-eJytlt1W3CAQgF+oSD1Ve9XTR/FMYDbiQuAwYEyfvgNE3VQ33RhvdsMwfAzD/DAGYQZls0aSikhqQ0l21qujsKaLECdJabJ45cxwxQrfxiCUHxIOSQabezOQ7LLWU4jIy7syG7GiKoWk9awkDj66yxkOXYeRTjFN9AUI2sXQ0wDOKLGZBSqZJ5OmhWsgIaWXKYMbcIdocNAL02bR5Yw++hwWiCrZDdhlwouDt5Ic/0OPCxaZhKPRKAafjFp3r4XJ58TbGj1H/Kz4mh6PJYK0AbToysrTQeDlGIXFHtR0us3Z1WMx+W28ZtrovegzizjiehGi11klEvWQ7AVjtRxVG5J44hjwkcTiDLuIH5JcFq+woLyjB9l2lpCTd5DY4TLhc2qnFHwNPabGanc0S4rOOTPBwR8/CCDyypRc4Zo0HEU1EGOlANjuvgMyis7GSdeCJKELNeOkxgNkm1qotNnVQCOYD1tcJUhFExJ6TriqqJshRJjkqtc3cDJxNAUY0O6D2Z3rqzEwGL7QrziWeoB49rY3cFj1SgFXCNrroIorp4sGrOBENf1XxEE2QkOCYNSRm9b2BlFKgvHDalhyEnPiOYwK265zXr2JRStqnwecW/mIKQCXCseFo+SzNUf+/TD40wPXNwZ7yy8AqMXmcsUDz8GI5F17UpSxmAVrrvnXPspdu63i0+XoUkQrV2wCKOy8L8+jI388r6f8OUryQQRP6YzT3kdIK6Ps6K61EbGpC32Cu6E/vaNBCKcBFVMV70SIHKwHzQ0jutW8eHf5XHRQA29QP83Q/2/lPXdtWXuOFfx89bQYXLJ3sXn+Lqq/3a/rux/f737eXt/c/gUBeWjq
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://que.com
Referer
https://que.com/_static/??-eJytlt1W3CAQgF+oSD1Ve9XTR/FMYDbiQuAwYEyfvgNE3VQ33RhvdsMwfAzD/DAGYQZls0aSikhqQ0l21qujsKaLECdJabJ45cxwxQrfxiCUHxIOSQabezOQ7LLWU4jIy7syG7GiKoWk9awkDj66yxkOXYeRTjFN9AUI2sXQ0wDOKLGZBSqZJ5OmhWsgIaWXKYMbcIdocNAL02bR5Yw++hwWiCrZDdhlwouDt5Ic/0OPCxaZhKPRKAafjFp3r4XJ58TbGj1H/Kz4mh6PJYK0AbToysrTQeDlGIXFHtR0us3Z1WMx+W28ZtrovegzizjiehGi11klEvWQ7AVjtRxVG5J44hjwkcTiDLuIH5JcFq+woLyjB9l2lpCTd5DY4TLhc2qnFHwNPabGanc0S4rOOTPBwR8/CCDyypRc4Zo0HEU1EGOlANjuvgMyis7GSdeCJKELNeOkxgNkm1qotNnVQCOYD1tcJUhFExJ6TriqqJshRJjkqtc3cDJxNAUY0O6D2Z3rqzEwGL7QrziWeoB49rY3cFj1SgFXCNrroIorp4sGrOBENf1XxEE2QkOCYNSRm9b2BlFKgvHDalhyEnPiOYwK265zXr2JRStqnwecW/mIKQCXCseFo+SzNUf+/TD40wPXNwZ7yy8AqMXmcsUDz8GI5F17UpSxmAVrrvnXPspdu63i0+XoUkQrV2wCKOy8L8+jI388r6f8OUryQQRP6YzT3kdIK6Ps6K61EbGpC32Cu6E/vaNBCKcBFVMV70SIHKwHzQ0jutW8eHf5XHRQA29QP83Q/2/lPXdtWXuOFfx89bQYXLJ3sXn+Lqq/3a/rux/f737eXt/c/gUBeWjq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
x-ac
2.hhn _atomic_ams
last-modified
Thu, 21 Dec 2017 15:48:50 GMT
server
nginx
etag
"5a3bd7e2-12d68"
strict-transport-security
max-age=31536000
access-control-allow-methods
GET, HEAD
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
77160
expires
Thu, 31 Dec 2037 23:55:55 GMT
MwQ0bhv11fWD6QsAVOZrt0M6.woff2
fonts.gstatic.com/s/rocksalt/v11/ 		57 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rocksalt/v11/MwQ0bhv11fWD6QsAVOZrt0M6.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Rock+Salt%7COpen+Sans%3A400%2C600&ver=5.8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4bf535841a8802813b460c5d34fd515f62628a933ff140251e3023ad781b94fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://que.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 31 Aug 2021 16:12:45 GMT
x-content-type-options
nosniff
age
248782
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58620
x-xss-protection
0
last-modified
Tue, 01 Sep 2020 04:54:16 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 31 Aug 2022 16:12:45 GMT
truncated
/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2437ddf45aa84303d14cc4569941c1ae58e8accca92216349c1332794015c6f

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/gif
branding.png
www.google.com/cse/static/images/1x/en/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/cse/static/images/1x/en/branding.png
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 28 Aug 2021 13:08:27 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 May 2020 08:30:00 GMT
server
sffe
age
519040
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1372
x-xss-protection
0
expires
Sun, 28 Aug 2022 13:08:27 GMT
pexels-photo-7534101.jpeg
i0.wp.com/que.com/wp-content/uploads/2021/09/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/que.com/wp-content/uploads/2021/09/pexels-photo-7534101.jpeg?resize=800%2C445&ssl=1
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
8772dd3533fd4ba5019538a329fd1a8ca4b46a7d34fe9c3f6551bc1448eb2f17
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
x-bytes-saved
1259
content-length
13599
x-nc
HIT hhn 4
last-modified
Fri, 03 Sep 2021 12:45:12 GMT
server
nginx
etag
"0d6dcba4ac82da74"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://que.com/wp-content/uploads/2021/09/pexels-photo-7534101.jpeg>; rel="canonical"
expires
Mon, 04 Sep 2023 00:45:12 GMT
truncated
/ 		7 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Origin
https://que.com
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
__utm.gif
ssl.google-analytics.com/r/ 		35 B
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1796680748&utmhn=que.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=QUE.com%20SynAck%20ransomware%20decryptor%20lets%20victims%20recover%20files%20for%20free&utmhid=1707646382&utmr=-&utmp=%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&utmht=1630675147480&utmac=UA-11413985-56&utmcc=__utma%3D121193480.1516228019.1630675147.1630675147.1630675147.1%3B%2B__utmz%3D121193480.1630675147.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=410589789&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/ 		250 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cb658d8af264091d320d32e952cb1756ea0145c2f6497b182a39e7ce4e466653
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
95178
x-xss-protection
0
server
cafe
etag
9330497266985682447
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 03 Sep 2021 13:19:07 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/ Frame D7B5 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210831/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210831/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://que.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Thu, 02 Sep 2021 16:02:37 GMT
expires
Thu, 16 Sep 2021 16:02:37 GMT
content-type
text/html; charset=UTF-8
etag
13836150016441684253
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4591
x-xss-protection
0
age
76590
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=puberror&context=165&msg=TagError%3A%20adsbygoogle.push()%20error%3A%20Only%20one%20%27enable_page_level_ads%27%20allowed%20per%20page.%0Aat%20Hn%20(https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%3A217%3A326)%0Aat%20Gn%20(adsbygoogle.js%3A216%3A603)%0Aat%20Nn%20(adsbygoogle.js%3A223%3A365)%0Aat%20c%20(adsbygoogle.js%3A224%3A38)%0Aat%20On%20(adsbygoogle.js%3A224%3A156)%0Aat%20Yn%20(adsbygoogle.js%3A232%3A248)%0Aat%20Pn%20(adsbygoogle.js%3A228%3A451)%0Aat%20adsbygoogle.js%3A225%3A47%0Aat%20Xd.n.la%20(adsbygoogle.js%3A63%3A804)%0Aat%20he%20(adsbygoogle.js%3A71%3A107)&shv=r20210831&mjsv=m202109010101&eid=31062369%2C31062422&client=ca-pub-5903031199985375&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
jetpack.wordpress.com/jetpack-comment/ Frame 7537 		28 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jetpack.wordpress.com/jetpack-comment/?blogid=84971211&postid=45997&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=10.0&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=c04552460d0de64d78f505d81de018b8adbfbc9d
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.33 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
8b4f284a26b0c6a066727a2779dfc79d798bb5330c83aff4953984e7a227144f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

:method
GET
:authority
jetpack.wordpress.com
:scheme
https
:path
/jetpack-comment/?blogid=84971211&postid=45997&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=10.0&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=c04552460d0de64d78f505d81de018b8adbfbc9d
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://que.com/

Response headers

server
nginx
date
Fri, 03 Sep 2021 13:19:07 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
host-header
WordPress.com
content-encoding
gzip
x-ac
2.hhn _dfw
strict-transport-security
max-age=15552000
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=puberror&context=165&msg=TagError%3A%20adsbygoogle.push()%20error%3A%20Only%20one%20%27enable_page_level_ads%27%20allowed%20per%20page.%0Aat%20Hn%20(https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%3A217%3A326)%0Aat%20Gn%20(adsbygoogle.js%3A216%3A603)%0Aat%20Nn%20(adsbygoogle.js%3A223%3A365)%0Aat%20c%20(adsbygoogle.js%3A224%3A38)%0Aat%20On%20(adsbygoogle.js%3A224%3A156)%0Aat%20Yn%20(adsbygoogle.js%3A232%3A248)%0Aat%20Pn%20(adsbygoogle.js%3A228%3A451)%0Aat%20adsbygoogle.js%3A225%3A47%0Aat%20Xd.n.la%20(adsbygoogle.js%3A63%3A804)%0Aat%20he%20(adsbygoogle.js%3A71%3A107)&shv=r20210831&mjsv=m202109010101&eid=31062369%2C31062422&client=ca-pub-5903031199985375&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie.js
partner.googleadservices.com/gampad/ 		197 B
655 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=que.com&callback=_gfp_s_&client=ca-pub-5903031199985375
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
8c588b83a1cea4a90186cf5db2b9b907ec91bd8483ac076d0898a6dce4e954b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
189
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
853 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=que.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 03 Sep 2021 13:19:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
570 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=que.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 03 Sep 2021 13:19:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 7C80 		35 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&adk=1812271804&adf=3025194257&lmt=1630675147&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147497&bpp=4&bdt=829&idt=180&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4289306766509&frm=20&pv=2&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=208
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5c9fd94cc15f909dc0df00e53f7646ab7c1178a626eeb997a55e9ae5941238cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-5903031199985375&output=html&adk=1812271804&adf=3025194257&lmt=1630675147&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&tp=site_kit&format=0x0&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147497&bpp=4&bdt=829&idt=180&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4289306766509&frm=20&pv=2&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=208
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://que.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 03 Sep 2021 13:19:07 GMT
server
cafe
content-length
5863
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Fri, 03-Sep-2021 13:34:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Fri, 03 Sep 2021 13:19:07 GMT
cache-control
private
osd.js
www.googletagservices.com/activeview/js/current/ 		72 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1630496339498273"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27562
x-xss-protection
0
expires
Fri, 03 Sep 2021 13:19:07 GMT
qtq80-jenpth.jpeg
i2.wp.com/que.com/wp-content/uploads/2017/04/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i2.wp.com/que.com/wp-content/uploads/2017/04/qtq80-jenpth.jpeg?resize=390%2C205&ssl=1
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
8ac98eec44a35a0323da94e5f066814e25bc9589b549fa33cdd324f7abe1713f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
x-bytes-saved
895
content-length
17760
x-nc
HIT hhn 4
last-modified
Mon, 02 Aug 2021 14:43:39 GMT
server
nginx
etag
"a15600ff0de83e58"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://que.com/wp-content/uploads/2017/04/qtq80-jenpth.jpeg>; rel="canonical"
expires
Thu, 03 Aug 2023 02:43:39 GMT
QUE.com_.CyberSecurity.Hacking.by_.typographyimages.pixabay.png
i0.wp.com/que.com/wp-content/uploads/2017/06/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/que.com/wp-content/uploads/2017/06/QUE.com_.CyberSecurity.Hacking.by_.typographyimages.pixabay.png?resize=130%2C90&ssl=1
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
63167fb6ddde34ffb75ef17916f301406d8d2a3cf2c4754213b422df8eb5ec52
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
x-bytes-saved
3069
content-length
1076
x-nc
HIT hhn 1
last-modified
Thu, 11 Jun 2020 22:32:37 GMT
server
nginx
etag
"1fa7e3692630a8ad"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://que.com/wp-content/uploads/2017/06/QUE.com_.CyberSecurity.Hacking.by_.typographyimages.pixabay.png>; rel="canonical"
expires
Sun, 12 Jun 2022 10:32:37 GMT
QUE.com_.Entrepreneur.StartUp.by_.geralt.pixabay-1.jpg
i2.wp.com/que.com/wp-content/uploads/2017/07/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i2.wp.com/que.com/wp-content/uploads/2017/07/QUE.com_.Entrepreneur.StartUp.by_.geralt.pixabay-1.jpg?resize=130%2C90&ssl=1
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
81f4321ec6c3afcf52718588860b583d4d5f8a887f40b471c07c92463f01842a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
last-modified
Wed, 31 Mar 2021 23:45:59 GMT
server
nginx
etag
"e74d40632e194b96"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://que.com/wp-content/uploads/2017/07/QUE.com_.Entrepreneur.StartUp.by_.geralt.pixabay-1.jpg>; rel="canonical"
content-length
3076
expires
Sat, 01 Apr 2023 11:45:59 GMT
QUE.com_.Women_.Beach_.jpg
i2.wp.com/que.com/wp-content/uploads/2017/05/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i2.wp.com/que.com/wp-content/uploads/2017/05/QUE.com_.Women_.Beach_.jpg?resize=130%2C90&ssl=1
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
d2b1dc9aea0dc7cb478f94dbd46fb7138583c5ae218d69691faaad92e3b4f01b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 3
date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
last-modified
Fri, 06 Nov 2020 11:03:09 GMT
server
nginx
etag
"0689cb857839e6ad"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://que.com/wp-content/uploads/2017/05/QUE.com_.Women_.Beach_.jpg>; rel="canonical"
content-length
2458
expires
Sun, 06 Nov 2022 23:03:09 GMT
QUE.com_.Children.Happy_.by_.Bessi_.pixabay.jpg
i1.wp.com/que.com/wp-content/uploads/2017/07/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/que.com/wp-content/uploads/2017/07/QUE.com_.Children.Happy_.by_.Bessi_.pixabay.jpg?resize=130%2C90&ssl=1
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
75ce749a9fa119c7f3aedd5994296ddf5b98029f56e54a220a328e5ec642921b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 4
date
Fri, 03 Sep 2021 13:19:07 GMT
x-content-type-options
nosniff
last-modified
Tue, 13 Apr 2021 02:19:57 GMT
server
nginx
etag
"509096475329872f"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://que.com/wp-content/uploads/2017/07/QUE.com_.Children.Happy_.by_.Bessi_.pixabay.jpg>; rel="canonical"
content-length
3482
expires
Thu, 13 Apr 2023 14:19:57 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame D5AA 		436 B
235 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=280&slotname=6782976732&adk=1920496107&adf=2181533201&pi=t.ma~as.6782976732&w=770&fwrn=4&fwrnh=100&lmt=1630675147&rafmt=1&tp=site_kit&psa=0&format=770x280&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147505&bpp=4&bdt=836&idt=233&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=6c46KvvhgB&p=https%3A//que.com&dtd=242
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bbf9a3eb169025bc73d9f923837eb032478711ccd8653b559ea12e9552e40f1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-5903031199985375&output=html&h=280&slotname=6782976732&adk=1920496107&adf=2181533201&pi=t.ma~as.6782976732&w=770&fwrn=4&fwrnh=100&lmt=1630675147&rafmt=1&tp=site_kit&psa=0&format=770x280&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147505&bpp=4&bdt=836&idt=233&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=6c46KvvhgB&p=https%3A//que.com&dtd=242
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://que.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 03 Sep 2021 13:19:07 GMT
server
cafe
content-length
212
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Fri, 03-Sep-2021 13:34:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Fri, 03 Sep 2021 13:19:07 GMT
cache-control
private
fa-solid-900.woff2
que.com/wp-content/plugins/miniorange-login-openid/includes/webfonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-content/plugins/miniorange-login-openid/includes/webfonts/fa-solid-900.woff2
Requested by
Host: que.com
URL: https://que.com/_static/??-eJytks1ORDEIhV9IpnEWoxvjo9x0WhxRWkhpb19/uP5sRk00Y8KGA+cLtEyFJLVj7UF5nKhaeMGuMb2GInkwWmjIsWMGFesX2S6Z3cyviEKVpMV6QmBxBUSxUg5UE4/sTPc5H57cB3GiScGdm67kLe/y8tazkFOum/Ao0q23qGCSKPL/wLZFQRuuhPMn4uUfpNhkGHKwSYoNjqNmxj+7PwrwKfwW0J+xIHQR3g7A1B+WVoSVMso3yoZ9LA+3h/39/s7jcAZfZuzD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-fetch-mode
cors
origin
https://que.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F; __utma=121193480.1516228019.1630675147.1630675147.1630675147.1; __utmc=121193480; __utmz=121193480.1630675147.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=121193480.1.10.1630675147
:path
/wp-content/plugins/miniorange-login-openid/includes/webfonts/fa-solid-900.woff2
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
que.com
referer
https://que.com/_static/??-eJytks1ORDEIhV9IpnEWoxvjo9x0WhxRWkhpb19/uP5sRk00Y8KGA+cLtEyFJLVj7UF5nKhaeMGuMb2GInkwWmjIsWMGFesX2S6Z3cyviEKVpMV6QmBxBUSxUg5UE4/sTPc5H57cB3GiScGdm67kLe/y8tazkFOum/Ao0q23qGCSKPL/wLZFQRuuhPMn4uUfpNhkGHKwSYoNjqNmxj+7PwrwKfwW0J+xIHQR3g7A1B+WVoSVMso3yoZ9LA+3h/39/s7jcAZfZuzD
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://que.com
Referer
https://que.com/_static/??-eJytks1ORDEIhV9IpnEWoxvjo9x0WhxRWkhpb19/uP5sRk00Y8KGA+cLtEyFJLVj7UF5nKhaeMGuMb2GInkwWmjIsWMGFesX2S6Z3cyviEKVpMV6QmBxBUSxUg5UE4/sTPc5H57cB3GiScGdm67kLe/y8tazkFOum/Ao0q23qGCSKPL/wLZFQRuuhPMn4uUfpNhkGHKwSYoNjqNmxj+7PwrwKfwW0J+xIHQR3g7A1B+WVoSVMso3yoZ9LA+3h/39/s7jcAZfZuzD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
server
nginx
date
Fri, 03 Sep 2021 13:19:09 GMT
vary
Accept-Encoding Origin
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://que.com
set-cookie
mo_openid_signup_url=https%3A%2F%2Fque.com%2Fwp-content%2Fplugins%2Fminiorange-login-openid%2Fincludes%2Fwebfonts%2Ffa-solid-900.woff2; expires=Sun, 03-Oct-2021 13:19:09 GMT; Max-Age=2592000; path=/
cache-control
no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
link
<https://que.com/wp-json/>; rel="https://api.w.org/"
expires
Wed, 11 Jan 1984 05:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 3065 		436 B
236 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=193&slotname=2534306146&adk=1926075097&adf=3150342478&pi=t.ma~as.2534306146&w=770&fwrn=4&lmt=1630675147&rafmt=11&tp=site_kit&psa=0&format=770x193&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147509&bpp=1&bdt=840&idt=286&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C770x280&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1390&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=iVHWX0CZy2&p=https%3A//que.com&dtd=386
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
eb5c2d32f59451b69ea446ee2f0f6572982c43c90b09fe634f3e8529c02eed3e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-5903031199985375&output=html&h=193&slotname=2534306146&adk=1926075097&adf=3150342478&pi=t.ma~as.2534306146&w=770&fwrn=4&lmt=1630675147&rafmt=11&tp=site_kit&psa=0&format=770x193&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147509&bpp=1&bdt=840&idt=286&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C770x280&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&rplot=4&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=1390&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=iVHWX0CZy2&p=https%3A//que.com&dtd=386
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://que.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 03 Sep 2021 13:19:08 GMT
server
cafe
content-length
212
x-xss-protection
0
set-cookie
IDE=AHWqTUn7qAh3y4noPw0a3YEQfRQyY9StTh9oMHx-zQE1TiRWtYgZc4tnlqLi4e2WFtI; expires=Wed, 28-Sep-2022 13:19:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Fri, 03 Sep 2021 13:19:08 GMT
cache-control
private
sdk.js
connect.facebook.net/en_US/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: que.com
URL: https://que.com/_static/??-eJyVU0FywyAM/FAJaWbS9tLpI9p7B4PiKAZEEcTj3xc7cZp0HNe9sZJ2hVbQBqHJJ/BJBptr9CwPkILSjXRksgWWbagj7Wl14If2pzrtwZWkJkvRqVqESPLAkhPqppOHrwyxW53QyqFfxvbQsug5EEeJPvQxRP4ho45Yq4Tkl3N2mI5oeGx7hsv5vFcxRrhMfoLL+ResMydyE8Tf+/lEr2WV0Rq5UxoqokaAq8DMcIOqQVj0TbGZpEFOveciqeoOocrGdCECs3BgUEmLlRxOAmwZpJQO6AyE8kYEq7rJdc2KJsp6zy2Gi4dD5L2PXGmVoW02xcDiGRa/gC0pczP0dYlTTD52d7KnRmO/+doC/3J3YjMRrEpQPCFOfItmhFSD7CCdhHblXSxvqFWkzGDHnBgDC+49/vjhiZYHQra/MgfyjEcQ5UMATUTOym/u9fFp87JeP2+3m2/qZafQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2eb69629a7b0625caf36007220a1c9bfcd0380f5d036df0198b8800b4d606472
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
x2HqjyILJZYFs8cGs4Imnw==
cross-origin-resource-policy
cross-origin
expires
Fri, 03 Sep 2021 13:21:15 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1685
x-fb-rlafr
0
x-fb-debug
kS5fZ5Ne/diVyr+z00wremkq2iimgQsWNHxGKqMGjJZirHFgVQo94YGoi1W2THjtoofbb2WKR0Ca21ZXHDVwZw==
x-fb-trip-id
917726464
x-fb-content-md5
00d799a57a6a26f59d1adf88ff7cb0f4
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Fri, 03 Sep 2021 13:19:07 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"c22767f7a8053254d66d188ba865217d"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
g.gif
pixel.wp.com/ 		50 B
92 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A10.0&blog=84971211&post=45997&tz=-4&srv=que.com&host=que.com&ref=&fcp=2990&rand=0.30635857845513703
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
hovercard.min.css
secure.gravatar.com/dist/css/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.gravatar.com/dist/css/hovercard.min.css?ver=202135
Requested by
Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202135
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
content-encoding
gzip
last-modified
Wed, 11 Nov 2020 15:57:10 GMT
server
nginx
etag
W/"5fac09d6-1e86"
content-type
text/css
cache-control
max-age=604800
expires
Fri, 10 Sep 2021 13:19:07 GMT
services.min.css
secure.gravatar.com/dist/css/ 		3 KB
587 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secure.gravatar.com/dist/css/services.min.css?ver=202135
Requested by
Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202135
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
content-encoding
gzip
last-modified
Thu, 22 Mar 2018 09:46:04 GMT
server
nginx
etag
W/"5ab37b5c-a54"
content-type
text/css
cache-control
max-age=604800
expires
Fri, 10 Sep 2021 13:19:07 GMT
/
que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/ 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/?relatedposts=1
Requested by
Host: que.com
URL: https://que.com/_static/??-eJyVU0FywyAM/FAJaWbS9tLpI9p7B4PiKAZEEcTj3xc7cZp0HNe9sZJ2hVbQBqHJJ/BJBptr9CwPkILSjXRksgWWbagj7Wl14If2pzrtwZWkJkvRqVqESPLAkhPqppOHrwyxW53QyqFfxvbQsug5EEeJPvQxRP4ho45Yq4Tkl3N2mI5oeGx7hsv5vFcxRrhMfoLL+ResMydyE8Tf+/lEr2WV0Rq5UxoqokaAq8DMcIOqQVj0TbGZpEFOveciqeoOocrGdCECs3BgUEmLlRxOAmwZpJQO6AyE8kYEq7rJdc2KJsp6zy2Gi4dD5L2PXGmVoW02xcDiGRa/gC0pczP0dYlTTD52d7KnRmO/+doC/3J3YjMRrEpQPCFOfItmhFSD7CCdhHblXSxvqFWkzGDHnBgDC+49/vjhiZYHQra/MgfyjEcQ5UMATUTOym/u9fFp87JeP2+3m2/qZafQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ca4cfe26db0dd720921940c6bb75945290e9335b6637079f4ff6630463d20c1d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
:path
/synack-ransomware-decryptor-lets-victims-recover-files-for-free/?relatedposts=1
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
x-requested-with
XMLHttpRequest

Response headers

x-pingback
https://que.com/xmlrpc.php
x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
x-content-type-options
nosniff
server
nginx
date
Fri, 03 Sep 2021 13:19:09 GMT
vary
Accept-Encoding Cookie
content-type
application/json; charset=utf-8
set-cookie
pmpro_visit=1; path=/; secure; HttpOnly
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
count.json
api.pinterest.com/v1/urls/ 		137 B
432 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.pinterest.com/v1/urls/count.json?callback=WPCOMSharing.update_pinterest_count&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
Requested by
Host: que.com
URL: https://que.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=10.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-209.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
880b3129b9a6255fcc8918e7dc682e518882d2356026fa013d88249afdfee050
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:08 GMT
x-content-type-options
nosniff
x-cdn
akamai
akamai-grn
0.986656b8.1630675148.c98532c1
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
x-pinterest-rid
6713412837920840
content-length
137
expires
Fri, 03 Sep 2021 13:34:08 GMT
/
graph.facebook.com/ 		244 B
645 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
Requested by
Host: que.com
URL: https://que.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=10.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6ba2a09c9a41c0f38b95e4c03aeda8bae47c305502df9dd6c10ae49d047c48ec
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
www-authenticate
OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev
1004352570
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
182
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
0bEcSPqTAYafpVfOtqE9YdKfqoISJqiKuvHoIcAj9pLep+zK4dJTgRierLOhu7fO7aI7q8CjadF8bdx5hGZMjA==
x-fb-trace-id
AEKZRknR6L3
date
Fri, 03 Sep 2021 13:19:08 GMT
vary
Origin, Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
AhOo45Ac8QTat8c04zxUGTw
cache-control
no-store
facebook-api-version
v4.0
expires
Sat, 01 Jan 2000 00:00:00 GMT
count.json
api.pinterest.com/v1/urls/ 		83 B
377 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.pinterest.com/v1/urls/count.json?callback=WPCOMSharing.update_pinterest_count&url=https%3A%2F%2Fque.com%2Ftbycb-com%2F
Requested by
Host: que.com
URL: https://que.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=10.0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-209.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
086e4f4e105d000e62faa3859efd3e175bae3454b6d68ed40bd31d68883fe361
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:08 GMT
x-content-type-options
nosniff
x-cdn
akamai
akamai-grn
0.986656b8.1630675148.c985330d
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
x-pinterest-rid
8049240076590932
content-length
83
expires
Fri, 03 Sep 2021 13:34:08 GMT
/
graph.facebook.com/ 		244 B
351 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fque.com%2Ftbycb-com%2F
Requested by
Host: que.com
URL: https://que.com/wp-content/plugins/jetpack/_inc/build/sharedaddy/sharing.min.js?ver=10.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
78c192bad85b9e8197b45e1b756effb0d845f6f5fc51de824334fd7f180b67b0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
www-authenticate
OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev
1004352570
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
183
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
uu5feJyT5uF4KNzavRmAqNlBd0Sadg9rHj3pIHQeqYPi77CkoZdU0/QbsDjYt2srsQ+obu49urG4uJ4XtPCrDQ==
x-fb-trace-id
FMHr8sCxRFq
date
Fri, 03 Sep 2021 13:19:08 GMT
vary
Origin, Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
ANfXHBmQlH2Ym0m4dU7pt73
cache-control
no-store
facebook-api-version
v4.0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
g.gif
pixel.wp.com/ 		50 B
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=pinterest&r=0.11183360685897403
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
g.gif
pixel.wp.com/ 		50 B
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.8257933874373655
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
g.gif
pixel.wp.com/ 		50 B
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=pinterest&r=0.157939780344865
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
g.gif
pixel.wp.com/ 		50 B
74 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.9411436374779807
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:07 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
ads
googleads.g.doubleclick.net/pagead/ Frame 9928 		436 B
234 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=280&slotname=6782976732&adk=1920496107&adf=47597618&pi=t.ma~as.6782976732&w=770&fwrn=4&fwrnh=100&lmt=1630675148&rafmt=1&tp=site_kit&psa=0&format=770x280&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147512&bpp=1&bdt=843&idt=479&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C770x280%2C770x193&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=H1Ia6MJ5X6&p=https%3A//que.com&dtd=499
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
104bdb75a0ba8ec197173d3d5c80abffd30f54a46f9d5876228478b0be861870
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-5903031199985375&output=html&h=280&slotname=6782976732&adk=1920496107&adf=47597618&pi=t.ma~as.6782976732&w=770&fwrn=4&fwrnh=100&lmt=1630675148&rafmt=1&tp=site_kit&psa=0&format=770x280&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147512&bpp=1&bdt=843&idt=479&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C770x280%2C770x193&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3608&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=H1Ia6MJ5X6&p=https%3A//que.com&dtd=499
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://que.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 03 Sep 2021 13:19:08 GMT
server
cafe
content-length
210
x-xss-protection
0
set-cookie
IDE=AHWqTUnGKp0xLukI-2DZynELsKa1HgztcryU6FJ6sJsvrP4wqP1ClokY1MgrFTH63dk; expires=Wed, 28-Sep-2022 13:19:08 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Fri, 03 Sep 2021 13:19:08 GMT
cache-control
private
loadingAnimation.gif
que.com/wp-includes/js/thickbox/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://que.com/wp-includes/js/thickbox/loadingAnimation.gif
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
6a486bb6036ea984d293ab009566e99e522abc19f8833c5fd49630be7eba0135
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-includes/js/thickbox/loadingAnimation.gif
pragma
no-cache
cookie
tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:08 GMT
x-ac
2.hhn _atomic_ams
last-modified
Mon, 05 Nov 2012 21:00:15 GMT
server
nginx
etag
"509828df-3b86"
strict-transport-security
max-age=31536000
content-type
image/gif
cache-control
max-age=604800
accept-ranges
bytes
content-length
15238
expires
Fri, 10 Sep 2021 13:19:08 GMT
count.json
cdn.api.twitter.com/1/urls/ 		0
0
fql
graph.facebook.com/ 		238 B
224 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/fql?q=SELECT%20url,%20normalized_url,%20share_count,%20like_count,%20comment_count,%20total_count,commentsbox_count,%20comments_fbid,%20click_count%20FROM%20link_stat%20WHERE%20url=%27https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F%27&callback=jQuery3600260712035568438_1630675147230&_=1630675147231
Requested by
Host: que.com
URL: https://que.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
62049671047e094d444463513e23061dd4db3d575d693bf64b54c098accaea95
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
www-authenticate
OAuth "Facebook Platform" "invalid_request" "(#12) fql is deprecated for versions v2.1 and higher"
x-fb-rev
1004352570
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
188
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
br1jxPDmACKPn1p94VycqhrjUlm3a/dkVk2tS25YNi3HSJ6gg/7NyYm3X0XOYynuLDMIgBbatBQrqpbHnMqlhg==
x-fb-trace-id
GDHC1A7K0Ig
date
Fri, 03 Sep 2021 13:19:08 GMT
vary
Origin, Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
AOA-8wogj_cAIfkbPHGV97E
cache-control
no-store
facebook-api-version
v4.0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
sharrre.php
que.com/wp-content/themes/colormag-pro/js/sharrre/ 		100 B
133 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-content/themes/colormag-pro/js/sharrre/sharrre.php?url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&type=googlePlus
Requested by
Host: que.com
URL: https://que.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
90e64da6d9c0c73b3909574d7b31a58db5fa973d1afb70cc5eff5d45064d6d70
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
x-requested-with
XMLHttpRequest
sec-fetch-dest
empty
cookie
tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
:path
/wp-content/themes/colormag-pro/js/sharrre/sharrre.php?url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&type=googlePlus
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
cache-control
no-cache
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
server
nginx
date
Fri, 03 Sep 2021 13:19:08 GMT
vary
Accept-Encoding
content-type
application/json
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
count.json
api.pinterest.com/v1/urls/ 		0
0
/
que.com/ 		210 B
302 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://que.com/?wc-ajax=get_refreshed_fragments
Requested by
Host: que.com
URL: https://que.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
3e799d21e1116a135fcd10c071506f34b99cf79d93b5548199e1376f88b62434
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-fetch-mode
cors
origin
https://que.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
x-requested-with
XMLHttpRequest
cookie
tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
content-length
18
:path
/?wc-ajax=get_refreshed_fragments
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/x-www-form-urlencoded; charset=UTF-8
accept
*/*
cache-control
no-cache
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
POST
Accept
*/*
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
x-content-type-options
nosniff
host-header
WordPress.com
x-ac
2.hhn _atomic_ams
server
nginx
date
Fri, 03 Sep 2021 13:19:09 GMT
vary
Accept-Encoding Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://que.com
cache-control
no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
set-cookie
pmpro_visit=1; path=/; secure; HttpOnly
x-robots-tag
noindex
expires
Wed, 11 Jan 1984 05:00:00 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=que.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
165 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=que.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 5618 		436 B
232 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=462&slotname=2314861051&adk=792444155&adf=3489136023&pi=t.ma~as.2314861051&w=770&cr_col=4&cr_row=2&fwrn=2&lmt=1630675148&rafmt=9&tp=site_kit&psa=0&format=770x462&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147513&bpp=1&bdt=845&idt=730&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48139ec31078793f-22d3ee896fca0009%3AT%3D1630675147%3ART%3D1630675147%3AS%3DALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA&prev_fmts=0x0%2C770x280%2C770x193%2C770x280&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3888&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=XKyjW5YCre&p=https%3A//que.com&dtd=752
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f147fb837ba5b70469427f1c9a31192ffa6a618884096daaa5ac5ebaf13d6e6d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-5903031199985375&output=html&h=462&slotname=2314861051&adk=792444155&adf=3489136023&pi=t.ma~as.2314861051&w=770&cr_col=4&cr_row=2&fwrn=2&lmt=1630675148&rafmt=9&tp=site_kit&psa=0&format=770x462&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&crui=image_stacked&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147513&bpp=1&bdt=845&idt=730&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48139ec31078793f-22d3ee896fca0009%3AT%3D1630675147%3ART%3D1630675147%3AS%3DALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA&prev_fmts=0x0%2C770x280%2C770x193%2C770x280&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3888&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=XKyjW5YCre&p=https%3A//que.com&dtd=752
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnGKp0xLukI-2DZynELsKa1HgztcryU6FJ6sJsvrP4wqP1ClokY1MgrFTH63dk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://que.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 03 Sep 2021 13:19:08 GMT
server
cafe
content-length
212
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ads
googleads.g.doubleclick.net/pagead/ Frame 457A 		436 B
230 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=250&slotname=6782976732&adk=3608597977&adf=678854797&pi=t.ma~as.6782976732&w=310&fwrn=4&fwrnh=100&lmt=1630675148&rafmt=1&tp=site_kit&psa=0&format=310x250&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147577&bpp=2&bdt=909&idt=749&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48139ec31078793f-22d3ee896fca0009%3AT%3D1630675147%3ART%3D1630675147%3AS%3DALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA&prev_fmts=0x0%2C770x280%2C770x193%2C770x280%2C770x462&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1060&ady=394&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=yMShW2Gfsg&p=https%3A//que.com&dtd=756
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d6d7a468f0a0c907f8cfe5ea9b96d10de23b5b976f0bac3ba7f26bb0c6e7c7fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-5903031199985375&output=html&h=250&slotname=6782976732&adk=3608597977&adf=678854797&pi=t.ma~as.6782976732&w=310&fwrn=4&fwrnh=100&lmt=1630675148&rafmt=1&tp=site_kit&psa=0&format=310x250&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147577&bpp=2&bdt=909&idt=749&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48139ec31078793f-22d3ee896fca0009%3AT%3D1630675147%3ART%3D1630675147%3AS%3DALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA&prev_fmts=0x0%2C770x280%2C770x193%2C770x280%2C770x462&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1060&ady=394&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=6&uci=a!6&fsb=1&xpc=yMShW2Gfsg&p=https%3A//que.com&dtd=756
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnGKp0xLukI-2DZynELsKa1HgztcryU6FJ6sJsvrP4wqP1ClokY1MgrFTH63dk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://que.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 03 Sep 2021 13:19:08 GMT
server
cafe
content-length
210
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sdk.js
connect.facebook.net/en_US/ 		222 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=602ad5f4ad880fa0500dca1863257a7f
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c83a464fff3955f4a932a32b989800d11ad39dbcbc393ed44e36dcd1d02f28a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
https://que.com
Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
+d8/y8t2vVb92MpKnz+INQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
66824
x-fb-rlafr
0
x-fb-debug
tJHDWR5F5/IrXCm6zQtTphTU6apEhgTePPe2XltrGbI0Joz7Fm3GAddn9UTwdtoU0cuAStDypG9COA4/GK/crw==
x-fb-content-md5
290361115fe5850c7d8a97cec0fac2af
x-frame-options
DENY
date
Fri, 03 Sep 2021 13:19:08 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"0d2204b43e94f8461b87988d4e5aa596"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 03 Sep 2022 12:13:53 GMT
/
s0.wp.com/_static/ Frame 7537 		132 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/_static/??-eJyFzUEKwkAMheELmQ4qtboQz9LWWGaYJGOSQXt7KyjUlau3+D944VFgFHZkD8lCEXNCs37CJtkm/FaSIWaEaqgLYIfIN/m6yGOuV7Q3TPeKOn+moch/EVCctHdc49WzZoei8pyXdqHz9rDrTse2a/fpBYU+RvU=
Requested by
Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=84971211&postid=45997&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=10.0&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=c04552460d0de64d78f505d81de018b8adbfbc9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
ecf823321109fb0bf97f9b7b4e1d66f0c4fee6b5d20a687fcaeefc632d17f19a

Request headers

Origin
https://jetpack.wordpress.com
Referer
https://jetpack.wordpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
last-modified
Tue, 03 Aug 2021 10:15:58 GMT
server
nginx
etag
W/"6109175e-20f24"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
x-ac
2.hhn _dfw
timing-allow-origin
*
expires
Wed, 03 Aug 2022 10:16:02 GMT
style.css
s0.wp.com/wp-content/mu-plugins/highlander-comments/ Frame 7537 		19 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1625210320h&cssminify=yes
Requested by
Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=84971211&postid=45997&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=10.0&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=c04552460d0de64d78f505d81de018b8adbfbc9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
1ef35bac8e76dbadf7b3ee28711d4d644813c1448585db926f4af66ad2ff1db8

Request headers

Referer
https://jetpack.wordpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
server
nginx
etag
W/"60debdf3-5e4c"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
x-ac
2.hhn _dca
timing-allow-origin
*
expires
Sat, 02 Jul 2022 07:19:19 GMT
ad516503a11cd5ca435acc9bb6523536
1.gravatar.com/avatar/ Frame 7537 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G
Requested by
Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=84971211&postid=45997&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=10.0&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=c04552460d0de64d78f505d81de018b8adbfbc9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
cb3e87ff58a5e66937ffb6013c8265ed549658a4ff59c1f8d8ae193f488390a5

Request headers

Referer
https://jetpack.wordpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 03 Sep 2021 13:19:08 GMT
last-modified
Sat, 01 Mar 2008 02:44:06 GMT
server
nginx
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=25&d=identicon&forcedefault=y&r=G>; rel="canonical"
content-length
1792
expires
Fri, 03 Sep 2021 13:24:08 GMT
gprofiles.js
0.gravatar.com/js/ Frame 7537 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://0.gravatar.com/js/gprofiles.js?ver=202135y
Requested by
Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=84971211&postid=45997&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=10.0&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=c04552460d0de64d78f505d81de018b8adbfbc9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
3742b8f2006b7a23df3252c615bb113e94f77729ac9cc4b021e35517285cf0c2

Request headers

Referer
https://jetpack.wordpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
last-modified
Thu, 02 Apr 2020 15:50:36 GMT
server
nginx
etag
W/"5e8609cc-5dea"
content-type
application/javascript
cache-control
max-age=604800
expires
Fri, 10 Sep 2021 13:19:08 GMT
wpgroho.js
s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/ Frame 7537 		868 B
506 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240h
Requested by
Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=84971211&postid=45997&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=10.0&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=c04552460d0de64d78f505d81de018b8adbfbc9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
9a90398fe43db7f3effe146858ff7f8c16d1402a2d28090223edd0c50da27087

Request headers

Origin
https://jetpack.wordpress.com
Referer
https://jetpack.wordpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
server
nginx
etag
W/"5ffc31a9-465"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
x-ac
2.hhn _dfw
timing-allow-origin
*
expires
Tue, 11 Jan 2022 11:08:28 GMT
/
s0.wp.com/_static/ Frame 7537 		43 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/_static/??/wp-content/js/jquery/jquery.autoresize.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1626677336j
Requested by
Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=84971211&postid=45997&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=10.0&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=c04552460d0de64d78f505d81de018b8adbfbc9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
21b2ffaf359ba0c60a9d44b976876f15120897b65191591e6462442b71b7d4c8

Request headers

Origin
https://jetpack.wordpress.com
Referer
https://jetpack.wordpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
last-modified
Mon, 19 Jul 2021 06:49:10 GMT
server
nginx
etag
W/"60f52066-aa1a"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
x-ac
2.hhn _dfw
timing-allow-origin
*
expires
Tue, 19 Jul 2022 06:49:15 GMT
/
s0.wp.com/_static/ Frame 7537 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/_static/??-eJx9jjEOwjAMRS9EYqC0EgPiKChtDDiN0xInVHB6PMDC0Mm29N73h2U2w5QKpgJBIDwq5td3WEpPwsUG2cAaFrDMbhhNRqE3/uNczRzrjZJApBEFVKp4d8lHzCuw80zJ9C4DOymYdTMl6x/5SZSGWL0maiM9kXv0VqW10JGEsZjGbuGiPlynzMqf+bTr9t1h37THNnwA7Vtl7A==
Requested by
Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=84971211&postid=45997&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=10.0&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=c04552460d0de64d78f505d81de018b8adbfbc9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
0b74a2ebfd81bbb1cde74d0075f2bf7d7190f2033ea1b0d30ab7617ff346eead

Request headers

Origin
https://jetpack.wordpress.com
Referer
https://jetpack.wordpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
last-modified
Fri, 16 Jul 2021 08:24:57 GMT
server
nginx
etag
W/"60f14259-79eb"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
x-ac
2.hhn _dfw
timing-allow-origin
*
expires
Sat, 16 Jul 2022 08:25:02 GMT
wp-emoji-release.min.js
s0.wp.com/wp-includes/js/ Frame 7537 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1625065786h&ver=5.8.1-alpha-51081
Requested by
Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=84971211&postid=45997&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=10.0&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=c04552460d0de64d78f505d81de018b8adbfbc9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Referer
https://jetpack.wordpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
server
nginx
etag
W/"60dc8943-4705"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
x-ac
2.hhn _dca
timing-allow-origin
*
expires
Fri, 02 Sep 2022 08:37:59 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 0246 		436 B
230 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=250&slotname=6782976732&adk=1334510058&adf=1538581077&pi=t.ma~as.6782976732&w=310&fwrn=4&fwrnh=100&lmt=1630675148&rafmt=1&tp=site_kit&psa=0&format=310x250&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147641&bpp=1&bdt=973&idt=724&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48139ec31078793f-22d3ee896fca0009%3AT%3D1630675147%3ART%3D1630675147%3AS%3DALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA&prev_fmts=0x0%2C770x280%2C770x193%2C770x280%2C770x462%2C310x250&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1060&ady=1562&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=WMe3hBf9DW&p=https%3A//que.com&dtd=734
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4ab971c6f0d9377d56fb3c47fbd3509bca32c2a6edf96a7f1a8f8a3701244c3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-5903031199985375&output=html&h=250&slotname=6782976732&adk=1334510058&adf=1538581077&pi=t.ma~as.6782976732&w=310&fwrn=4&fwrnh=100&lmt=1630675148&rafmt=1&tp=site_kit&psa=0&format=310x250&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147641&bpp=1&bdt=973&idt=724&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48139ec31078793f-22d3ee896fca0009%3AT%3D1630675147%3ART%3D1630675147%3AS%3DALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA&prev_fmts=0x0%2C770x280%2C770x193%2C770x280%2C770x462%2C310x250&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1060&ady=1562&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=7&uci=a!7&btvi=4&fsb=1&xpc=WMe3hBf9DW&p=https%3A//que.com&dtd=734
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnGKp0xLukI-2DZynELsKa1HgztcryU6FJ6sJsvrP4wqP1ClokY1MgrFTH63dk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://que.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 03 Sep 2021 13:19:08 GMT
server
cafe
content-length
210
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_204
pagead2.googlesyndication.com/pagead/ 		0
121 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=0&wpc=ca-pub-5903031199985375&warn=12%2C13&w=1600&h=1200&eatf=false&reatf=true&a=6%2C1%2C5%2C7&apv=20210830_113420&sat=1630488877876&afm=0&as_count=7&d_count=0&ng_count=0&am_count=0&atf_count=2&mdns=0.306&alldns=0.306&allp=76&pgh=6518&su=que.com&pvc=3976666234224027&r=0.1
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Sep 2021 13:19:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
56 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=resize&scrl=0&adk=1920496107&adf=2181533201&fmt=770x280&str=false&ad_y=1037.8125&vph=1200&r_nh=0&r_ifr=true&qid=COL-tafy4vICFcfmmgod_NYBQA&w=770&h=280&err=1&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Sep 2021 13:19:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
56 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=resize&scrl=0&adk=1926075097&adf=3150342478&fmt=770x193&str=true&ad_y=1388.8125&vph=1200&r_nh=0&r_ifr=true&qid=CL7iv6fy4vICFQeWmgodXFoFrA&w=770&h=193&nh=0&rsz=%7C%7CeE%7C&abl=CS&frsz=false&err=0&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Sep 2021 13:19:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
56 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=resize&scrl=0&adk=1920496107&adf=47597618&fmt=770x280&str=true&ad_y=3414.375&vph=1200&r_nh=0&r_ifr=true&qid=CK-ixqfy4vICFZrumgodIaABhQ&w=770&h=280&nh=0&rsz=%7C%7CeE%7C&abl=CS&frsz=false&err=0&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Sep 2021 13:19:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
public-api.wordpress.com/connect/ Frame 7A82 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fjetpack.wordpress.com&color_scheme=light
Requested by
Host: jetpack.wordpress.com
URL: https://jetpack.wordpress.com/jetpack-comment/?blogid=84971211&postid=45997&comment_registration=0&require_name_email=1&stc_enabled=1&stb_enabled=1&show_avatars=1&avatar_default=identicon&greeting=Leave+a+Reply&greeting_reply=Leave+a+Reply+to+%25s&color_scheme=light&lang=en_US&jetpack_version=10.0&show_cookie_consent=10&has_cookie_consent=0&token_key=%3Bnormal%3B&sig=c04552460d0de64d78f505d81de018b8adbfbc9d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.23 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
6574c03ef34c869d4a560674a171cfdeceb77589d59b7d073a95eebdb733a827
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

:method
GET
:authority
public-api.wordpress.com
:scheme
https
:path
/connect/?googleplus-sign-in=https%3A%2F%2Fjetpack.wordpress.com&color_scheme=light
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://jetpack.wordpress.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://jetpack.wordpress.com/

Response headers

server
nginx
date
Fri, 03 Sep 2021 13:19:08 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
host-header
WordPress.com
content-encoding
gzip
x-ac
1.hhn _dfw
strict-transport-security
max-age=15552000
5924e93f25332-bpfull.jpg
que.com/wp-content/uploads/avatars/6/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://que.com/wp-content/uploads/avatars/6/5924e93f25332-bpfull.jpg
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
c7a1560b5da6cb80466e23f2f9bbb75b17a1f3a77c3bfa3c424915bad08f47f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-content/uploads/avatars/6/5924e93f25332-bpfull.jpg
pragma
no-cache
cookie
tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22; __gads=ID=48139ec31078793f-22d3ee896fca0009:T=1630675147:RT=1630675147:S=ALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:08 GMT
x-ac
2.hhn _atomic_ams
last-modified
Wed, 24 May 2017 02:00:31 GMT
server
nginx
etag
"5924e93f-5932"
strict-transport-security
max-age=31536000
access-control-allow-methods
GET, HEAD
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-length
22834
expires
Fri, 10 Sep 2021 13:19:08 GMT
/
www.facebook.com/login/ Frame 826A
Redirect Chain
  • https://www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2137816167ff6c%26domain%3Dque.com...
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbit...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df2137816167ff6c%2526domain%253Dque.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fque.com%25252Ff160c20c0c89008%2526relation%253Dparent.parent%26container_width%3D450%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fdomainnetwork%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D500
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=602ad5f4ad880fa0500dca1863257a7f
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df2137816167ff6c%2526domain%253Dque.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fque.com%25252Ff160c20c0c89008%2526relation%253Dparent.parent%26container_width%3D450%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fdomainnetwork%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D500
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
about:blank

Response headers

vary
Accept-Encoding
content-encoding
br
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-rlafr
0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;frame-src *.facebook.com *.fbsbx.com;worker-src blob:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy
default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
NmNLCrOFsVXNe+hDjt/jDngyxMTKTsHJACavsT6OTcXTlHZL8InzwdTxeOXyFKIs7zDSEb6+1YYOPSruvW3ifA==
date
Fri, 03 Sep 2021 13:19:08 GMT
priority
u=3,i
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

Redirect headers

location
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df2137816167ff6c%2526domain%253Dque.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fque.com%25252Ff160c20c0c89008%2526relation%253Dparent.parent%26container_width%3D450%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fdomainnetwork%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D500
x-fb-rlafr
0
cross-origin-opener-policy
unsafe-none
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com;worker-src blob:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version
v4.0
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
rhMoBuNA9R+qtSFGQdAR1TkgVYcfPPVsbE2XgyCFN7iO6HhuRYV1TnJnMQ4PZ0QwnCKWDVu5OVli6Z3rinbXcw==
content-length
0
date
Fri, 03 Sep 2021 13:19:08 GMT
priority
u=3,i
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=que.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=que.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 43E3 		436 B
232 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5903031199985375&output=html&h=280&slotname=6782976732&adk=2290629976&adf=151267453&pi=t.ma~as.6782976732&w=1140&fwrn=4&fwrnh=100&lmt=1630675148&rafmt=1&tp=site_kit&psa=0&format=1140x280&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147655&bpp=13&bdt=986&idt=770&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48139ec31078793f-22d3ee896fca0009%3AT%3D1630675147%3ART%3D1630675147%3AS%3DALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA&prev_fmts=0x0%2C770x280%2C770x193%2C770x280%2C770x462%2C310x250%2C310x250&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4727&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=5&fsb=1&xpc=cswY1ARqJx&p=https%3A//que.com&dtd=926
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
df6c515b5a0b7ca3891f9960946a77aea2ec70b61011e1ee0483a422eb606ced
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-5903031199985375&output=html&h=280&slotname=6782976732&adk=2290629976&adf=151267453&pi=t.ma~as.6782976732&w=1140&fwrn=4&fwrnh=100&lmt=1630675148&rafmt=1&tp=site_kit&psa=0&format=1140x280&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630675147655&bpp=13&bdt=986&idt=770&shv=r20210831&mjsv=m202109010101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48139ec31078793f-22d3ee896fca0009%3AT%3D1630675147%3ART%3D1630675147%3AS%3DALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA&prev_fmts=0x0%2C770x280%2C770x193%2C770x280%2C770x462%2C310x250%2C310x250&nras=1&correlator=4289306766509&frm=20&pv=1&ga_vid=1516228019.1630675147&ga_sid=1630675147&ga_hid=1707646382&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=230&ady=4727&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062369%2C31062422%2C31062297&oid=3&pvsid=3976666234224027&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=8&uci=a!8&btvi=5&fsb=1&xpc=cswY1ARqJx&p=https%3A//que.com&dtd=926
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnGKp0xLukI-2DZynELsKa1HgztcryU6FJ6sJsvrP4wqP1ClokY1MgrFTH63dk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://que.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 03 Sep 2021 13:19:08 GMT
server
cafe
content-length
212
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
button-back.gif
s0.wp.com/wp-content/mu-plugins/highlander-comments/images/ Frame 7537 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.wp.com/wp-content/mu-plugins/highlander-comments/images/button-back.gif
Requested by
Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1625210320h&cssminify=yes
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35

Request headers

Referer
https://s0.wp.com/wp-content/mu-plugins/highlander-comments/style.css?m=1625210320h&cssminify=yes
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Fri, 03 Sep 2021 13:19:08 GMT
x-ac
2.hhn _dca
last-modified
Tue, 04 Dec 2018 12:10:15 GMT
server
nginx
etag
"5c066ea7-4d0"
access-control-allow-methods
GET, HEAD
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
1232
expires
Fri, 05 Nov 2021 08:08:06 GMT
hovercard.min.css
0.gravatar.com/dist/css/ Frame 7537 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://0.gravatar.com/dist/css/hovercard.min.css?ver=202135y
Requested by
Host: 0.gravatar.com
URL: https://0.gravatar.com/js/gprofiles.js?ver=202135y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d

Request headers

Referer
https://jetpack.wordpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
last-modified
Wed, 11 Nov 2020 15:57:10 GMT
server
nginx
etag
W/"5fac09d6-1e86"
content-type
text/css
cache-control
max-age=604800
expires
Fri, 10 Sep 2021 13:19:08 GMT
services.min.css
0.gravatar.com/dist/css/ Frame 7537 		3 KB
550 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://0.gravatar.com/dist/css/services.min.css?ver=202135y
Requested by
Host: 0.gravatar.com
URL: https://0.gravatar.com/js/gprofiles.js?ver=202135y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86

Request headers

Referer
https://jetpack.wordpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
last-modified
Thu, 22 Mar 2018 09:46:04 GMT
server
nginx
etag
W/"5ab37b5c-a54"
content-type
text/css
cache-control
max-age=604800
expires
Fri, 10 Sep 2021 13:19:08 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=resize&scrl=0&adk=792444155&adf=3489136023&fmt=770x462&str=true&ad_y=3414.375&vph=1200&r_nh=0&r_ifr=true&qid=COiM1qfy4vICFQ7zmgodVCMApw&w=770&h=462&nh=0&rsz=%7C%7CeE%7C&abl=CS&frsz=false&err=0&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Sep 2021 13:19:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=resize&scrl=0&adk=3608597977&adf=678854797&fmt=310x250&str=false&ad_y=393.8125&vph=1200&r_nh=0&r_ifr=true&qid=CNSa2qfy4vICFRSfmwodje0B6w&w=310&h=250&err=1&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Sep 2021 13:19:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=resize&scrl=0&adk=1334510058&adf=1538581077&fmt=310x250&str=true&ad_y=1561.78125&vph=1200&r_nh=0&r_ifr=true&qid=CPm23Kfy4vICFRTTmgodtAsErQ&w=310&h=250&nh=0&rsz=%7C%7CeE%7C&abl=CS&frsz=false&err=0&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Sep 2021 13:19:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
googleplus-sign-in.js
s0.wp.com/wp-content/js/ Frame 7A82 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.wp.com/wp-content/js/googleplus-sign-in.js?m=1551752381h
Requested by
Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fjetpack.wordpress.com&color_scheme=light
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
83f49a60c7b81bab4b8b2ffd154c069fdde45e0ec303ce85ede59495844f919a

Request headers

Referer
https://public-api.wordpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Fri, 03 Sep 2021 13:19:08 GMT
content-encoding
gzip
server
nginx
etag
W/"5c7ddce7-4290"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
x-ac
2.hhn _dca
timing-allow-origin
*
expires
Fri, 05 Nov 2021 08:08:07 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=resize&scrl=0&adk=2290629976&adf=151267453&fmt=1140x280&str=true&ad_y=3893.375&vph=1200&r_nh=0&r_ifr=true&qid=CI206afy4vICFYy0mgod6csLwQ&w=1140&h=280&nh=0&rsz=%7C%7CeE%7C&abl=CS&frsz=false&err=0&url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Sep 2021 13:19:08 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
5924e93f2b3cf-bpthumb.jpg
que.com/wp-content/uploads/avatars/6/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://que.com/wp-content/uploads/avatars/6/5924e93f2b3cf-bpthumb.jpg
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
98189f0de18716cc324baa1945bc45707742359f1006aa309d3d37fb7d69e410
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:path
/wp-content/uploads/avatars/6/5924e93f2b3cf-bpthumb.jpg
pragma
no-cache
cookie
tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22; __gads=ID=48139ec31078793f-22d3ee896fca0009:T=1630675147:RT=1630675147:S=ALNI_MauJhDB98NOV7KdmY-hJl5XlH6pzA
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
que.com
referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:08 GMT
x-ac
2.hhn _atomic_ams
last-modified
Wed, 24 May 2017 02:00:31 GMT
server
nginx
etag
"5924e93f-1076"
strict-transport-security
max-age=31536000
access-control-allow-methods
GET, HEAD
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
content-length
4214
expires
Fri, 10 Sep 2021 13:19:08 GMT
ransomware.jpg
i2.wp.com/que.com/wp-content/uploads/2016/05/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i2.wp.com/que.com/wp-content/uploads/2016/05/ransomware.jpg?fit=970%2C546&ssl=1&resize=350%2C200
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
77f4731aeebf949b3e939797d0b05e7e5c3709691e54794d164033a68e03a1a2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 03 Sep 2021 13:19:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 29 Aug 2021 06:31:43 GMT
server
nginx
etag
"60ad153be65dd797"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://que.com/wp-content/uploads/2016/05/ransomware.jpg>; rel="canonical"
content-length
15606
expires
Tue, 29 Aug 2023 18:31:43 GMT
QUE.com_.CyberSecurity.Hacker.CyberCrime2.Pixabay.jpg
i2.wp.com/que.com/wp-content/uploads/2017/05/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i2.wp.com/que.com/wp-content/uploads/2017/05/QUE.com_.CyberSecurity.Hacker.CyberCrime2.Pixabay.jpg?fit=960%2C427&ssl=1&resize=350%2C200
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
03e2b9ab03918a5c074f15d4b3892f4ca496a67c071c4c94e05e91a1580f848a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Fri, 03 Sep 2021 13:19:09 GMT
x-content-type-options
nosniff
last-modified
Wed, 01 Sep 2021 08:36:16 GMT
server
nginx
etag
"f3576987eaa99549"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://que.com/wp-content/uploads/2017/05/QUE.com_.CyberSecurity.Hacker.CyberCrime2.Pixabay.jpg>; rel="canonical"
content-length
14374
expires
Fri, 01 Sep 2023 20:36:16 GMT
pexels-photo-5240547.jpeg
i1.wp.com/que.com/wp-content/uploads/2021/08/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i1.wp.com/que.com/wp-content/uploads/2021/08/pexels-photo-5240547.jpeg?fit=1200%2C1200&ssl=1&resize=350%2C200
Requested by
Host: que.com
URL: https://que.com/synack-ransomware-decryptor-lets-victims-recover-files-for-free/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i2.wp.com
Software
nginx /
Resource Hash
043b3e904a388eadc6b249c459d89d7f508a8ef9d673dc4254ef9456058061d6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:09 GMT
x-content-type-options
nosniff
x-bytes-saved
152
content-length
5286
x-nc
MISS hhn 4
last-modified
Fri, 03 Sep 2021 13:19:09 GMT
server
nginx
etag
"9a69816af6fc7624"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://que.com/wp-content/uploads/2021/08/pexels-photo-5240547.jpeg>; rel="canonical"
expires
Mon, 04 Sep 2023 01:19:09 GMT
fa-solid-900.woff
que.com/wp-content/plugins/miniorange-login-openid/includes/webfonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-content/plugins/miniorange-login-openid/includes/webfonts/fa-solid-900.woff
Requested by
Host: que.com
URL: https://que.com/_static/??-eJytks1ORDEIhV9IpnEWoxvjo9x0WhxRWkhpb19/uP5sRk00Y8KGA+cLtEyFJLVj7UF5nKhaeMGuMb2GInkwWmjIsWMGFesX2S6Z3cyviEKVpMV6QmBxBUSxUg5UE4/sTPc5H57cB3GiScGdm67kLe/y8tazkFOum/Ao0q23qGCSKPL/wLZFQRuuhPMn4uUfpNhkGHKwSYoNjqNmxj+7PwrwKfwW0J+xIHQR3g7A1B+WVoSVMso3yoZ9LA+3h/39/s7jcAZfZuzD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-fetch-mode
cors
origin
https://que.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
pmpro_visit=1; mo_openid_signup_url=https%3A%2F%2Fque.com%2Fwp-content%2Fplugins%2Fminiorange-login-openid%2Fincludes%2Fwebfonts%2Ffa-solid-900.woff2
:path
/wp-content/plugins/miniorange-login-openid/includes/webfonts/fa-solid-900.woff
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
que.com
referer
https://que.com/_static/??-eJytks1ORDEIhV9IpnEWoxvjo9x0WhxRWkhpb19/uP5sRk00Y8KGA+cLtEyFJLVj7UF5nKhaeMGuMb2GInkwWmjIsWMGFesX2S6Z3cyviEKVpMV6QmBxBUSxUg5UE4/sTPc5H57cB3GiScGdm67kLe/y8tazkFOum/Ao0q23qGCSKPL/wLZFQRuuhPMn4uUfpNhkGHKwSYoNjqNmxj+7PwrwKfwW0J+xIHQR3g7A1B+WVoSVMso3yoZ9LA+3h/39/s7jcAZfZuzD
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://que.com
Referer
https://que.com/_static/??-eJytks1ORDEIhV9IpnEWoxvjo9x0WhxRWkhpb19/uP5sRk00Y8KGA+cLtEyFJLVj7UF5nKhaeMGuMb2GInkwWmjIsWMGFesX2S6Z3cyviEKVpMV6QmBxBUSxUg5UE4/sTPc5H57cB3GiScGdm67kLe/y8tazkFOum/Ao0q23qGCSKPL/wLZFQRuuhPMn4uUfpNhkGHKwSYoNjqNmxj+7PwrwKfwW0J+xIHQR3g7A1B+WVoSVMso3yoZ9LA+3h/39/s7jcAZfZuzD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
server
nginx
date
Fri, 03 Sep 2021 13:19:12 GMT
vary
Accept-Encoding Origin
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://que.com
set-cookie
mo_openid_signup_url=https%3A%2F%2Fque.com%2Fwp-content%2Fplugins%2Fminiorange-login-openid%2Fincludes%2Fwebfonts%2Ffa-solid-900.woff; expires=Sun, 03-Oct-2021 13:19:12 GMT; Max-Age=2592000; path=/
cache-control
no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
link
<https://que.com/wp-json/>; rel="https://api.w.org/"
expires
Wed, 11 Jan 1984 05:00:00 GMT
fa-solid-900.ttf
que.com/wp-content/plugins/miniorange-login-openid/includes/webfonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://que.com/wp-content/plugins/miniorange-login-openid/includes/webfonts/fa-solid-900.ttf
Requested by
Host: que.com
URL: https://que.com/_static/??-eJytks1ORDEIhV9IpnEWoxvjo9x0WhxRWkhpb19/uP5sRk00Y8KGA+cLtEyFJLVj7UF5nKhaeMGuMb2GInkwWmjIsWMGFesX2S6Z3cyviEKVpMV6QmBxBUSxUg5UE4/sTPc5H57cB3GiScGdm67kLe/y8tazkFOum/Ao0q23qGCSKPL/wLZFQRuuhPMn4uUfpNhkGHKwSYoNjqNmxj+7PwrwKfwW0J+xIHQR3g7A1B+WVoSVMso3yoZ9LA+3h/39/s7jcAZfZuzD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.250 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-fetch-mode
cors
origin
https://que.com
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
mo_openid_signup_url=https%3A%2F%2Fque.com%2Fwp-content%2Fplugins%2Fminiorange-login-openid%2Fincludes%2Fwebfonts%2Ffa-solid-900.woff
:path
/wp-content/plugins/miniorange-login-openid/includes/webfonts/fa-solid-900.ttf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
que.com
referer
https://que.com/_static/??-eJytks1ORDEIhV9IpnEWoxvjo9x0WhxRWkhpb19/uP5sRk00Y8KGA+cLtEyFJLVj7UF5nKhaeMGuMb2GInkwWmjIsWMGFesX2S6Z3cyviEKVpMV6QmBxBUSxUg5UE4/sTPc5H57cB3GiScGdm67kLe/y8tazkFOum/Ao0q23qGCSKPL/wLZFQRuuhPMn4uUfpNhkGHKwSYoNjqNmxj+7PwrwKfwW0J+xIHQR3g7A1B+WVoSVMso3yoZ9LA+3h/39/s7jcAZfZuzD
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://que.com
Referer
https://que.com/_static/??-eJytks1ORDEIhV9IpnEWoxvjo9x0WhxRWkhpb19/uP5sRk00Y8KGA+cLtEyFJLVj7UF5nKhaeMGuMb2GInkwWmjIsWMGFesX2S6Z3cyviEKVpMV6QmBxBUSxUg5UE4/sTPc5H57cB3GiScGdm67kLe/y8tazkFOum/Ao0q23qGCSKPL/wLZFQRuuhPMn4uUfpNhkGHKwSYoNjqNmxj+7PwrwKfwW0J+xIHQR3g7A1B+WVoSVMso3yoZ9LA+3h/39/s7jcAZfZuzD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-hacker
If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
strict-transport-security
max-age=31536000
content-encoding
br
server
nginx
date
Fri, 03 Sep 2021 13:19:15 GMT
vary
Accept-Encoding Origin
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://que.com
set-cookie
pmpro_visit=1; path=/; secure; HttpOnly mo_openid_signup_url=https%3A%2F%2Fque.com%2Fwp-content%2Fplugins%2Fminiorange-login-openid%2Fincludes%2Fwebfonts%2Ffa-solid-900.ttf; expires=Sun, 03-Oct-2021 13:19:14 GMT; Max-Age=2592000; path=/
cache-control
no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
x-ac
2.hhn _atomic_ams
host-header
WordPress.com
link
<https://que.com/wp-json/>; rel="https://api.w.org/"
expires
Wed, 11 Jan 1984 05:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210831&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06b93231a019697aef369d515bd757e0b0ab4738473ab780434f3b109fdcae55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 03 Sep 2021 13:19:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8501
x-xss-protection
0
/
www.facebook.com/login/ Frame 78D0
Redirect Chain
  • https://www.facebook.com/v2.3/plugins/page.php?app_id=249643311490&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df32f97bf62fad9c%26domain%3Dque.com...
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbit...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df32f97bf62fad9c%2526domain%253Dque.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fque.com%25252Ff160c20c0c89008%2526relation%253Dparent.parent%26container_width%3D0%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fdomainnetwork%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D500
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=602ad5f4ad880fa0500dca1863257a7f
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df32f97bf62fad9c%2526domain%253Dque.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fque.com%25252Ff160c20c0c89008%2526relation%253Dparent.parent%26container_width%3D0%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fdomainnetwork%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D500
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
about:blank

Response headers

vary
Accept-Encoding
content-encoding
br
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-rlafr
0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;frame-src *.facebook.com *.fbsbx.com;worker-src blob:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy
default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
QtLdBiR66bDfcTBcNkCbJFbloMHaxQn8nMkUhVNMgtaH4r2aogOXpmYFHpABOy8L+0RSeojRF5ooAJ9q+qyskw==
date
Fri, 03 Sep 2021 13:19:15 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i

Redirect headers

location
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fapp_id%3D249643311490%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df32f97bf62fad9c%2526domain%253Dque.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fque.com%25252Ff160c20c0c89008%2526relation%253Dparent.parent%26container_width%3D0%26height%3D432%26hide_cover%3Dfalse%26hide_cta%3Dfalse%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fdomainnetwork%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26tabs%3Dfalse%26width%3D500
x-fb-rlafr
0
cross-origin-opener-policy
unsafe-none
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com;worker-src blob:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version
v4.0
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
+5KniMgKJtvbf64Rd2A8/XaVPuzJW7qomOcalLUFGFmT4w2gr4MqyJSdnx4cm7azCnhjmjf5Bq+7OreO7ankjg==
content-length
0
date
Fri, 03 Sep 2021 13:19:15 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202109010101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5903031199985375&plah=que.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
expires
Fri, 03 Sep 2021 13:19:15 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame FC7E 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://que.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
5029
date
Fri, 03 Sep 2021 13:05:39 GMT
expires
Sat, 03 Sep 2022 13:05:39 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
816
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 37CD 		783 B
811 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
171e8fb926a4b313927a51397bab1ac63b9288b6e4520ae3a6c1bb042b24e95b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-gUgHHqebt+u3Btz4Zoh90g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://que.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://que.com/

Response headers

expires
Fri, 03 Sep 2021 13:19:15 GMT
date
Fri, 03 Sep 2021 13:19:15 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-gUgHHqebt+u3Btz4Zoh90g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
512
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js
pagead2.googlesyndication.com/bg/ Frame FC7E 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/4M_hU0z2aGWsE6Fh5g73T3aOvXi4a4lK__VWYOQ1wYI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 05:01:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
29870
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13264
x-xss-protection
0
last-modified
Mon, 30 Aug 2021 12:58:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 03 Sep 2022 05:01:25 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&t=2&li=gda_r20210831&jk=3976666234224027&bg=!_v2l_bnNAAYJpm41CaY7ACkAdvg8Wj_7Jx6OKlD0M5ZedlNsMGSBLYwgembyAbGsuuTbdjZqP1PqvQIAAACGUgAAAA1oAQcKAKbFhzmFFeYnPFIybO9MKmgC5Q9-7mud6jpY41trW9XTRkWE8YnFXK6AXy4UXsi_3RyMGfj-urGEqluXGZeTMOACNFrVbKSGVQaflOJSwsng6Omkq6Z2iqlaRBzVEAynwlr8e7VQii0UhfFW_j9eT_zBdL-z8GDtu_4N9HULOOrFyOAxFkOoXCg95xFVm-xCeVR4QowCpG94v2lNbE9cOx72S9EeGSdsmQJlXvzhvFFNLkOXe3sFIaq01D_whx8O0i62DDeJZ3rvXSSwggukIAKUgg_oDBjcVDGmCCTI-4yznt2M3afxRsMltVGyKWFAG3zv4MJjPlnUT7t9yI_XFpnZaXPDiq1whXnQct86R5nd2lXTeMAI-rJVLWMhzC6QauA1Zz_-3xK5_UMbfGIWyWoglFpQQGuJ8Jz-Ch81BaS7ptsT2RZSgPF0qzbuj8SUB2O_CenKcCMK2YwPqj0_BH7PrkXhEep0j9X-Qc-9OUndoUpSyVywA3RnU-4zFyZWjfOBmmDZ_8fjqitU0fe799Webqz0T1a1tAvQ2JzyOS_9MM0WHG0obnYW_G-y8Xiqt0ETuocIe7tfqXL-wHGmRHMFf1EccDssG4FztQwFiS4pcqBjpJ3QxcfLsvQprmVMRYzc-9lPVNgGP7UpMlUA_4N6nizLYgGpiQCgjjpjKnb8EGXWa2ZpMwI1WEcaLNF8_yCIuxZyw5lu4uNbgmcNX34khiIwri-s-x2GkQXYdYfdJCWcM3aH3zOKVi_ZBWNvS9MkBtOzpCqoLKhFb1BI4SW93DQwROK6H0iQbE3qiM5wMlFZ-v9qTtwwR5dmqTunzUIcBNofEN4YHNjpTTGLV6nQVQVASEZ7wszUncpOVA9Fe3spqIv4o3hoOQiUrfhMPljH3woZxZErZWpQ_jErUDsHWIeqUPflT6XZ6CtWWmJqqkh_qIq_wQW9qF9MmT7X2_ouO3TpUxA7bkVT_VJrTQv_uhtY3mc0GcCIxSHIyiu943aZbpXzuZ5S94Jz843l-lfj96jtHL--S6C634H7hg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers
boom.gif
pixel.wp.com/ 		0
36 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.007&largest_contentful_paint=3263&provider=wordpress.com&service=atomic&effective_connection_type=4g&host_name=que.com&url_path=%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&nt_fetchStart=1&nt_domainLookupStart=6&nt_domainLookupEnd=19&nt_connectStart=19&nt_connectEnd=39&nt_secureConnectionStart=25&nt_requestStart=39&nt_responseStart=2289&nt_responseEnd=2331&nt_domLoading=2294&nt_domInteractive=3572&nt_domContentLoadedEventStart=3577&nt_domContentLoadedEventEnd=3603&nt_domComplete=10648&nt_loadEventStart=10648&nt_loadEventEnd=10720&nt_redirectCount=0&nt_api_level=2&start_render=2990&first_contentful_paint=2990&resource_size=3136663&resource_transferred=910370&js_size=1479467&js_transferred=433727&resource_cache_percent=0&js_cache_percent=0&last_resource_end=11150
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://que.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 03 Sep 2021 13:19:17 GMT
cache-control
no-cache
server
nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn.api.twitter.com
URL
http://cdn.api.twitter.com/1/urls/count.json?url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&callback=jQuery3600260712035568438_1630675147228&_=1630675147229
Domain
api.pinterest.com
URL
http://api.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fque.com%2Fsynack-ransomware-decryptor-lets-victims-recover-files-for-free%2F&callback=jQuery3600260712035568438_1630675147232&_=1630675147233

Verdicts & Comments Add Verdict or Comment

338 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| _wca object| _wpemojiSettings function| $ function| jQuery object| thickboxL10n string| tb_pathToImage function| tb_init function| tb_click function| tb_show function| tb_showIframe function| tb_remove function| tb_position function| tb_parseQuery function| tb_getPageSize function| tb_detectMacXFF function| _ object| BP_Confirm object| BP_DTheme function| selectBillingModel boolean| MXI_DEBUG function| member_widget_click_handler function| member_widget_response function| bp_get_querystring function| jq object| bp_ajax_request string| newest_activities number| activity_last_recorded object| directoryPreferences function| bp_get_directory_preference function| bp_set_directory_preference function| bp_init_activity function| bp_init_objects function| bp_filter_request function| bp_activity_request function| bp_legacy_theme_hide_comments function| checkAll function| clear function| bp_get_cookies function| bp_get_query_var object| wp function| send_to_editor object| Chartist object| moxie object| mOxie object| o object| plupload object| colormag_script_vars object| html5 string| ajaxurl object| adsbygoogle object| _gaq object| _gat object| gaGlobal object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue object| google_sl_win function| google_process_slots object| google_persistent_state_async function| google_spfd number| google_unique_id object| google_sv_map object| google_image_requests number| google_lpabyc function| mo_openid_on_consent_change object| perfEntries function| HandlePopupResult function| moOpenIdLogin string| google_user_agent_client_hint object| twemoji function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| __google_ad_urls number| google_global_correlator number| __google_ad_urls_id object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken object| google_prev_clients object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired object| WPCOM_sharing_counts object| Backbone string| bp_template_pack object| RTMedia_Main_JS string| rtmedia_ajax_url string| rtmedia_media_slug string| rtmedia_lightbox_enabled string| rtmedia_direct_upload_enabled string| rtmedia_gallery_reload_on_upload string| rtmedia_empty_activity_msg string| rtmedia_empty_comment_msg string| rtmedia_media_delete_confirmation string| rtmedia_media_comment_delete_confirmation string| rtmedia_album_delete_confirmation string| rtmedia_drop_media_msg string| rtmedia_album_created_msg string| rtmedia_something_wrong_msg string| rtmedia_empty_album_name_msg string| rtmedia_max_file_msg string| rtmedia_allowed_file_formats string| rtmedia_select_all_visible string| rtmedia_unselect_all_visible string| rtmedia_no_media_selected string| rtmedia_selected_media_delete_confirmation string| rtmedia_selected_media_move_confirmation string| rtmedia_waiting_msg string| rtmedia_uploaded_msg string| rtmedia_uploading_msg string| rtmedia_upload_failed_msg string| rtmedia_close string| rtmedia_edit string| rtmedia_delete string| rtmedia_edit_media string| rtmedia_remove_from_queue string| rtmedia_add_more_files_msg string| rtmedia_file_extension_error_msg string| rtmedia_more string| rtmedia_less string| rtmedia_read_more string| rtmedia__show_less string| rtmedia_activity_text_with_attachment string| rtmedia_delete_uploaded_media string| rtm_wp_version object| rtmedia_main_js_strings string| rtmedia_masonry_layout string| rtmedia_masonry_layout_activity object| rtmedia_media_size_config string| rtmedia_disable_media_in_commented_media string| rtmedia_disable_media_in_commented_media_text string| template_url object| rtMedia_plupload_config string| rMedia_loading_media object| rtmedia_media_thumbs string| rtmedia_set_featured_image_msg string| rtmedia_unset_featured_image_msg object| rtmedia_edit_media_info_upload string| rtmedia_no_media_found object| rtmedia_backbone_strings string| rtmedia_load_more_or_pagination string| rtmedia_bp_enable_activity string| rtmedia_upload_progress_error_message string| rtmedia_media_disabled_error_message object| rtmedia_exteansions object| rtMedia_update_plupload_comment string| rMedia_loading_file object| wc_add_to_cart_params object| woocommerce_params object| rtMagnificPopup object| rtm_masonry_container boolean| comment_media function| apply_rtMagnificPopup object| rtMediaHook function| rtmedia_init_action_dropdown function| bp_media_create_element function| rtmedia_version_compare function| rtm_is_element_exist function| rtm_masonry_reload function| rtm_search_media_text_validation function| rtmediaGetParameterByName function| rtmedia_single_media_alert_message function| rtmedia_gallery_action_alert_message function| rtmedia_activity_masonry function| get_parameter function| rtm_upload_terms_activity object| galleryObj number| nextpage boolean| upload_sync number| activity_id undefined| uploaderObj undefined| objUploadView boolean| rtmedia_load_template_flag boolean| rtmedia_add_media_button_post_update function| rtmedia_selected_file_list function| change_rtBrowserAddressUrl function| getQueryStringValue function| check_condition function| check_url object| commentObj object| plupload_comment_main string| comment_media_wrapper string| rtmedia_comment_media_submit string| comment_media_add_button string| comment_media_uplaod_media function| rtmedia_reset_video_and_audio function| rtmedia_on_activity_add function| rtmedia_single_page_popup_close function| rtmedia_reset_video_and_audio_for_popup function| rtmedia_comment_media_uplaod_button_disble function| rtmedia_apply_popup_to_media function| rtmedia_comment_media_enable_diable_media_comment function| rtmedia_add_comment_media_button_click function| rtmedia_comment_submit_button_disable function| rtmedia_comment_media_input_button function| rtmedia_uploaded_media_edit_disable function| rtmedia_disable_comment_textbox function| rtmedia_comment_media_textbox_val function| rtmedia_comment_media_upload_button_post_disable function| rtmedia_comment_media_remove_hidden_media_id function| rtmedia_activity_comment_js_add_media_id function| rtmedia_buddypress_load_newest_button_click function| rtmedia_comment_media_upload_button_class function| rtmedia_add_widget_id_in_submit_button function| rtmedia_comment_media_upload_button_has_media function| rtmedia_comment_media_media_id function| rtmedia_add_comment_media_button_trigger function| renderUploadercomment_media function| rtmedia_comment_media_upload function| rtmedia_activity_stream_comment_media function| rtmedia_comment_media_single_page function| rtmedia_disable_popup_navigation_comment_media_focus function| rtmedia_disable_popup_navigation object| bp object| addComment function| Cookies object| wc_cart_fragments_params object| Gravatar object| GProfile number| hexcase string| b64pad number| chrsz function| hex_md5 function| b64_md5 function| str_md5 function| hex_hmac_md5 function| b64_hmac_md5 function| str_hmac_md5 function| md5_vm_test function| core_md5 function| md5_cmn function| md5_ff function| md5_gg function| md5_hh function| md5_ii function| core_hmac_md5 function| safe_add function| bit_rol function| str2binl function| binl2str function| binl2hex function| binl2b64 object| WPGroHo object| colormag_ticker_settings object| colormag_load_more object| jpfbembed object| related_posts_js_options object| jetpackSwiperLibraryPath object| jetpackCarouselStrings object| ak_js object| commentForm undefined| replyRowContainer undefined| children function| fbAsyncInit object| mejs function| MediaElement object| HtmlMediaElement function| onYouTubePlayerAPIReady function| DefaultPlayer function| MediaElementPlayer function| EvEmitter function| imagesLoaded function| jQueryBridget function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry object| sharing_js_options object| WPCOMSharing undefined| windowOpen object| _stq object| _tkq function| st_go function| linktracker_init object| wpcom string| new_css function| amazon_assoc_ir_f_call_associates_ads function| amazon_assoc_ir_f_call function| amzn_assoc_ad_spec_type object| amzn_assoc_ad_spec object| amzn_assoc_ad_async_spec object| adUnitDeliveryNetwork object| slotCounter function| cmManager object| amzn_assoc_cm boolean| amzn_assoc_enable_abs object| amzn_assoc_internal_params function| assocUtilsMaker object| amzn_assoc_utils object| nativeAdLayoutComputer object| amzn_assoc_ad object| blockedMarketPlacesJson object| blockedViewerCountriesJson object| imgLoader function| starAction object| rtMedia function| UploadView function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb string| e object| FB object| GoogleGcLKhOms

3 Cookies

Domain/Path Name / Value
que.com/ Name: scroll
Value: null
que.com/ Name: mo_openid_signup_url
Value: https%3A%2F%2Fque.com%2Fwp-content%2Fplugins%2Fminiorange-login-openid%2Fincludes%2Fwebfonts%2Ffa-solid-900.ttf
que.com/ Name: pmpro_visit
Value: 1

2 Console Messages

Source Level URL
Text
console-api log URL: https://que.com/_static/??-eJyljMsKwjAQRX/ISbCL6kb8lBDTEKdNZmIetP69wQbpXrgww7mXs0ZAMr5ONsu55VVtevcDAV3SxYqAJOZ8WiMYpmKpyOirQ8qyNchJk7PguRHgaAkneXQGVjtVu1YY5gX/t3YKmQ1qr77LLjwOyxPN8uDt97TNPdzO43AdLi3jB86OYeY=(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 3.3.2
console-api log URL: https://s0.wp.com/_static/??-eJyFzUEKwkAMheELmQ4qtboQz9LWWGaYJGOSQXt7KyjUlau3+D944VFgFHZkD8lCEXNCs37CJtkm/FaSIWaEaqgLYIfIN/m6yGOuV7Q3TPeKOn+moch/EVCctHdc49WzZoei8pyXdqHz9rDrTse2a/fpBYU+RvU=(Line 820)
Message:
JQMIGRATE: Migrate is installed, version 3.3.2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
1.gravatar.com
adservice.google.com
adservice.google.de
api.pinterest.com
cdn.api.twitter.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
graph.facebook.com
i0.wp.com
i1.wp.com
i2.wp.com
jetpack.wordpress.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.wp.com
public-api.wordpress.com
que.com
s0.wp.com
secure.gravatar.com
ssl.google-analytics.com
stats.wp.com
tpc.googlesyndication.com
www.facebook.com
www.google.com
www.googletagservices.com
www.gstatic.com
z-na.amazon-adsystem.com
api.pinterest.com
cdn.api.twitter.com
104.75.88.209
142.250.185.162
18.66.105.35
192.0.76.3
192.0.77.2
192.0.77.32
192.0.78.23
192.0.78.250
192.0.78.33
2a00:1450:4001:801::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2002
2a00:1450:4001:812::2002
2a00:1450:4001:827::2001
2a00:1450:4001:827::2008
2a00:1450:4001:828::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2004
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f02d:e:face:b00c:0:2
2a03:2880:f12d:181:face:b00c:0:25de
2a04:fa87:fffe::c000:4902
03e2b9ab03918a5c074f15d4b3892f4ca496a67c071c4c94e05e91a1580f848a
043b3e904a388eadc6b249c459d89d7f508a8ef9d673dc4254ef9456058061d6
06b93231a019697aef369d515bd757e0b0ab4738473ab780434f3b109fdcae55
086e4f4e105d000e62faa3859efd3e175bae3454b6d68ed40bd31d68883fe361
0919f0d77b443057cc39d9258c3004b85c15d69e56a2a9727c90ffa8aaa02b76
0b74a2ebfd81bbb1cde74d0075f2bf7d7190f2033ea1b0d30ab7617ff346eead
0dab369eac5fd3a06420395d02d292bc3e3ab0bf62add857c72804fd9f4edd35
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
104bdb75a0ba8ec197173d3d5c80abffd30f54a46f9d5876228478b0be861870
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
165731c115250012b9317b61207c46479cd6fb2d20a048bf6d14dc8b60da877b
171e8fb926a4b313927a51397bab1ac63b9288b6e4520ae3a6c1bb042b24e95b
1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d
1ef35bac8e76dbadf7b3ee28711d4d644813c1448585db926f4af66ad2ff1db8
20ca7abd3a8716b1255a15e436c8bf4032793bfa8e3306263489fd35137cc10a
21b1c346a04696c68f33050088b8bbda850a1d9c015bd70df23d7bb34f6d0e1c
21b2ffaf359ba0c60a9d44b976876f15120897b65191591e6462442b71b7d4c8
29ab67eeda170b04a1d394ab359c846f980f7a6633af3d7b3eb4556e8a370ff7
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2eb69629a7b0625caf36007220a1c9bfcd0380f5d036df0198b8800b4d606472
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
3742b8f2006b7a23df3252c615bb113e94f77729ac9cc4b021e35517285cf0c2
3e799d21e1116a135fcd10c071506f34b99cf79d93b5548199e1376f88b62434
3fa54e29f88aee644eaaac38e11681ea07858eb1ea76b1baae12597aae83fe82
45f4a45f4e70974558e477b7f64169a4e46ed84230497cf23cfeb413f72d6484
4ab971c6f0d9377d56fb3c47fbd3509bca32c2a6edf96a7f1a8f8a3701244c3c
4bf535841a8802813b460c5d34fd515f62628a933ff140251e3023ad781b94fd
4e9bc3430a65da48912e35c5ff5c37668a23f9a237f9110c88562ce932e03984
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5c9fd94cc15f909dc0df00e53f7646ab7c1178a626eeb997a55e9ae5941238cd
5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32
62049671047e094d444463513e23061dd4db3d575d693bf64b54c098accaea95
63167fb6ddde34ffb75ef17916f301406d8d2a3cf2c4754213b422df8eb5ec52
6395e6f9f6fbcd953f0ffa40615094c565d86c265fb5028e64dd2dc872b5ce69
6574c03ef34c869d4a560674a171cfdeceb77589d59b7d073a95eebdb733a827
6582375db69e33bffa8cbdb94c1f04a33b9d2c1880c88a0a6a2e54ebebad742a
6a486bb6036ea984d293ab009566e99e522abc19f8833c5fd49630be7eba0135
6ba2a09c9a41c0f38b95e4c03aeda8bae47c305502df9dd6c10ae49d047c48ec
74d4eb9fa3b6418c4077890dfef585104fad931836550503c85f5a603043cd12
75ce749a9fa119c7f3aedd5994296ddf5b98029f56e54a220a328e5ec642921b
77f4731aeebf949b3e939797d0b05e7e5c3709691e54794d164033a68e03a1a2
78c192bad85b9e8197b45e1b756effb0d845f6f5fc51de824334fd7f180b67b0
80ee2d8ce5d2a3f78fc3b8eaa67bc266645c58b96d8a804556f1e6cb8737d0cf
81f4321ec6c3afcf52718588860b583d4d5f8a887f40b471c07c92463f01842a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83f49a60c7b81bab4b8b2ffd154c069fdde45e0ec303ce85ede59495844f919a
8772dd3533fd4ba5019538a329fd1a8ca4b46a7d34fe9c3f6551bc1448eb2f17
880b3129b9a6255fcc8918e7dc682e518882d2356026fa013d88249afdfee050
8ac98eec44a35a0323da94e5f066814e25bc9589b549fa33cdd324f7abe1713f
8b4f284a26b0c6a066727a2779dfc79d798bb5330c83aff4953984e7a227144f
8c588b83a1cea4a90186cf5db2b9b907ec91bd8483ac076d0898a6dce4e954b9
8da7d561f89a23c1a19fe05cef6e9ce17d6837a3fe9bb9ab9e6541c3aad68613
8e2d1acccd468c002649546c361958a7f773e1768a62329227bd356bc4b97653
90e64da6d9c0c73b3909574d7b31a58db5fa973d1afb70cc5eff5d45064d6d70
914cb6fe13efdf97379c1a2910d677144821201ff3f41b67a5a6ddb367e1a27b
973ad13ad70d4bf7b268bf859c8b27f2a59664105bc8f2ac132c9bd2fa829799
98189f0de18716cc324baa1945bc45707742359f1006aa309d3d37fb7d69e410
9a90398fe43db7f3effe146858ff7f8c16d1402a2d28090223edd0c50da27087
9c7c023f91428234ca0ea4df1199758686f4dcd04da96ba63571788fb3389c0b
9fd95260ee110232e2e143adfb5c5f0df7ffee9d2513288ff4102d9e401c663c
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a7a83e60e7e3b8cadeed69327ba498b4cd68605db6e408729fa1b946758e7501
a9f631b16d2f05fcd9a4d591a5c6740fb7a9f1dacc79444ae878763733dd9a1c
b5d0392d4f6d7e7ee4c15950a61d7d348cdd12732a65f83000053a62eae3e888
bbf9a3eb169025bc73d9f923837eb032478711ccd8653b559ea12e9552e40f1a
bd3a2482b7b952b621e16a05c3bb1847829d057fb1384f4c32d1362b8153e967
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee
bfa9441fac08fbebcfc65e202a788744aab8e4b1f634eaaf800256dce5012813
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c298433cc9eb86f4c0be0a447b0faf398dee9186d2bcf26683297de2758cddc7
c5964852604fae6fb0997a80858f9f2ee0cb6159896741625306a3a9654d9f78
c7a1560b5da6cb80466e23f2f9bbb75b17a1f3a77c3bfa3c424915bad08f47f1
c83a464fff3955f4a932a32b989800d11ad39dbcbc393ed44e36dcd1d02f28a6
ca4cfe26db0dd720921940c6bb75945290e9335b6637079f4ff6630463d20c1d
cb3e87ff58a5e66937ffb6013c8265ed549658a4ff59c1f8d8ae193f488390a5
cb658d8af264091d320d32e952cb1756ea0145c2f6497b182a39e7ce4e466653
ccd1ae8d139b4ddb53c470f4a9ff95259b89b0572b88bc33b4baf78636f2782d
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
d2437ddf45aa84303d14cc4569941c1ae58e8accca92216349c1332794015c6f
d2b1dc9aea0dc7cb478f94dbd46fb7138583c5ae218d69691faaad92e3b4f01b
d3b88cd17875ec9abe460e1fc1c7e6a9167f539484ad0fb7acfed73c1eebca9d
d6d7a468f0a0c907f8cfe5ea9b96d10de23b5b976f0bac3ba7f26bb0c6e7c7fc
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df6c515b5a0b7ca3891f9960946a77aea2ec70b61011e1ee0483a422eb606ced
e0cfe1534cf66865ac13a161e60ef74f768ebd78b86b894afff55660e435c182
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e683bc71365ab9cc3a47f56f3ed871ba48dbc1862075af20c18bf05ae5e3b6da
e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86
eb25618182252b94b4a80393a0dcfc095c3953b39214c45e5fadc82a0ad0228b
eb5c2d32f59451b69ea446ee2f0f6572982c43c90b09fe634f3e8529c02eed3e
ecf823321109fb0bf97f9b7b4e1d66f0c4fee6b5d20a687fcaeefc632d17f19a
f0b7d796d7a918907e1e4daa7e994c4a9253341251f4fc5e806e9cee698fab65
f147fb837ba5b70469427f1c9a31192ffa6a618884096daaa5ac5ebaf13d6e6d
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f9dd4d6baffc6009196ce8d1159dc2dc1f6c2cfe51eca0e68fdf0ae9d7a543a0