thehackernews.com Open in urlscan Pro
2606:4700:20::681a:61 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://thehackernews.com/2020/08/qakbot-banking-trojan.html
Submission: On August 28 via api (August 28th 2020, 1:58:28 pm UTC) from US

Summary HTTP 56 Redirects Links 38 Behaviour Indicators

Summary

This website contacted 21 IPs in 6 countries across 15 domains to perform 56 HTTP transactions. The main IP is 2606:4700:20::681a:61, located in United States and belongs to CLOUDFLARENET, US. The main domain is thehackernews.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 1st 2020. Valid for: a year.

This is the only time thehackernews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
16	2606:4700:20:... 2606:4700:20::681a:61	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a823	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:819::2002	15169 (GOOGLE) (GOOGLE)
1	205.234.175.175 205.234.175.175	30081 (CACHENETW...) (CACHENETWORKS)
8	2a00:1450:400... 2a00:1450:4001:821::2002	15169 (GOOGLE) (GOOGLE)
4 5	172.217.21.230 172.217.21.230	15169 (GOOGLE) (GOOGLE)
3	23.97.225.52 23.97.225.52	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	216.58.207.66 216.58.207.66	15169 (GOOGLE) (GOOGLE)
3	99.86.5.213 99.86.5.213	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:821::2006	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:4e6b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2600:9000:214... 2600:9000:214f:a000:19:fc2c:a140:93a1	16509 (AMAZON-02) (AMAZON-02)
2 4	54.154.62.31 54.154.62.31	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:1b:... 2a04:4e42:1b::621	54113 (FASTLY) (FASTLY)
1 1	2a00:1450:400... 2a00:1450:400c:c0b::9d	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE)
2	172.217.23.162 172.217.23.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:817::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
56	21

16 2606:4700:20::681a:61 (United States)

ASN13335 (CLOUDFLARENET, US)

thehackernews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a823 (United States)

ASN13335 (CLOUDFLARENET, US)

ajax.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.234.175.175 (United States)

ASN30081 (CACHENETWORKS, US)
PTR: vip1.G-anycast1.cachefly.net

cdn.adpushup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.21.230 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s13-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.97.225.52 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

e3.adpushup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.207.66 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s25-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.5.213 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-5-213.fra6.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4e6b (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:214f:a000:19:fc2c:a140:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.154.62.31 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-62-31.eu-west-1.compute.amazonaws.com

att.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0b::9d (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s22-in-f162.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

287b0d71d5a9a69af72d671d405302e8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	thehackernews.com thehackernews.com	364 KB
12	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com 287b0d71d5a9a69af72d671d405302e8.safeframe.googlesyndication.com ade.googlesyndication.com	31 KB
11	doubleclick.net 5 redirects ad.doubleclick.net securepubads.g.doubleclick.net stats.g.doubleclick.net googleads4.g.doubleclick.net	156 KB
4	demdex.net 2 redirects att.demdex.net	3 KB
4	adpushup.com cdn.adpushup.com e3.adpushup.com	213 KB
4	googletagservices.com www.googletagservices.com	73 KB
3	amazon-adsystem.com c.amazon-adsystem.com	30 KB
2	google.com 1 redirects www.google.com adservice.google.com	418 B
2	agkn.com 2 redirects d.agkn.com	1 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	2mdn.net s0.2mdn.net	38 KB
2	cloudflare.com ajax.cloudflare.com cdnjs.cloudflare.com	32 KB
1	google.ee adservice.google.ee	890 B
1	google.de www.google.de	106 B
1	jsdelivr.net cdn.jsdelivr.net	1 KB
56	15

	Domain	Requested by
16	thehackernews.com	thehackernews.com
5	tpc.googlesyndication.com	thehackernews.com tpc.googlesyndication.com securepubads.g.doubleclick.net
5	ad.doubleclick.net	4 redirects ajax.cloudflare.com
4	att.demdex.net	2 redirects
4	pagead2.googlesyndication.com	ajax.cloudflare.com securepubads.g.doubleclick.net www.googletagservices.com
4	www.googletagservices.com	ajax.cloudflare.com s0.2mdn.net securepubads.g.doubleclick.net
3	c.amazon-adsystem.com	cdn.adpushup.com c.amazon-adsystem.com
3	securepubads.g.doubleclick.net	cdn.adpushup.com securepubads.g.doubleclick.net
3	e3.adpushup.com	cdn.adpushup.com
2	287b0d71d5a9a69af72d671d405302e8.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	googleads4.g.doubleclick.net	thehackernews.com
2	d.agkn.com	2 redirects
2	www.google-analytics.com	1 redirects thehackernews.com
2	s0.2mdn.net	thehackernews.com s0.2mdn.net
1	ade.googlesyndication.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.ee	securepubads.g.doubleclick.net
1	www.google.de
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	cdn.jsdelivr.net	cdn.adpushup.com
1	cdnjs.cloudflare.com	thehackernews.com
1	cdn.adpushup.com	thehackernews.com
1	ajax.cloudflare.com	thehackernews.com
56	24

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feeds.feedburner.com
deals.thehackernews.com
thehackernews.tradepub.com
www.instagram.com
t.me
malpedia.caad.fkie.fraunhofer.de
www.hornetsecurity.com
go.thn.li
www.f5.com
blog.morphisec.com
www.mcafee.com
www.reddit.com
news.ycombinator.com
api.whatsapp.com
telegram.me
ad.doubleclick.net

Subject Issuer	Validity	Valid
thehackernews.com Cloudflare Inc ECC CA-3	`2020-07-01` - `2021-07-01`	a year	crt.sh
ajax.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-11` - `2022-08-16`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.cachefly.net GlobalSign RSA OV SSL CA 2018	`2020-08-19` - `2021-10-29`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.adpushup.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-27` - `2022-08-29`	2 years	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
cdnjs.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-12` - `2022-08-17`	2 years	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-08-17` - `2021-04-17`	8 months	crt.sh
www.google.de GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.google.ee GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
Frame ID: CC64D77756E9848F5C5CF44CC367FBB1
Requests: 61 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 707C35935C75A02617032E984A1FCCEC
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/8532760/1584914429519/728x90/GL-1602-ESG_728x90.html
Frame ID: A303BA24EB4FD0D19EA62C5C99E7210B
Requests: 1 HTTP requests in this frame

Frame: https://287b0d71d5a9a69af72d671d405302e8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 7E23031891CA891154588FFAECAA6B4A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html
Frame ID: 6214FB003CB99626A43424A22D59F0EC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

56
Requests

100 %
HTTPS

70 %
IPv6

15
Domains

24
Subdomains

21
IPs

6
Countries

1021 kB
Transfer

2206 kB
Size

1
Cookies

38 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/thehackernews
Title: 

Search URL Search Domain Scan URL

URL: https://twitter.com/thehackersnews
Title: 

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/thehackernews/
Title: 

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/thehackernews?sub_confirmation=1
Title: 

Search URL Search Domain Scan URL

URL: https://feeds.feedburner.com/TheHackersNews
Title: 

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/
Title:  Offers

Search URL Search Domain Scan URL

URL: https://thehackernews.tradepub.com/
Title: Free eBooks

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/free
Title: Freebies

Search URL Search Domain Scan URL

URL: https://www.instagram.com/thehackernews/
Title: 

Search URL Search Domain Scan URL

URL: https://t.me/joinchat/AAAAADwuDObFWF60CiR-HQ
Title:  Telegram Channel

Search URL Search Domain Scan URL

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.qakbot
Title: Qbot

Search URL Search Domain Scan URL

URL: https://www.hornetsecurity.com/en/security-information/qakbot-malspam-leading-to-prolock/
Title: Prolock ransomware

Search URL Search Domain Scan URL

URL: https://go.thn.li/contrast

Search URL Search Domain Scan URL

URL: https://www.f5.com/labs/articles/threat-intelligence/qbot-banking-trojan-still-up-to-its-old-tricks
Title: F5 Labs

Search URL Search Domain Scan URL

URL: https://blog.morphisec.com/qakbot-qbot-maldoc-two-new-techniques
Title: Morphisec

Search URL Search Domain Scan URL

URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-discovers-pinkslipbot-exploiting-infected-machines-as-control-servers-releases-free-tool-to-detect-disable-trojan/
Title: proxy module

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fthehackernews.com%2F2020%2F08%2Fqakbot-banking-trojan.html
Title: 

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fthehackernews.com%2F2020%2F08%2Fqakbot-banking-trojan.html&text=QakBot%20Banking%20Trojan%20Returned%20With%20New%20Sneaky%20Tricks%20to%20Steal%20Your%20Money&via=TheHackersNews
Title: 

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthehackernews.com%2F2020%2F08%2Fqakbot-banking-trojan.html
Title: 

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https%3A%2F%2Fthehackernews.com%2F2020%2F08%2Fqakbot-banking-trojan.html
Title: Share on Reddit

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/submitlink?u=https%3A%2F%2Fthehackernews.com%2F2020%2F08%2Fqakbot-banking-trojan.html&t=QakBot%20Banking%20Trojan%20Returned%20With%20New%20Sneaky%20Tricks%20to%20Steal%20Your%20Money
Title: Share on Hacker News

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=QakBot%20Banking%20Trojan%20Returned%20With%20New%20Sneaky%20Tricks%20to%20Steal%20Your%20Money%20%E2%80%94%20https%3A%2F%2Fthehackernews.com%2F2020%2F08%2Fqakbot-banking-trojan.html
Title: Share on WhatsApp

Search URL Search Domain Scan URL

URL: https://telegram.me/share/url?url=https%3A%2F%2Fthehackernews.com%2F2020%2F08%2Fqakbot-banking-trojan.html&text=QakBot%20Banking%20Trojan%20Returned%20With%20New%20Sneaky%20Tricks%20to%20Steal%20Your%20Money
Title: Share on Telegram

Search URL Search Domain Scan URL

URL: https://ad.doubleclick.net/ddm/clk/463791546;269244864;z

Search URL Search Domain Scan URL

URL: https://ad.doubleclick.net/ddm/jump/N424004.3381407THEHACKERNEWS/B23636320.269244864;sz=1x1;u=__AP1_np_dv_57vslva9bh8PA__;ord=77283547343

Search URL Search Domain Scan URL

URL: https://go.thn.li/zoho-aug

Search URL Search Domain Scan URL

URL: https://go.thn.li/webinar-2

Search URL Search Domain Scan URL

URL: https://ad.doubleclick.net/ddm/clk/463791531;269244987;z

Search URL Search Domain Scan URL

URL: https://ad.doubleclick.net/ddm/jump/N424004.3381407THEHACKERNEWS/B23636320.269244987;sz=1x1;u=__AP1_np_dv_57vslva9bh8PA__;ord=77283547343

Search URL Search Domain Scan URL

URL: https://go.thn.li/native-whitepaper
Title: Learn Secure Coding with Secure Code WarriorThe 5 Point Tactical Guide for Secure Developers. Get the whitepaper.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/the-2019-ethical-hacker-masterclass-bundle
Title: <img alt='Learn Ethical Hacking Online' class='deal-link' src='https://thehackernews.com/images/-6bFLF28Wvxc/XHaUg588fBI/AAAAAAAAAGU/USPKfrcXaLgzaOBfKGb92v-0T12CIaK9wCLcBGAs/s260-e100/learn-hacking-training.jpg'/> Ethical Hacking - Practical Training‎ 10 courses + 1,236 lessons on latest techniques, forensics, malware analysis, network security and programming.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/lifetime-access-to-stackskills-unlimited
Title: <img alt='Unlimited Secure VPN Service' class='deal-link' src='https://thehackernews.com/images/-NnUk1eJVmVk/XHggwOYT51I/AAAAAAAAzbg/_5sUNHfsdiYDo-si4rya7tVT4pSZI0qSACLcBGAs/s260-e100/unlimited-vpn.jpg'/> 1000+ Premium Online Courses With course certification, Q/A webinars and lifetime access.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/the-cybersecurity-expert-certification-training-bundle
Title: <img alt='Best Hacking Books' class='deal-link' src='https://thehackernews.com/images/-4fAuruXOrkE/XDW4dE5zVMI/AAAAAAAAy9A/K13EeHK67NM69FUaCYDYtunHofUHjtt4wCLcBGAs/s260-e100/hacking-cybersecurity-books.jpg'/> Cybersecurity Certification Training CISA, CISM, CISSP, PMI-RMP, and COBIT 5 certifications.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/sales/the-complete-2020-comptia-certification-training-bundle
Title: <img alt='Cisco Certification Courses' class='deal-link' src='https://thehackernews.com/images/-2nVCe__qYkc/WxVG9s8C7CI/AAAAAAAAw6Q/fFsdOSE-DEYDqqf3z9KWus0oBWdbzAkAgCLcBGAs/s260-e100/cisco-it-networking-certification.png'/> CompTIA IT Certification Training Lifetime access to 14 expert-led courses.

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/citizengoods-exclusives
Title: Exclusives

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/hacking
Title: Hacking

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/shop-by-specialization-developer
Title: Development

Search URL Search Domain Scan URL

URL: https://deals.thehackernews.com/collections/shop-by-interest-android
Title: Android

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://ad.doubleclick.net/ddm/ad/N424004.3381407THEHACKERNEWS/B23636320.269244864;sz=1x1;u=__AP1_np_dv_57vslva9bh8PA__;ord=77283547343;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/ad/N424004.3381407THEHACKERNEWS/B23636320.269244864;dc_pre=CJ367IuHvusCFRiDgwcdXAUETg;sz=1x1;u=__AP1_np_dv_57vslva9bh8PA__;ord=77283547343;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://d.agkn.com/pixel/2388/?che=1070871341&col=23636320,5936378,269244864,462128157,112547680&l2=https://att.demdex.net/event?d_event=imp&d_src=127123&d_placement=269244864&d_campaign=23636320&d_site=5936378&d_cb=1070871341 HTTP 302
https://att.demdex.net/event?d_event=imp&d_src=127123&d_placement=269244864&d_campaign=23636320&d_site=5936378&d_cb=1070871341 HTTP 302
https://att.demdex.net/firstevent?d_event=imp&d_src=127123&d_placement=269244864&d_campaign=23636320&d_site=5936378&d_cb=1070871341

Request Chain 31

https://ad.doubleclick.net/ddm/ad/N424004.3381407THEHACKERNEWS/B23636320.269244987;sz=1x1;u=__AP1_np_dv_57vslva9bh8PA__;ord=77283547343;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/ad/N424004.3381407THEHACKERNEWS/B23636320.269244987;dc_pre=CN367IuHvusCFc_Guwgdh-gOMw;sz=1x1;u=__AP1_np_dv_57vslva9bh8PA__;ord=77283547343;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://d.agkn.com/pixel/2388/?che=1758819417&col=23636320,5936378,269244987,462128157,112547680&l2=https://att.demdex.net/event?d_event=imp&d_src=127123&d_placement=269244987&d_campaign=23636320&d_site=5936378&d_cb=1758819417 HTTP 302
https://att.demdex.net/event?d_event=imp&d_src=127123&d_placement=269244987&d_campaign=23636320&d_site=5936378&d_cb=1758819417 HTTP 302
https://att.demdex.net/firstevent?d_event=imp&d_src=127123&d_placement=269244987&d_campaign=23636320&d_site=5936378&d_cb=1758819417

Request Chain 36

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=781899146&t=pageview&_s=1&dl=https%3A%2F%2Fthehackernews.com%2F2020%2F08%2Fqakbot-banking-trojan.html&ul=en-us&de=UTF-8&dt=QakBot%20Banking%20Trojan%20Returned%20With%20New%20Sneaky%20Tricks%20to%20Steal%20Your%20Money&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=1878807443&gjid=1009623802&cid=1836838532.1598623091&tid=UA-27389293-1&_gid=116779183.1598623091&_r=1&z=29757748 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-27389293-1&cid=1836838532.1598623091&jid=1878807443&_gid=116779183.1598623091&gjid=1009623802&_v=j83&z=29757748 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-27389293-1&cid=1836838532.1598623091&jid=1878807443&_v=j83&z=29757748 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-27389293-1&cid=1836838532.1598623091&jid=1878807443&_v=j83&z=29757748&slf_rd=1&random=1049435768

56 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request qakbot-banking-trojan.html Show response
thehackernews.com/2020/08/ 131 KB
44 KB 356ms
339ms Document
text/html 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/2020/08/qakbot-banking-trojan.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordPress VIP

Resource Hash

eba555278d0176b5c68d658f49acb50a58d2d935d16ae2a81c16ded2ec7aeb6e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: thehackernews.com
:scheme: https
:path: /2020/08/qakbot-banking-trojan.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 28 Aug 2020 13:58:09 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dffa154514ae493028434abc37daa58451598623089; expires=Sun, 27-Sep-20 13:58:09 GMT; path=/; domain=.thehackernews.com; HttpOnly; SameSite=Lax; Secure
cf-ray: 5c9e8ba5d849c290-FRA
cache-control: private, max-age=0
expires: Fri, 28 Aug 2020 13:58:09 GMT
last-modified: Fri, 28 Aug 2020 10:36:29 GMT
link: </css/roboto.css>; as=style; rel=preload
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
cf-request-id: 04d6f59bab0000c290113c2200000001
content-security-policy: upgrade-insecure-requests
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-frame-options: DENY
x-powered-by: WordPress VIP
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: cloudflare
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-h2-pushed: </css/roboto.css>

GET
H2 200 roboto.css
thehackernews.com/css/ 77 KB
57 KB 25ms
0ms Stylesheet
text/css 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thehackernews.com/css/roboto.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d8ab8467b889847c12c542bee765afc54acbaff1cc91ce3197ab4f2be8f08ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=2592000, immutable
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 5c9e8ba7fd1ac290-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 04d6f59cf90000c290113de200000001

GET
H2 200 rocket-loader.min.js Show response
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 12 KB
4 KB 24ms
9ms Script
application/javascript 2606:4700::6810:a823
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2020/08/qakbot-banking-trojan.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a823 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:09 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 26 Aug 2020 10:05:56 GMT
server: cloudflare
etag: W/"5f463404-3016"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 5c9e8ba82a466389-FRA
cf-request-id: 04d6f59d1400006389260a2200000001
expires: Sun, 30 Aug 2020 13:58:09 GMT

GET
H2 200 banking-malware.jpg
thehackernews.com/images/-7LQUEMsSaOM/X0d1FKJ8vjI/AAAAAAAA3PU/OH88EqqK0asr0FHUOjLjNZPUQ46xpO1jACLcBGAsYHQ/s728-e100/ 46 KB
46 KB 44ms
43ms Image
image/jpeg 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-7LQUEMsSaOM/X0d1FKJ8vjI/AAAAAAAA3PU/OH88EqqK0asr0FHUOjLjNZPUQ46xpO1jACLcBGAsYHQ/s728-e100/banking-malware.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2020/08/qakbot-banking-trojan.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a61eb30f874273ac6519cdb5f65aab8bee0c7f1d6d59c3cbcfef024619f92781

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:09 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 100680
cf-polished: origSize=48645, status=webp_bigger
status: 200
content-disposition: inline;filename="banking-malware.jpg"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 46851
x-xss-protection: 0
expires: Sat, 05 Dec 2020 10:00:09 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vdcf6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f59d1f0000c290113df200000001
accept-ranges: bytes
cf-ray: 5c9e8ba83da2c290-FRA
access-control-expose-headers: Content-Length

GET
H2 200 hacking-malware.jpg
thehackernews.com/images/-lmTSwoK0HGw/X0dzk3OhmQI/AAAAAAAA3PA/SQfyjIUbjHgioh97cf4pWEhlPNNoFJLqQCLcBGAsYHQ/s728-e100/ 29 KB
30 KB 37ms
36ms Image
image/jpeg 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-lmTSwoK0HGw/X0dzk3OhmQI/AAAAAAAA3PA/SQfyjIUbjHgioh97cf4pWEhlPNNoFJLqQCLcBGAsYHQ/s728-e100/hacking-malware.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2020/08/qakbot-banking-trojan.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebf294c53c9edff3bd7865605c3162d92b0bdc928050036d1122c3725c5dd419

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:09 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 100651
cf-polished: origSize=31717, status=webp_bigger
status: 200
content-disposition: inline;filename="hacking-malware.jpg"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 30112
x-xss-protection: 0
expires: Sat, 05 Dec 2020 10:00:38 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vdcf1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f59d270000c290113e1200000001
accept-ranges: bytes
cf-ray: 5c9e8ba83dc2c290-FRA
access-control-expose-headers: Content-Length

GET
H2 200 hacking-country.jpg
thehackernews.com/images/-1PzxQRQvBz4/X0dz_HlfWAI/AAAAAAAA3PI/Kmd-7GaG1gQrvzaTm-aF4RG4U9tiJS9FgCLcBGAsYHQ/s728-e100/ 39 KB
39 KB 50ms
49ms Image
image/jpeg 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-1PzxQRQvBz4/X0dz_HlfWAI/AAAAAAAA3PI/Kmd-7GaG1gQrvzaTm-aF4RG4U9tiJS9FgCLcBGAsYHQ/s728-e100/hacking-country.jpg

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2020/08/qakbot-banking-trojan.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e6a75dda5e1e95e7452c18e9b651cf71052e69b156d8c0a3004cde825288e6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:09 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 100651
cf-polished: origSize=40417, status=webp_bigger
status: 200
content-disposition: inline;filename="hacking-country.jpg"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 40124
x-xss-protection: 0
expires: Sat, 05 Dec 2020 10:00:38 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vdcf3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f59d270000c290113e2200000001
accept-ranges: bytes
cf-ray: 5c9e8ba83dc6c290-FRA
access-control-expose-headers: Content-Length

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 103 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 688a1e2444a1171a4cfbc8674c62d53bc663bf35a7825eb3563851e79694411c

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a

Request headers

Origin: https://thehackernews.com
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff

GET
DATA 200
OK truncated
/ 442 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6795c5c8b9b0aeb87d6663ccd7a71fb9d2f2817fe9b5c2e67bce0d5a5e1309a1

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 194 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 19 KB
19 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f03c3526dd6db1c340c972db0194f8b732611626e1bcde62426d70a68c7a023b

Request headers

Origin: https://thehackernews.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 19 KB
19 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 32c80a55d06b9da550f41424241174895bdbe1dd174ee1d015a4d56747cd2a99

Request headers

Origin: https://thehackernews.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 19 KB
19 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe94fcc14c2b9f93c39cbe038796bff0ebc07a140ebd15e66b3a897b6a25bc82

Request headers

Origin: https://thehackernews.com
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ 5 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cb235a888e6c56640b94a70f6f6a0f1b4d64c4eaa7e29e82087e5de07787294c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:54:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Aug 2020 21:19:09 GMT
server: sffe
age: 202
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 2474
x-xss-protection: 0
expires: Fri, 28 Aug 2020 14:54:48 GMT

GET
H2 200 adpushup.js Show response
cdn.adpushup.com/37020/ 588 KB
213 KB 170ms
59ms Script
application/javascript 205.234.175.175
CACHENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adpushup.com/37020/adpushup.js
Requested by: Host: thehackernews.com
URL: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 1c1dec6e20108f150bf54f32abdafb8e98d44dff7ef2b74e6f0f710943ed7a1d

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:10 GMT
content-encoding: gzip
x-cf3: H
cf4ttl: 604800.000
x-cf1: 28371:fA.ams1:co:1597374198:cacheN.ams1-01:M
status: 200
x-cf-geodata: US
content-length: 217132
x-cf-tsc: 1598599647
x-cf2: H
last-modified: Fri, 28 Aug 2020 04:31:23 GMT
server: CFS 0215
x-cff: B
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900
cf4age: 10563
accept-ranges: bytes
x-cf-rand: 85.964
expires: Fri, 28 Aug 2020 14:13:10 GMT

GET
H3-Q050 200 impl_v61.js Show response
www.googletagservices.com/dcm/ 29 KB
12 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v61.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62d6281993e360b49643753ef265111b01171c7077b1c09a084c320731c7f6de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 27 Aug 2020 18:54:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 17 Aug 2020 19:50:52 GMT
server: sffe
age: 68600
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 12469
x-xss-protection: 0
expires: Fri, 27 Aug 2021 18:54:50 GMT

GET
H2 200 B24029648.272043563;dc_ver=61.168;sz=728x90;u_sd=1;dc_adk=4037400832;ord=u1pg1w;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2020%2F08%2Fqakbot-banking-trojan.html$0;xdt=0;crlt=(I5O5C_hj-;sttr=17;prcl=s Show response
ad.doubleclick.net/ddm/adj/N510001.3381407THEHACKERNEWS/ 33 KB
15 KB 206ms
81ms Script
text/javascript 172.217.21.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N510001.3381407THEHACKERNEWS/B24029648.272043563;dc_ver=61.168;sz=728x90;u_sd=1;dc_adk=4037400832;ord=u1pg1w;dc_rfl=0,https%3A%2F%2Fthehackernews.com%2F2020%2F08%2Fqakbot-banking-trojan.html$0;xdt=0;crlt=(I5O5C_hj-;sttr=17;prcl=s?

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s13-in-f6.1e100.net

Software

cafe /

Resource Hash

781305e88d04ba210410a7f335a2427fd414a20af5377ac34ad543e49ca9fbc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Aug 2020 13:58:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14430
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 sync
e3.adpushup.com/AdPushupFeedbackWebService/user/ 70 B
268 B 156ms
51ms Other
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/user/sync
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Aug 2020 13:58:10 GMT
status: 200
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 54 KB
19 KB 210ms
71ms Script
text/javascript 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

sffe /

Resource Hash

44978342a516bc25ff22948a409f557f99026ec42bf4e410e9672836a07cd08c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "615 / 508 of 1000 / last-modified: 1598611826"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18735
x-xss-protection: 0
expires: Fri, 28 Aug 2020 13:58:11 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 102 KB
26 KB 235ms
107ms Script
application/javascript 99.86.5.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.5.213 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-5-213.fra6.r.cloudfront.net
Software: Server /
Resource Hash: 8c665507e16736e1323acf89104e508e8cac863d30e8ca5ff5d6ac5303b25277

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:57:23 GMT
content-encoding: gzip
server: Server
age: 48
etag: 5a34c79c51b93c8b4601b1808cbdbd04
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=900
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: _P1TlB50_T-KeVV4zTaCWh4yMnP9uM_4awQrv0gwlddukUica8WD2Q==
via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
131 B 112ms
52ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE1OTg2MjMwOTEwNDAsInBhY2tldElkIjoiMDAwMDkwOUMtY2IzZDhhZmQtN2IzMi00NGRlLWFmNzktOGU3YTk0YjA0MTNkIiwic2l0ZUlkIjozNzAyMCwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vIiwidXJsIjoiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIwLzA4L3Fha2JvdC1iYW5raW5nLXRyb2phbi5odG1sIiwibW9kZSI6MiwiZXJyb3JDb2RlIjo1LCJyZWZlcnJlciI6IiIsInBhZ2VHcm91cCI6IlBPU1QiLCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJpc0dlbmllZSI6ZmFsc2UsInNlY3Rpb25zIjpudWxsfQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Aug 2020 13:58:10 GMT
status: 200
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
273 B 110ms
51ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE1OTg2MjMwOTEwNDUsInBhY2tldElkIjoiMDAwMDkwOUMtY2IzZDhhZmQtN2IzMi00NGRlLWFmNzktOGU3YTk0YjA0MTNkIiwic2l0ZUlkIjozNzAyMCwic2l0ZURvbWFpbiI6Imh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vIiwidXJsIjoiaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIwLzA4L3Fha2JvdC1iYW5raW5nLXRyb2phbi5odG1sIiwibW9kZSI6MSwiZXJyb3JDb2RlIjoxLCJyZWZlcnJlciI6IiIsInBhZ2VHcm91cCI6IlBPU1QiLCJwbGF0Zm9ybSI6IkRFU0tUT1AiLCJpc0dlbmllZSI6ZmFsc2UsInNlY3Rpb25zIjpbeyJzZWN0aW9uSWQiOiI4YzJkN2Y5NC1hOWM1LTQzYjItODNhNC1jZGNmNzExYWUwNWUiLCJzZWN0aW9uTmFtZSI6IkFQX1RfUl9yZXNwb25zaXZlWHJlc3BvbnNpdmVfOGMyZDciLCJzdGF0dXMiOjEsIm5ldHdvcmsiOiJhZHBUYWdzIiwibmV0d29ya0FkVW5pdElkIjoiQURQXzM3MDIwX3Jlc3BvbnNpdmVYcmVzcG9uc2l2ZV84YzJkN2Y5NC1hOWM1LTQzYjItODNhNC1jZGNmNzExYWUwNWUiLCJzZXJ2aWNlcyI6WzIsM10sImFkVW5pdFR5cGUiOjF9XX0=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Aug 2020 13:58:10 GMT
status: 200
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H2 200 express_html_inpage_rendering_lib_200_270.js Show response
s0.2mdn.net/879366/ 111 KB
38 KB 35ms
9ms Script
text/javascript 2a00:1450:4001:821::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_270.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2020/08/qakbot-banking-trojan.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f43d9041767ad4e3a5e6eea59eee3bedea16e48cdae144e80054b4d22c39243

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://thehackernews.com
Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 08:20:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20261
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38898
x-xss-protection: 0
last-modified: Mon, 06 Jul 2020 16:59:21 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 29 Aug 2020 08:20:30 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20200826/r20110914/elements/html/ 6 KB
3 KB 31ms
6ms Script
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200826/r20110914/elements/html/omrhp.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98b3047cca6c09036e718abed042ca3cd035918616aa43ed0c4ae4ab317809e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 26 Aug 2020 16:38:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 2642
x-xss-protection: 0
server: cafe
etag: 4377571892113194532
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 09 Sep 2020 16:38:23 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ 41 KB
15 KB 32ms
10ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2020/08/qakbot-banking-trojan.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 12:44:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4398
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Aug 2021 12:44:53 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2020/08/qakbot-banking-trojan.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 5070
date: Fri, 28 Aug 2020 12:33:41 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Fri, 28 Aug 2020 14:33:41 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/ 87 KB
28 KB 22ms
21ms Script
application/javascript 2606:4700::6811:4e6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2020/08/qakbot-banking-trojan.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 322650
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27964
cf-request-id: 04d6f5a19c000005f5a5154200000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
etag: "5eb03ec4-15d95"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5c9e8baf6e4a05f5-FRA
expires: Wed, 18 Aug 2021 13:58:11 GMT

GET
H2 200 group-a-300.jpg
thehackernews.com/images/-6vhDJ-T9u_Q/Xl_LzZu_HBI/AAAAAAAA2dU/TkjBhLSQXUQxJ5_hxArrnTW3PXn0rDRFQCLcBGAsYHQ/s728-e100/ 35 KB
36 KB 28ms
19ms Image
image/jpeg 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-6vhDJ-T9u_Q/Xl_LzZu_HBI/AAAAAAAA2dU/TkjBhLSQXUQxJ5_hxArrnTW3PXn0rDRFQCLcBGAsYHQ/s728-e100/group-a-300.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed47e749c74f798a636534fb354f2e2607bd66857e4690f8d50d069d12f8a140

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 156296
cf-polished: status=not_needed
status: 200
content-disposition: inline;filename="group-a-300.jpg"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36120
x-xss-protection: 0
expires: Fri, 04 Dec 2020 16:17:48 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vd9d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f5a1a20000c2901103e200000001
accept-ranges: bytes
cf-ray: 5c9e8baf6cf1c290-FRA
access-control-expose-headers: Content-Length

GET
H/1.1

200
OK

firstevent
att.demdex.net/
Redirect Chain

https://ad.doubleclick.net/ddm/ad/N424004.3381407THEHACKERNEWS/B23636320.269244864;sz=1x1;u=__AP1_np_dv_57vslva9bh8PA__;ord=77283547343;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
https://ad.doubleclick.net/ddm/ad/N424004.3381407THEHACKERNEWS/B23636320.269244864;dc_pre=CJ367IuHvusCFRiDgwcdXAUETg;sz=1x1;u=__AP1_np_dv_57vslva9bh8PA__;ord=77283547343;dc_lat=;dc_rdid=;tag_for_ch...
https://d.agkn.com/pixel/2388/?che=1070871341&col=23636320,5936378,269244864,462128157,112547680&l2=https://att.demdex.net/event?d_event=imp&d_src=127123&d_placement=269244864&d_campaign=23636320&d...
https://att.demdex.net/event?d_event=imp&d_src=127123&d_placement=269244864&d_campaign=23636320&d_site=5936378&d_cb=1070871341
https://att.demdex.net/firstevent?d_event=imp&d_src=127123&d_placement=269244864&d_campaign=23636320&d_site=5936378&d_cb=1070871341

42 B
915 B

74ms
74ms

Image
image/gif

54.154.62.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://att.demdex.net/firstevent?d_event=imp&d_src=127123&d_placement=269244864&d_campaign=23636320&d_site=5936378&d_cb=1070871341

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.154.62.31 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-62-31.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v079-093777db9.edge-irl1.demdex.com 5.77.1.20200812153735 5ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: x3mTAFE+QDM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: ISFQRmaATXw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://att.demdex.net/firstevent?d_event=imp&d_src=127123&d_placement=269244864&d_campaign=23636320&d_site=5936378&d_cb=1070871341
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 group-a-728.jpg
thehackernews.com/images/-hE5p9WwWcnA/Xl_LzY65f-I/AAAAAAAA2dY/zIlLKD-Uv1EMGUzImckTKEroMsdYbGi_ACLcBGAsYHQ/s728-e100/ 23 KB
23 KB 34ms
24ms Image
image/webp 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-hE5p9WwWcnA/Xl_LzY65f-I/AAAAAAAA2dY/zIlLKD-Uv1EMGUzImckTKEroMsdYbGi_ACLcBGAsYHQ/s728-e100/group-a-728.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48d9017b2b7d479fe837cabcdb9ca891f7af55828c84e8b307b9843d45d7a527

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 156296
cf-polished: origFmt=jpeg, origSize=31429
status: 200
content-disposition: inline; filename="group-a-728.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23438
x-xss-protection: 0
expires: Fri, 04 Dec 2020 16:17:48 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vd9d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f5a1a50000c2901103f200000001
accept-ranges: bytes
cf-ray: 5c9e8baf6cfbc290-FRA
access-control-expose-headers: Content-Length

GET
H/1.1

200
OK

firstevent
att.demdex.net/
Redirect Chain

https://ad.doubleclick.net/ddm/ad/N424004.3381407THEHACKERNEWS/B23636320.269244987;sz=1x1;u=__AP1_np_dv_57vslva9bh8PA__;ord=77283547343;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
https://ad.doubleclick.net/ddm/ad/N424004.3381407THEHACKERNEWS/B23636320.269244987;dc_pre=CN367IuHvusCFc_Guwgdh-gOMw;sz=1x1;u=__AP1_np_dv_57vslva9bh8PA__;ord=77283547343;dc_lat=;dc_rdid=;tag_for_ch...
https://d.agkn.com/pixel/2388/?che=1758819417&col=23636320,5936378,269244987,462128157,112547680&l2=https://att.demdex.net/event?d_event=imp&d_src=127123&d_placement=269244987&d_campaign=23636320&d...
https://att.demdex.net/event?d_event=imp&d_src=127123&d_placement=269244987&d_campaign=23636320&d_site=5936378&d_cb=1758819417
https://att.demdex.net/firstevent?d_event=imp&d_src=127123&d_placement=269244987&d_campaign=23636320&d_site=5936378&d_cb=1758819417

42 B
915 B

76ms
76ms

Image
image/gif

54.154.62.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://att.demdex.net/firstevent?d_event=imp&d_src=127123&d_placement=269244987&d_campaign=23636320&d_site=5936378&d_cb=1758819417

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.154.62.31 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-62-31.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v079-06898fe04.edge-irl1.demdex.com 5.77.1.20200812153735 5ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: mA09gurJTyw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: MlZNNzdUTSA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://att.demdex.net/firstevent?d_event=imp&d_src=127123&d_placement=269244987&d_campaign=23636320&d_site=5936378&d_cb=1758819417
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 zoho.jpg
thehackernews.com/images/-nJOuAt2OebE/XyqpCfugjSI/AAAAAAAA3Jo/hRvRpWgjFtcbXXcs_hx7H7trWPeJyIIugCLcBGAsYHQ/s300-e100/ 21 KB
22 KB 31ms
20ms Image
image/jpeg 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-nJOuAt2OebE/XyqpCfugjSI/AAAAAAAA3Jo/hRvRpWgjFtcbXXcs_hx7H7trWPeJyIIugCLcBGAsYHQ/s300-e100/zoho.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4cbdd6889058e9b188e711205889b94a76d5f37f031d1fb5052e8d6902f050c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 156351
cf-polished: origSize=22344, status=webp_bigger
status: 200
content-disposition: inline;filename="zoho.jpg"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21992
x-xss-protection: 0
expires: Sat, 28 Nov 2020 18:24:45 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vdc9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f5a1be0000c29011042200000001
accept-ranges: bytes
cf-ray: 5c9e8baf9d87c290-FRA
access-control-expose-headers: Content-Length

GET
H2 200 google-drive-malware.png
thehackernews.com/images/-NfyMbzLLg4I/X0DNdtZQr1I/AAAAAAAA3OU/9UfKPb-Lxv0kClZAQZ9-RMnAp36nXGBYQCLcBGAsYHQ/s72-c-e100/ 5 KB
6 KB 29ms
19ms Image
image/webp 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-NfyMbzLLg4I/X0DNdtZQr1I/AAAAAAAA3OU/9UfKPb-Lxv0kClZAQZ9-RMnAp36nXGBYQCLcBGAsYHQ/s72-c-e100/google-drive-malware.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5035090a6563b538b3f1969657e865823221585377b6ccee0d8da1c866bdd77

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 156351
cf-polished: origFmt=png, origSize=7296
status: 200
content-disposition: inline; filename="google-drive-malware.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5498
x-xss-protection: 0
expires: Fri, 04 Dec 2020 08:59:28 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vdce6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f5a1bf0000c29011043200000001
accept-ranges: bytes
cf-ray: 5c9e8baf9d8ac290-FRA
access-control-expose-headers: Content-Length

GET
H2 200 iphone-hacking.jpg
thehackernews.com/images/-9KgqO4qljGA/X0TtlIDQ-mI/AAAAAAAAAsc/bna23j-rMjk74rpRw-hOtdjyTlK9luCCQCLcBGAsYHQ/s72-c-e100/ 4 KB
4 KB 30ms
18ms Image
image/jpeg 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-9KgqO4qljGA/X0TtlIDQ-mI/AAAAAAAAAsc/bna23j-rMjk74rpRw-hOtdjyTlK9luCCQCLcBGAsYHQ/s72-c-e100/iphone-hacking.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a749b4f3167b052af33058cfbf8c9a2a800bf26deb460b978771b70c83d58b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 135464
cf-polished: origSize=3845, status=webp_bigger
status: 200
content-disposition: inline;filename="iphone-hacking.jpg"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3810
x-xss-protection: 0
expires: Sat, 05 Dec 2020 00:20:27 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v2c8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f5a1bf0000c29011044200000001
accept-ranges: bytes
cf-ray: 5c9e8baf9d91c290-FRA
access-control-expose-headers: Content-Length

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 1 KB
1 KB 33ms
7ms XHR
application/json 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20200828

Requested by

Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/37020/adpushup.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ce87f5f0bcb32418d9d3baff6637d51d0ceca276bf1e79c904bc438bd18bf4c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 42617
x-cache: HIT, HIT
status: 200
cross-origin-resource-policy: cross-origin
content-length: 758
etag: W/"536-+S9EZKhFMQlJd/+UDUkNDKCGlbk"
x-served-by: cache-fra19177-FRA, cache-hhn4030-HHN
date: Fri, 28 Aug 2020 13:58:11 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=781899146&t=pageview&_s=1&dl=https%3A%2F%2Fthehackernews.com%2F2020%2F08%2Fqakbot-banking-trojan.html&ul=en-us&de=UTF-8&dt=QakBot%20Banking%2...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-27389293-1&cid=1836838532.1598623091&jid=1878807443&_gid=116779183.1598623091&gjid=1009623802&_v=j83&z=29757748
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-27389293-1&cid=1836838532.1598623091&jid=1878807443&_v=j83&z=29757748
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-27389293-1&cid=1836838532.1598623091&jid=1878807443&_v=j83&z=29757748&slf_rd=1&random=1049435768

42 B
106 B

19ms
17ms

Image
image/gif

2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-27389293-1&cid=1836838532.1598623091&jid=1878807443&_v=j83&z=29757748&slf_rd=1&random=1049435768

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-27389293-1&cid=1836838532.1598623091&jid=1878807443&_v=j83&z=29757748&slf_rd=1&random=1049435768
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 707C 0
0 32ms
16ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thehackernews.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://thehackernews.com/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 8395
date: Fri, 28 Aug 2020 11:28:31 GMT
expires: Sat, 28 Aug 2021 11:28:31 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 8980
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ 103 KB
31 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_270.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0544329faf865ddd7f34fbf1198898ffd3dc1f27c77f66f945b51039c2f22529

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1598458940569931"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 31853
x-xss-protection: 0
expires: Fri, 28 Aug 2020 13:58:11 GMT

GET
H3-Q050 200 GL-1602-ESG_728x90.html
s0.2mdn.net/8532760/1584914429519/728x90/ Frame A303 0
0 34ms
18ms Document
text/html 2a00:1450:4001:821::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/8532760/1584914429519/728x90/GL-1602-ESG_728x90.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_270.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /8532760/1584914429519/728x90/GL-1602-ESG_728x90.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thehackernews.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://thehackernews.com/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
content-length: 2352
date: Fri, 28 Aug 2020 01:40:28 GMT
expires: Sat, 29 Aug 2020 01:40:28 GMT
last-modified: Sun, 22 Mar 2020 22:00:29 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 44263
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ 0
770 B 255ms
102ms Other
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvxwgUAlxRrHW8J9uTes7fjaJCWSXSSi-UotblQuDUKToqcKPMHSHksOx1-zG6wzD6jBge3rurBqFzd-as0heZgGESZFDvyzecPpQec6xjhE66TquMJ3ciJnbKlv4RK&sig=Cg0ArKJSzJDrmJLHCzs_EAE&urlfix=1&omid=0&rm=1&ctpt=178&cbvp=1&cstd=172&cisv=r20200826.57102&adurl=

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2020/08/qakbot-banking-trojan.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 uber-hack.jpg
thehackernews.com/images/-B95K4F3yALA/Xz7sm4T0uCI/AAAAAAAA3N0/OV3Fc0QjLGMoe9CDlHsFFlMXrGn9bt73QCLcBGAsYHQ/s72-c-e100/ 3 KB
3 KB 24ms
22ms Image
image/jpeg 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-B95K4F3yALA/Xz7sm4T0uCI/AAAAAAAA3N0/OV3Fc0QjLGMoe9CDlHsFFlMXrGn9bt73QCLcBGAsYHQ/s72-c-e100/uber-hack.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e7489569912bd949bcf2e5531ba69243b9b15539886aee1d2a323be79da965b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 156351
cf-polished: origSize=3169, status=webp_bigger
status: 200
content-disposition: inline;filename="uber-hack.jpg"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3128
x-xss-protection: 0
expires: Mon, 30 Nov 2020 21:05:27 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vdcde"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f5a3630000c2901106b200000001
accept-ranges: bytes
cf-ray: 5c9e8bb23b1cc290-FRA
access-control-expose-headers: Content-Length

GET
H2 200 apache-web-server-security.jpg
thehackernews.com/images/-y4b8HVGNf4M/X0Sz6Da9qOI/AAAAAAAAAsE/VVIF9edMas8y4BIB8pWiyH6TMw307M0jwCLcBGAsYHQ/s72-c-e100/ 2 KB
2 KB 27ms
26ms Image
image/webp 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-y4b8HVGNf4M/X0Sz6Da9qOI/AAAAAAAAAsE/VVIF9edMas8y4BIB8pWiyH6TMw307M0jwCLcBGAsYHQ/s72-c-e100/apache-web-server-security.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8592867af4970456f55c69df0b6e8f0e96ef24ba5cd2a2d3d652eaabc0f5ba1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 135003
cf-polished: origFmt=jpeg, origSize=2480
status: 200
content-disposition: inline; filename="apache-web-server-security.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2132
x-xss-protection: 0
expires: Sat, 05 Dec 2020 00:28:08 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "v2c2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f5a3630000c2901106c200000001
accept-ranges: bytes
cf-ray: 5c9e8bb23b1ec290-FRA
access-control-expose-headers: Content-Length

GET
H2 200 Job-Offer-hacking.jpg
thehackernews.com/images/-4myMTX2R930/Xz7Skbz4tVI/AAAAAAAA3Ns/a7klpvLVpF0ul7Uj2BG_4IooCIOdrVTOgCLcBGAsYHQ/s72-c-e100/ 2 KB
3 KB 19ms
18ms Image
image/jpeg 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-4myMTX2R930/Xz7Skbz4tVI/AAAAAAAA3Ns/a7klpvLVpF0ul7Uj2BG_4IooCIOdrVTOgCLcBGAsYHQ/s72-c-e100/Job-Offer-hacking.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fae98b3f6ff62590fa2ad95f03795e84b74c6dea3d4c4939ddb2f6aad1fb2e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 156350
cf-polished: origSize=2410, status=webp_bigger
status: 200
content-disposition: inline;filename="Job-Offer-hacking.jpg"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2373
x-xss-protection: 0
expires: Wed, 02 Dec 2020 08:18:38 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vdcdc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f5a3630000c2901106d200000001
accept-ranges: bytes
cf-ray: 5c9e8bb23b1fc290-FRA
access-control-expose-headers: Content-Length

GET
H2 200 malware-attacker.jpg
thehackernews.com/images/-3p-tZibT4KU/X0al6TqG1tI/AAAAAAAA3O4/AK8WMfBsMksCWP7FZf_ndhYFlRjr-0HRwCLcBGAsYHQ/s72-c-e100/ 3 KB
4 KB 18ms
17ms Image
image/jpeg 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-3p-tZibT4KU/X0al6TqG1tI/AAAAAAAA3O4/AK8WMfBsMksCWP7FZf_ndhYFlRjr-0HRwCLcBGAsYHQ/s72-c-e100/malware-attacker.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb636230ef03b5559c4d1a55d0d9014590c15f353686d11e056f18791137e28e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 43172
cf-polished: origSize=3480, status=webp_bigger
status: 200
content-disposition: inline;filename="malware-attacker.jpg"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3444
x-xss-protection: 0
expires: Sun, 06 Dec 2020 01:33:53 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vdcef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f5a3630000c2901106e200000001
accept-ranges: bytes
cf-ray: 5c9e8bb23b20c290-FRA
access-control-expose-headers: Content-Length

GET
H2 200 sidebar-webinar-2.jpg
thehackernews.com/images/-bCcBfZ1l2S0/Xq2HbDKTajI/AAAAAAAA2uI/MlJiZjsDHuwqqQuDT4xKygGqI9wtXBdRQCLcBGAsYHQ/s300-e100/ 21 KB
21 KB 29ms
28ms Image
image/jpeg 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-bCcBfZ1l2S0/Xq2HbDKTajI/AAAAAAAA2uI/MlJiZjsDHuwqqQuDT4xKygGqI9wtXBdRQCLcBGAsYHQ/s300-e100/sidebar-webinar-2.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdb8e79326d982fa51f23ee8ce28aff2cf207feae8d1097ff32179206adac981

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 156345
cf-polished: origSize=22054, status=webp_bigger
status: 200
content-disposition: inline;filename="sidebar-webinar-2.jpg"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21575
x-xss-protection: 0
expires: Fri, 04 Dec 2020 16:17:59 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vdae4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f5a3630000c2901106f200000001
accept-ranges: bytes
cf-ray: 5c9e8bb23b21c290-FRA
access-control-expose-headers: Content-Length

POST
H3-Q050 200 view
googleads4.g.doubleclick.net/pcs/ 0
39 B 45ms
45ms Other
image/gif 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: thehackernews.com
URL: https://thehackernews.com/2020/08/qakbot-banking-trojan.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
369 B 88ms
87ms XHR
text/javascript 99.86.5.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fthehackernews.com%2F2020%2F08%2Fqakbot-banking-trojan.html&pid=dL7iqafmxApbv&cb=0&ws=1600x1200&v=7.53.01&t=3000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22responsivexresponsive%22%5D%2C%22sn%22%3A%22%2F103512698%2F22055889203%22%7D%5D&pubid=2e7e1587-d92f-46dd-8721-80b53eccb87e&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.5.213 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-5-213.fra6.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA6-C1
status: 200
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://thehackernews.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: eXogsC39sgzO8KGVeNN7AoyxonCrS2IGMy9rPI4Hs6ZcX6B4RifCoA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 182ms
60ms XHR
application/javascript 99.86.5.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.86.5.213 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-5-213.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 02:38:32 GMT
content-encoding: gzip
vary: Origin
age: 40780
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 20 Aug 2020 07:51:21 GMT
server: AmazonS3
etag: "a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: KB-aSFLZ_-aRiOskDsjcLcJ8e6Wuqrcq8E4Qxf4EYsr2AbGB_S2bGQ==

GET
H3-Q050 200 pubads_impl_2020082501.js Show response
securepubads.g.doubleclick.net/gpt/ 260 KB
92 KB 135ms
69ms Script
text/javascript 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020082501.js?21067309

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

sffe /

Resource Hash

ec31e04c917a03b88bb801482f46131cb24779087cfd2b47f8aa9ca25cb19155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 25 Aug 2020 08:44:37 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 93299
x-xss-protection: 0
expires: Fri, 28 Aug 2020 13:58:11 GMT

GET
H2 200 cybersecurity_728_3.jpg
thehackernews.com/images/-j52BRykfnD0/XyWqfZbynMI/AAAAAAAA3Io/BN9uln8Ub44nPpHDYauzo9CY2f56jbGoQCLcBGAsYHQ/s728-e100/ 24 KB
24 KB 27ms
27ms Image
image/webp 2606:4700:20::681a:61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thehackernews.com/images/-j52BRykfnD0/XyWqfZbynMI/AAAAAAAA3Io/BN9uln8Ub44nPpHDYauzo9CY2f56jbGoQCLcBGAsYHQ/s728-e100/cybersecurity_728_3.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2a9471a3a210188324bd8b34c47d76d0f72c18641eacd461281a64dd8c5d3a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/2020/08/qakbot-banking-trojan.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 156174
cf-polished: origFmt=jpeg, origSize=55817
status: 200
content-disposition: inline; filename="cybersecurity_728_3.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 24582
x-xss-protection: 0
expires: Fri, 04 Dec 2020 16:17:59 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "vdc93"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=8640000, immutable
cf-request-id: 04d6f5a3b10000c29011071200000001
accept-ranges: bytes
cf-ray: 5c9e8bb2bc3ac290-FRA
access-control-expose-headers: Content-Length

GET
H2 200 integrator.js Show response
adservice.google.ee/adsid/ 109 B
890 B 47ms
15ms Script
application/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ee/adsid/integrator.js?domain=thehackernews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020082501.js?21067309

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Aug 2020 13:58:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
246 B 25ms
15ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=thehackernews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020082501.js?21067309

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Aug 2020 13:58:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 90 KB
28 KB 550ms
549ms XHR
text/plain 216.58.207.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1742580216325587&correlator=985539183292184&output=ldjh&impl=fifs&eid=21067309%2C21065517%2C21066995%2C21066806&vrg=2020082501&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200828&iu_parts=103512698%2C22055889203&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50&fluid=height&prev_scp=amznbid%3D2%26amznp%3D2%26adpushup_ran%3D1%26hb_ap_siteid%3D37020%26hb_ap_ran%3D1%26fluid%3D1%26refreshcount%3D0%26refreshrate%3D30&eri=1&cust_params=da%3Dadx&cookie_enabled=1&bc=31&abxe=1&lmt=1598610989&dt=1598623091921&dlt=1598623089925&idt=1948&frm=20&biw=1600&bih=1200&oid=3&adxs=269&adys=2362&adks=3763135070&ucis=1&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fthehackernews.com%2F2020%2F08%2Fqakbot-banking-trojan.html&dssz=38&icsg=142650026&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=730x0&msz=730x0&ga_vid=1836838532.1598623091&ga_sid=1598623092&ga_hid=781899146&fws=0&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020082501.js?21067309

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f2.1e100.net

Software

cafe /

Resource Hash

9a0d4ebabf57f565116c5cf0d556c07a9317d64dc643f255d2ac9d1206f7ede1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:12 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28360
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://thehackernews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
287b0d71d5a9a69af72d671d405302e8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 62ms
13ms Other
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://287b0d71d5a9a69af72d671d405302e8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020082501.js?21067309
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 6ms
6ms Other
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020082501.js?21067309
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 container.html
287b0d71d5a9a69af72d671d405302e8.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 7E23 0
0 37ms
18ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://287b0d71d5a9a69af72d671d405302e8.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020082501.js?21067309

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 287b0d71d5a9a69af72d671d405302e8.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thehackernews.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://thehackernews.com/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 2973
date: Fri, 28 Aug 2020 13:58:11 GMT
expires: Sat, 28 Aug 2021 13:58:11 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 71 KB
27 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020082501.js?21067309

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

239e0389acce5a5c6e68db9169986f6ab45b6a3a32956510ccb94a822ae3fdb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1598458934960757"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 27399
x-xss-protection: 0
expires: Fri, 28 Aug 2020 13:58:12 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 40ms
26ms XHR
application/json 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020082501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020082501.js?21067309

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f90e7c568f6b88e883f7c320739ff114d5e52ac8d6638a2a76a2171b7e5e9907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Aug 2020 13:58:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6253
x-xss-protection: 0

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ 42 B
131 B 39ms
39ms Fetch
image/gif 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvT1OvBnDr6MdyzIHmZIKdFqZvEliTESbxAc-jgvyGYzqVi1VXvMiJo-dMuLYuvocNYD3eur2cqmw&sig=Cg0ArKJSzPo_vEmJ3EIHEAE&id=lidar2&mcvt=1002&p=170,436,260,1164&mtos=1002,1002,1002,1002,1144&tos=1002,0,0,0,142&v=20200826&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=34&adk=4037400832&rs=6&met=mue&la=0&cr=0&osd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Aug 2020 13:58:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 14 KB
6 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020082501.js?21067309

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 28 Aug 2020 13:58:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1591403518460474"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5540
x-xss-protection: 0
expires: Fri, 28 Aug 2020 13:58:12 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/210/ Frame 6214 0
0 7ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/210/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/210/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://thehackernews.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://thehackernews.com/

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
content-length: 4590
date: Fri, 28 Aug 2020 13:03:07 GMT
expires: Sat, 28 Aug 2021 13:03:07 GMT
last-modified: Wed, 26 Feb 2020 19:47:50 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3305
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
120 B 44ms
44ms Image
image/gif 2a00:1450:4001:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=210&t=2&li=gpt_2020082501&jk=1742580216325587&bg=!ysmlydFYtFz6xSlyrWoCAAAA1FIAAAAkCgHueLG43hm6Cx5pTahS-fM7pMkQji4TT9hFJAdv57Uhs5iCVJT89zruwBkNFKSQGHeq3cNo_mMMb78OWAq_q5TpVdAU-jJXNWBYMjBws6nTjTojGjk9TsxU2vNWOa2b9gc2F61V7-nI0dL3SObiPEtGdz34EFzRdkev3h3lCwT0OaKcne22wSBJFNfmIfbgrLYnKLmFceEWJRQLDcpxc9OMS-Jn-mfHCFYIQB1B1wlHVtdDXmic59NtsznfxlefFIo8SZC-j-GD9YqhIQ6MBRQ02fQhZRp6haKVpH7KhOhiVkCbLWDvc5YoqpA-40mz5nezFU8kyBLV4xLmAhlfq2x2a0TdiS1HqzgFR9t3HmyZZZNZ-qrBV26CMQR_oKd3hVB-AYg5Hilm9h-WZ7_zze76a-c-qqKXrqiwM3-15ZNvyn7T3fkvI62q1IhI1tcAE-ROG8vT76toBXLJfSOmXree3rS-tTW7bjA4-7IvXA3Em-ChCQ7KTrL-4MHXOT7J8ojxj8cv_OlmGbllGWP2n0yAAfJr6Ls0hWyW7yn770R7dpn5ml-U22qf1k2ZNU6EvPzW7B7UbY5a1z82Ovfgheb7fPl_pVj24YacHZNdrWsYqABzPTqHnZQH8sksTVKaQ4iUAYa_nPxt677H7wYDWN-ZAajXY3zNpjQW8nMdW3FdQ_-m5cKSvE66AOTpMfFLWR2u19TU2pFlfBvtEsXD70HGXOnungkJC5V45-ZMNj-l-MTggsVf8lJkzu4quNfqg8ro7eKB6oTv-q0Q8a30dGUpcr5ZACzC0aCu0hpCUNaSkFtAOvR0Ql3CnmsY7wcSd_sQ3gzwPmPJIMG5Uw7mYVg_VkRUpNOVY5jQaD8dm5ET_2Ej4GKNjidsNtKOvOPEz8fOLD8J2roqmSFDFtEcJ1bGccOa9_H95zIzboHd4_U9FICCoLq7QKvNqNBdG12WJaM3IfkeWUwJ6pgNgkJB_z98-eEo_AFqSSivU8KwNOyGgwIOpT9qa9VD57nByc7POkQy2eZat51wLgnPPEN9ap9ZADg-o2iwAOC_4RKm41mmtfNQzXWG35QbWcIp8gw4NmX7Ge9KT7pKfEx8AssdOp3JQTsHyGCC9ysgKuscV1aEBNFdSRJ88m29vc2qwIXXlQhw_e4L8qLmneZmQ4gJYLBoHRD59J4toMYmb9yjw9avXlb3_ed6D2VCdcGbrz-X_1PtQRI_13ZGPqe-

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Aug 2020 13:58:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 204
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI38bZi4e-6wIVEue7CB3-Dw3SEAAYACDToZg-;met=1;&timestamp=1598623101268;eid1=2;ecn1=1;etm1=10;eid2=871060;ecn2=1;etm2=0;
ade.googlesyndication.com/ddm/activity/ 42 B
198 B 103ms
102ms Image
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI38bZi4e-6wIVEue7CB3-Dw3SEAAYACDToZg-;met=1;&timestamp=1598623101268;eid1=2;ecn1=1;etm1=10;eid2=871060;ecn2=1;etm2=0;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thehackernews.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Aug 2020 13:58:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

81 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.thehackernews.com/	1970-01-19 12:46:55	Name: __cfduid Value: dffa154514ae493028434abc37daa58451598623089

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

287b0d71d5a9a69af72d671d405302e8.safeframe.googlesyndication.com
ad.doubleclick.net
ade.googlesyndication.com
adservice.google.com
adservice.google.ee
ajax.cloudflare.com
att.demdex.net
c.amazon-adsystem.com
cdn.adpushup.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
d.agkn.com
e3.adpushup.com
googleads4.g.doubleclick.net
pagead2.googlesyndication.com
s0.2mdn.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
thehackernews.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
172.217.21.230
172.217.23.162
205.234.175.175
216.58.207.66
23.97.225.52
2600:9000:214f:a000:19:fc2c:a140:93a1
2606:4700:20::681a:61
2606:4700::6810:a823
2606:4700::6811:4e6b
2a00:1450:4001:800::2002
2a00:1450:4001:801::2001
2a00:1450:4001:802::200e
2a00:1450:4001:809::2004
2a00:1450:4001:80b::2001
2a00:1450:4001:817::2002
2a00:1450:4001:819::2002
2a00:1450:4001:81e::2003
2a00:1450:4001:821::2002
2a00:1450:4001:821::2006
2a00:1450:400c:c0b::9d
2a04:4e42:1b::621
54.154.62.31
99.86.5.213
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0544329faf865ddd7f34fbf1198898ffd3dc1f27c77f66f945b51039c2f22529
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08f50e9e70388c99977ca13b6af3a49f8f48c83e79230d51ea72a56c0735bd0c
0e7489569912bd949bcf2e5531ba69243b9b15539886aee1d2a323be79da965b
1c1dec6e20108f150bf54f32abdafb8e98d44dff7ef2b74e6f0f710943ed7a1d
239e0389acce5a5c6e68db9169986f6ab45b6a3a32956510ccb94a822ae3fdb4
32c80a55d06b9da550f41424241174895bdbe1dd174ee1d015a4d56747cd2a99
3d8ab8467b889847c12c542bee765afc54acbaff1cc91ce3197ab4f2be8f08ff
3fae98b3f6ff62590fa2ad95f03795e84b74c6dea3d4c4939ddb2f6aad1fb2e7
44978342a516bc25ff22948a409f557f99026ec42bf4e410e9672836a07cd08c
48d9017b2b7d479fe837cabcdb9ca891f7af55828c84e8b307b9843d45d7a527
4cbdd6889058e9b188e711205889b94a76d5f37f031d1fb5052e8d6902f050c8
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5e6a75dda5e1e95e7452c18e9b651cf71052e69b156d8c0a3004cde825288e6d
62d6281993e360b49643753ef265111b01171c7077b1c09a084c320731c7f6de
6795c5c8b9b0aeb87d6663ccd7a71fb9d2f2817fe9b5c2e67bce0d5a5e1309a1
688a1e2444a1171a4cfbc8674c62d53bc663bf35a7825eb3563851e79694411c
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
781305e88d04ba210410a7f335a2427fd414a20af5377ac34ad543e49ca9fbc5
8c665507e16736e1323acf89104e508e8cac863d30e8ca5ff5d6ac5303b25277
8f43d9041767ad4e3a5e6eea59eee3bedea16e48cdae144e80054b4d22c39243
98b3047cca6c09036e718abed042ca3cd035918616aa43ed0c4ae4ab317809e5
9a0d4ebabf57f565116c5cf0d556c07a9317d64dc643f255d2ac9d1206f7ede1
a61eb30f874273ac6519cdb5f65aab8bee0c7f1d6d59c3cbcfef024619f92781
a71328300f380217ae0abf7f805052a10a0c196cb241eb97adf9b905e4a48c8a
a749b4f3167b052af33058cfbf8c9a2a800bf26deb460b978771b70c83d58b5a
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
c6a9d65e5bd6eb2447ea57e398e1d30f3c6e2d022ecf195933d161ffed964690
cb235a888e6c56640b94a70f6f6a0f1b4d64c4eaa7e29e82087e5de07787294c
cdb8e79326d982fa51f23ee8ce28aff2cf207feae8d1097ff32179206adac981
ce87f5f0bcb32418d9d3baff6637d51d0ceca276bf1e79c904bc438bd18bf4c5
d5035090a6563b538b3f1969657e865823221585377b6ccee0d8da1c866bdd77
d8592867af4970456f55c69df0b6e8f0e96ef24ba5cd2a2d3d652eaabc0f5ba1
e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eba555278d0176b5c68d658f49acb50a58d2d935d16ae2a81c16ded2ec7aeb6e
ebf294c53c9edff3bd7865605c3162d92b0bdc928050036d1122c3725c5dd419
ec31e04c917a03b88bb801482f46131cb24779087cfd2b47f8aa9ca25cb19155
ed47e749c74f798a636534fb354f2e2607bd66857e4690f8d50d069d12f8a140
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f03c3526dd6db1c340c972db0194f8b732611626e1bcde62426d70a68c7a023b
f2a9471a3a210188324bd8b34c47d76d0f72c18641eacd461281a64dd8c5d3a9
f88754ecdaeedbf69845f3cb4015909beff31f92b173185c075ff8ab40ae3d02
f90e7c568f6b88e883f7c320739ff114d5e52ac8d6638a2a76a2171b7e5e9907
fb636230ef03b5559c4d1a55d0d9014590c15f353686d11e056f18791137e28e
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
fe94fcc14c2b9f93c39cbe038796bff0ebc07a140ebd15e66b3a897b6a25bc82

thehackernews.com Open in urlscan Pro 2606:4700:20::681a:61 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

56 Requests

100 %HTTPS

70 %IPv6

15 Domains

24 Subdomains

21 IPs

6 Countries

1021 kBTransfer

2206 kBSize

1 Cookies

38 Outgoing links

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

thehackernews.com Open in urlscan Pro
2606:4700:20::681a:61 Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

100 %
HTTPS

70 %
IPv6

15
Domains

24
Subdomains

21
IPs

6
Countries

1021 kB
Transfer

2206 kB
Size

1
Cookies

56 HTTP transactions
9 data transactions