threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Submission: On June 30 via api (June 30th 2020, 5:26:42 am UTC) from US

Summary HTTP 217 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 53 IPs in 8 countries across 43 domains to perform 217 HTTP transactions. The main IP is 35.173.160.135, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is threatpost.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on June 10th 2020. Valid for: a year.

This is the only time threatpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	35.173.160.135 35.173.160.135	14618 (AMAZON-AES) (AMAZON-AES)
11	13.224.102.26 13.224.102.26	16509 (AMAZON-02) (AMAZON-02)
5	2606:4700:303... 2606:4700:3030::ac43:d04a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:816::2002	15169 (GOOGLE) (GOOGLE)
8	2600:9000:219... 2600:9000:2190:9e00:2:9275:3d40:93a1	16509 (AMAZON-02) (AMAZON-02)
12	2600:9000:219... 2600:9000:2190:d600:0:5c46:4f40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 7	2a00:1450:400... 2a00:1450:4001:818::2004	15169 (GOOGLE) (GOOGLE)
26	185.220.205.220 185.220.205.220	41436 (CLOUDWEBM...) (CLOUDWEBMANAGE-EU)
10	172.217.23.162 172.217.23.162	15169 (GOOGLE) (GOOGLE)
4	69.173.144.140 69.173.144.140	26667 (RUBICONPR...) (RUBICONPROJECT)
4	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4	185.33.220.244 185.33.220.244	29990 (ASN-APPNEX) (ASN-APPNEX)
9 14	2606:2800:233... 2606:2800:233:97b6:26be:138a:cba8:bb01	15133 (EDGECAST) (EDGECAST)
1	34.253.1.139 34.253.1.139	16509 (AMAZON-02) (AMAZON-02)
4	104.111.215.135 104.111.215.135	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	167.172.1.14 167.172.1.14	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
2	72.251.249.13 72.251.249.13	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	2a00:1450:400... 2a00:1450:4001:824::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1 3	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
1	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
1	2600:9000:219... 2600:9000:2190:4c00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	2a00:1450:400... 2a00:1450:400c:c04::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
2	13.224.102.234 13.224.102.234	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
3	104.111.215.68 104.111.215.68	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1 5	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
20	185.167.96.10 185.167.96.10	41436 (CLOUDWEBM...) (CLOUDWEBMANAGE-EU)
1 2	18.194.86.89 18.194.86.89	16509 (AMAZON-02) (AMAZON-02)
1 1	138.201.86.121 138.201.86.121	24940 (HETZNER-AS) (HETZNER-AS)
1	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:816::2001	15169 (GOOGLE) (GOOGLE)
3	18.194.51.59 18.194.51.59	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	2a03:2880:f02... 2a03:2880:f02d:e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	199.232.53.140 199.232.53.140	54113 (FASTLY) (FASTLY)
2 3	63.32.144.14 63.32.144.14	16509 (AMAZON-02) (AMAZON-02)
1 4	52.59.138.183 52.59.138.183	16509 (AMAZON-02) (AMAZON-02)
1 1	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
1 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
2	185.86.137.32 185.86.137.32	201081 (SMARTADSE...) (SMARTADSERVER)
2	52.58.66.178 52.58.66.178	16509 (AMAZON-02) (AMAZON-02)
2	185.94.180.123 185.94.180.123	35220 (SPOTX-AMS) (SPOTX-AMS)
1	13.224.102.91 13.224.102.91	16509 (AMAZON-02) (AMAZON-02)
2	151.101.113.108 151.101.113.108	54113 (FASTLY) (FASTLY)
1	205.185.216.10 205.185.216.10	20446 (HIGHWINDS3) (HIGHWINDS3)
2	104.111.230.142 104.111.230.142	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:fa8:8806... 2a02:fa8:8806:20::2040	41041 (VCLK-EU-) (VCLK-EU-)
217	53

19 35.173.160.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-160-135.compute-1.amazonaws.com

threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kasperskycontenthub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 13.224.102.26 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-102-26.zrh50.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3030::ac43:d04a (United States)

ASN13335 (CLOUDFLARENET, US)

qd.admetricspro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:2190:9e00:2:9275:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:9000:2190:d600:0:5c46:4f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.threatpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:818::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 185.220.205.220 (Amsterdam, Netherlands)

ASN41436 (CLOUDWEBMANAGE-EU, GB)

live.sekindo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.217.23.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s22-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.220.244 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:2800:233:97b6:26be:138a:cba8:bb01 (United States) 9 redirects

ASN15133 (EDGECAST, US)

adserver-us.adtech.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.253.1.139 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-1-139.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.215.135 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-135.deploy.static.akamaitechnologies.com

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 167.172.1.14 (United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

e.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.serverbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.98.64.218 (United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

teachingaids-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.13 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2190:4c00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.102.234 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-102-234.zrh50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.215.68 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-68.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (Netherlands) 2 redirects

ASN35220 (SPOTX-AMS, NL)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.244.159.8 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
primis-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 185.167.96.10 (Amsterdam, Netherlands)

ASN41436 (CLOUDWEBMANAGE-EU, GB)

video.sekindo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.86.89 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-86-89.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.86.121 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.121.86.201.138.clients.your-server.de

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

4c4dbcdaf7106a197f7f1f31a711091f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:816::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.194.51.59 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-51-59.eu-central-1.compute.amazonaws.com

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.53.140 (Manchester, United Kingdom)

ASN54113 (FASTLY, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 63.32.144.14 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-144-14.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.59.138.183 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-138-183.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.130 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.137.32 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.58.66.178 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-66-178.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.123 (Netherlands)

ASN35220 (SPOTX-AMS, NL)

search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.102.91 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-102-91.zrh50.r.cloudfront.net

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.216.10 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

serverbid-sync.nyc3.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.230.142 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:20::2040 (Sweden)

ASN41041 (VCLK-EU-, SE)

aol-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	sekindo.com live.sekindo.com video.sekindo.com	4 MB
38	threatpost.com threatpost.com assets.threatpost.com media.threatpost.com	810 KB
21	advertising.com 10 redirects adserver-us.adtech.advertising.com ads.adaptv.advertising.com pixel.advertising.com	9 KB
12	doubleclick.net 2 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	100 KB
11	adlightning.com tagan.adlightning.com	261 KB
10	googlesyndication.com 4c4dbcdaf7106a197f7f1f31a711091f.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	175 KB
9	openx.net 1 redirects teachingaids-d.openx.net u.openx.net primis-d.openx.net eu-u.openx.net	8 KB
8	ampproject.org cdn.ampproject.org	337 KB
8	rubiconproject.com fastlane.rubiconproject.com prebid-server.rubiconproject.com eus.rubiconproject.com	8 KB
7	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	292 B
7	google.com 1 redirects www.google.com	1 KB
6	adnxs.com ib.adnxs.com acdn.adnxs.com	4 KB
5	admetricspro.com qd.admetricspro.com	175 KB
4	spotxchange.com 2 redirects sync.search.spotxchange.com search.spotxchange.com	4 KB
3	yahoo.com 1 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	2 KB
3	adsrvr.org 2 redirects match.adsrvr.org	1 KB
3	quantserve.com 1 redirects secure.quantserve.com pixel.quantserve.com	9 KB
3	gstatic.com www.gstatic.com fonts.gstatic.com	265 KB
3	casalemedia.com as-sec.casalemedia.com	3 KB
2	smartadserver.com prg.smartadserver.com	2 KB
2	bidswitch.net 1 redirects x.bidswitch.net	1013 B
2	googleapis.com fonts.googleapis.com	1 KB
2	amazon-adsystem.com c.amazon-adsystem.com	29 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	lijit.com ap.lijit.com	723 B
2	serverbid.com 1 redirects e.serverbid.com sync.serverbid.com	1 KB
2	servenobid.com ads.servenobid.com public.servenobid.com	379 B
2	google.de adservice.google.de www.google.de	281 B
1	dotomi.com aol-match.dotomi.com	104 B
1	indexww.com js-sec.indexww.com
1	digitaloceanspaces.com serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1	reddit.com www.reddit.com	1 KB
1	linkedin.com www.linkedin.com
1	facebook.com graph.facebook.com	488 B
1	twitter.com analytics.twitter.com	652 B
1	loopme.me 1 redirects csync.loopme.me	225 B
1	t.co t.co	448 B
1	quantcount.com rules.quantcount.com	356 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	googletagmanager.com www.googletagmanager.com	39 KB
1	kasperskycontenthub.com kasperskycontenthub.com	398 B
1	googletagservices.com www.googletagservices.com	16 KB
0	adap.tv Failed sync.adap.tv Failed
217	43

	Domain	Requested by
26	live.sekindo.com	threatpost.com live.sekindo.com
20	video.sekindo.com	threatpost.com live.sekindo.com
18	threatpost.com	threatpost.com
14	adserver-us.adtech.advertising.com	9 redirects threatpost.com
12	media.threatpost.com	threatpost.com
11	tagan.adlightning.com	threatpost.com tagan.adlightning.com
10	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net threatpost.com
8	cdn.ampproject.org	threatpost.com
8	assets.threatpost.com	threatpost.com
7	www.google.com	1 redirects threatpost.com tagan.adlightning.com
6	tpc.googlesyndication.com	tagan.adlightning.com threatpost.com cdn.ampproject.org
5	qd.admetricspro.com	threatpost.com
4	pixel.advertising.com	1 redirects threatpost.com
4	ib.adnxs.com	qd.admetricspro.com live.sekindo.com
4	hbopenbid.pubmatic.com	qd.admetricspro.com live.sekindo.com
4	fastlane.rubiconproject.com	qd.admetricspro.com
3	pagead2.googlesyndication.com	threatpost.com
3	match.adsrvr.org	2 redirects threatpost.com
3	ads.adaptv.advertising.com	live.sekindo.com
3	u.openx.net	1 redirects live.sekindo.com
3	ads.pubmatic.com	live.sekindo.com qd.admetricspro.com
3	teachingaids-d.openx.net	qd.admetricspro.com live.sekindo.com
3	as-sec.casalemedia.com	qd.admetricspro.com live.sekindo.com
2	eus.rubiconproject.com	qd.admetricspro.com live.sekindo.com
2	acdn.adnxs.com	qd.admetricspro.com live.sekindo.com
2	search.spotxchange.com	live.sekindo.com
2	primis-d.openx.net	live.sekindo.com
2	prebid-server.rubiconproject.com	live.sekindo.com
2	prg.smartadserver.com	live.sekindo.com
2	ups.analytics.yahoo.com	1 redirects threatpost.com
2	pixel.quantserve.com	1 redirects threatpost.com
2	x.bidswitch.net	1 redirects threatpost.com
2	sync.search.spotxchange.com	2 redirects
2	fonts.googleapis.com	live.sekindo.com
2	c.amazon-adsystem.com	live.sekindo.com c.amazon-adsystem.com
2	www.google-analytics.com	1 redirects www.googletagmanager.com
2	www.gstatic.com	www.google.com
2	ap.lijit.com	qd.admetricspro.com
1	aol-match.dotomi.com	threatpost.com
1	eu-u.openx.net	qd.admetricspro.com
1	js-sec.indexww.com	qd.admetricspro.com
1	serverbid-sync.nyc3.cdn.digitaloceanspaces.com	qd.admetricspro.com
1	sync.serverbid.com	1 redirects
1	public.servenobid.com	qd.admetricspro.com
1	pr-bh.ybp.yahoo.com	threatpost.com
1	cm.g.doubleclick.net	1 redirects
1	www.reddit.com	threatpost.com
1	www.linkedin.com	threatpost.com
1	graph.facebook.com	threatpost.com
1	analytics.twitter.com	tagan.adlightning.com
1	4c4dbcdaf7106a197f7f1f31a711091f.safeframe.googlesyndication.com	tagan.adlightning.com
1	fonts.gstatic.com	live.sekindo.com
1	csync.loopme.me	1 redirects
1	t.co	threatpost.com
1	www.google.de	threatpost.com
1	stats.g.doubleclick.net	1 redirects
1	rules.quantcount.com	secure.quantserve.com
1	static.ads-twitter.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	www.googletagmanager.com	threatpost.com
1	e.serverbid.com	qd.admetricspro.com
1	ads.servenobid.com	qd.admetricspro.com
1	adservice.google.de	tagan.adlightning.com
1	kasperskycontenthub.com	threatpost.com
1	www.googletagservices.com	threatpost.com
0	sync.adap.tv Failed	threatpost.com
217	66

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
feedly.com
www.instagram.com
research.checkpoint.com
attendee.gotowebinar.com
akismet.com
t.co
indd.adobe.com
spotlight.threatpost.com

Subject Issuer	Validity	Valid
threatpost.com DigiCert SHA2 Secure Server CA	`2020-06-10` - `2021-06-15`	a year	crt.sh
*.adlightning.com Amazon	`2019-08-19` - `2020-09-19`	a year	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-02-04` - `2020-10-09`	8 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
assets.threatpost.com Amazon	`2020-03-04` - `2021-04-04`	a year	crt.sh
kasperskycontenthub.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2021-06-09`	a year	crt.sh
media.threatpost.com Amazon	`2020-03-04` - `2021-04-04`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
www.sekindo.com Go Daddy Secure Certificate Authority - G2	`2020-05-27` - `2022-06-18`	2 years	crt.sh
*.google.de GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.adtech.advertising.com DigiCert SHA2 Secure Server CA	`2020-04-16` - `2022-04-21`	2 years	crt.sh
*.servenobid.com Amazon	`2020-03-12` - `2021-04-12`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
e.serverbid.com Let's Encrypt Authority X3	`2020-06-22` - `2020-09-20`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2020-03-11` - `2021-05-10`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2019-10-04` - `2020-10-07`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
www.google.de GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2019-10-07` - `2020-09-29`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-06-10` - `2020-09-02`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
*.v.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-03-01` - `2020-08-28`	6 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-05-14` - `2020-08-05`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2020-04-10` - `2020-10-10`	6 months	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2020-04-06` - `2020-10-03`	6 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2020-03-11` - `2020-09-07`	6 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-05-27` - `2020-11-23`	6 months	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-06-02` - `2020-11-29`	6 months	crt.sh
*.smartadserver.com DigiCert Global CA G2	`2020-02-03` - `2022-02-03`	2 years	crt.sh
*.spotxchange.com GeoTrust RSA CA 2018	`2019-03-18` - `2021-03-17`	2 years	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2020-04-13` - `2021-04-14`	a year	crt.sh
*.nyc3.cdn.digitaloceanspaces.com DigiCert SHA2 Secure Server CA	`2020-03-11` - `2021-04-14`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh

This page contains 28 frames:

Primary Page: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Frame ID: A46744C6AA04C417DF6099D2AA3E3440
Requests: 92 HTTP requests in this frame

Frame: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593494765&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Frame ID: 9FFEF333980B3ACA875EA6DD447D44A2
Requests: 47 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: 18F56F85D887D943414097FC6CE5431A
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: 054328F2B672D49648D88E3EA21C8661
Requests: 23 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Frame ID: 978AF276AF62A5D57CF25E865FB4A808
Requests: 1 HTTP requests in this frame

Frame: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=94&advUuid=3296afd5-ba92-11ea-9afb-18b2794d0806
Frame ID: 0F4906DD43FF46691343575682890DA8
Requests: 1 HTTP requests in this frame

Frame: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=98&advUuid=786368a4-4714-4b0b-91e5-4c17cda20727
Frame ID: EA20E50AB7E4A368DDEF5FBFED9FDBDD
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&theme=standard&size=normal&cb=qvwq7ydq5nf3
Frame ID: 0EE0455697DEDDC4C12C694C7F06627C
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&theme=light&size=normal&cb=i4d0jsybnugy
Frame ID: 94428A4F2B179F658F2D99A487302659
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-cc9018f-0230b781.js
Frame ID: 72BB9527DA845A79927501D2AEC3A37A
Requests: 9 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-cc9018f-0230b781.js
Frame ID: AE798CC2DEF85BBCF3BD799987F24353
Requests: 9 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-cc9018f-0230b781.js
Frame ID: BE2DC477BB2468D1D2F664D34CFA8F98
Requests: 8 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids-threatpost/bl-cc9018f-0230b781.js
Frame ID: 07A8E9FC8C8DE2739BFCD2DBB2C1D701
Requests: 10 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=v3yuiyt7481w
Frame ID: 9689C0F73A7A295FE967D5D3652DE039
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=suoag717n2bz
Frame ID: B9DA86863C52F87897C1DC1C5CFFDCBC
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 0169351F1F2CB0EC62DAF33793E7E37B
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 159301478E92099F643CD97F7F3D59D6
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13394437
Frame ID: D1DEA3837C2689BEBD9599F53979B170
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 0253E6C818CC98E541BCF39C2A1E0A21
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 35C6FAA40CB51444DAC4EB91BF655E8D
Requests: 1 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: B19067219253176C60A6B380C74F22BB
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 9C0A5CE713DD72D50FA0833BDA094C1C
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Frame ID: 1796658A37997E8C6ABCB83531856C5B
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 338F0E14C7AB57AF277C8B397348E0C2
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Frame ID: 8EB10D62C88DEF70598580C505C1CFB0
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 0293D397850D9E65A2C389D6917C7959
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Frame ID: 74C3075DD388F85999B845555E5172B9
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Frame ID: A54456BDD468C4FF0F54CCCCCA84F9C0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /\/prebid\.js/i

Quantcast (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\.quantserve\.com\/quant\.js/i

Page Statistics

217
Requests

99 %
HTTPS

38 %
IPv6

43
Domains

66
Subdomains

53
IPs

8
Countries

6005 kB
Transfer

9901 kB
Size

0
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/threatpost/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/threatpost

Search URL Search Domain Scan URL

URL: https://feedly.com/threatpost

Search URL Search Domain Scan URL

URL: https://www.instagram.com/Threatpost/

Search URL Search Domain Scan URL

URL: https://research.checkpoint.com/2020/the-return-of-the-bot-shop-crew/
Title: blog post

Search URL Search Domain Scan URL

URL: https://attendee.gotowebinar.com/register/441045308082589963?source=art
Title: FREE webinar

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%23ransomware
Title: #ransomware

Search URL Search Domain Scan URL

URL: http://twitter.com/search?q=%23cybercriminals
Title: #cybercriminals

Search URL Search Domain Scan URL

URL: https://t.co/psm5qYT3Rt
Title: https://t.co/psm5qYT3Rt

Search URL Search Domain Scan URL

URL: https://twitter.com/threatpost
Title: Follow @threatpost

Search URL Search Domain Scan URL

URL: https://indd.adobe.com/view/01579c19-a6ca-4cb0-8106-ed4d5d02a292
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://spotlight.threatpost.com/
Title: HackerOne Spotlight

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=492f46d2f8577b7;misc=1593494765659; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=492f46d2f8577b7;misc=1593494765659 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A326292cc-ba92-11ea-9976-12998b4eae46;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=492f46d2f8577b7;misc=1593494765659

Request Chain 43

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=50a14982d457fa;misc=1593494765660; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=50a14982d457fa;misc=1593494765660 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A326b5600-ba92-11ea-8a7f-120ea4e1ae80;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=50a14982d457fa;misc=1593494765660

Request Chain 44

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=51042867144ee02;misc=1593494765660; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=51042867144ee02;misc=1593494765660 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A323c7830-ba92-11ea-a3c7-120b32d93760;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=51042867144ee02;misc=1593494765660

Request Chain 45

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=52de1deaf6f8bb;misc=1593494765660; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=52de1deaf6f8bb;misc=1593494765660 HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A323c81ae-ba92-11ea-9c12-124c2db8624e;cfp=1;rndc=1593494764;v=2;cmd=bid;cors=yes;alias=52de1deaf6f8bb;misc=1593494765660

Request Chain 46

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=5322c1c3f1e8467;misc=1593494765660; HTTP 302
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=5322c1c3f1e8467;misc=1593494765660

Request Chain 79

https://www.google-analytics.com/r/collect?v=1&_v=j83&aip=1&a=2098283780&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&ul=en-us&de=UTF-8&dt=DarkCrewFriends%20Returns%20with%20Botnet%20Strategy%20%7C%20Threatpost&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=1185577720&gjid=1236442340&cid=916429841.1593494766&tid=UA-35676203-21&_gid=1239874533.1593494766&_r=1&gtm=2wg6h1PM29HLF&z=950982777 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-35676203-21&cid=916429841.1593494766&jid=1185577720&_gid=1239874533.1593494766&gjid=1236442340&_v=j83&z=950982777 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=916429841.1593494766&jid=1185577720&_v=j83&z=950982777 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=916429841.1593494766&jid=1185577720&_v=j83&z=950982777&slf_rd=1&random=48890577

Request Chain 86

https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=3296b024-ba92-11ea-9afb-18b2794d0806 HTTP 302
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=94&advUuid=3296afd5-ba92-11ea-9afb-18b2794d0806

Request Chain 87

https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D98%26advUuid%3D HTTP 302
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=98&advUuid=786368a4-4714-4b0b-91e5-4c17cda20727

Request Chain 99

https://x.bidswitch.net/sync?ssp=sekindo&user_id=5efaccede2058&custom_data=5efaccede2058&gdpr=1&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5efaccede2058&custom_data=5efaccede2058&gdpr=1&gdpr_consent=

Request Chain 100

https://csync.loopme.me/?redirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D HTTP 307
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=bdd0ea39-e226-4f34-a22c-9a85e9cbc669

Request Chain 158

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
https://pixel.advertising.com/ups/55953/sync?uid=151f9701-e432-4b28-8df9-a3137db374f4&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=151f9701-e432-4b28-8df9-a3137db374f4

Request Chain 159

https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc HTTP 302
https://pixel.advertising.com/ups/57304/sync?uid=CAESEMIsvAUQEA8qwSMAyIFuaMY&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEMIsvAUQEA8qwSMAyIFuaMY&google_cver=1&apid=1A326b5600-ba92-11ea-8a7f-120ea4e1ae80 HTTP 302
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEMIsvAUQEA8qwSMAyIFuaMY&google_cver=1&apid=1A326b5600-ba92-11ea-8a7f-120ea4e1ae80&verify=true

Request Chain 160

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D&_test=XvrM8QAAAIkzhAFU HTTP 302
https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XvrM8QAAAIkzhAFU&_test=XvrM8QAAAIkzhAFU

Request Chain 186

https://sync.serverbid.com/ss/2000891.html HTTP 302
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Request Chain 191

https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=zWCSxJtmkcDVMpGTzzPZxJ09xZzVYZCSmTMufBeB

217 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
threatpost.com/darkcrewfriends-returns-botnet/156963/ 76 KB
20 KB 592ms
228ms Document
text/html 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

7ecd32c109df34a893202119762c2a13f7b8f812bfe21a2e5c4623bbe59c6c94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: threatpost.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Tue, 30 Jun 2020 05:26:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Link: <https://threatpost.com/wp-json/>; rel="https://api.w.org/" <https://threatpost.com/?p=156963>; rel=shortlink
X-Frame-Options: SAMEORIGIN
X-Debug-Auth: off
X-Request-Host: threatpost.com
x-cache-hit: HIT
Content-Encoding: gzip

GET
H/1.1 200
OK main.css
threatpost.com/wp-content/themes/threatpost-2018/assets/css/ 236 KB
36 KB 361ms
122ms Stylesheet
text/css 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 7d9944f6f4e2d0330ca2a9d758a404fdca5937f4a0ddf939247ca3505f9f0bbc

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:54 GMT
Server: nginx
ETag: W/"5ef99b7e-3b1cb"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 07 Jul 2020 05:26:05 GMT

GET
H2 200 op.js Show response
tagan.adlightning.com/math-aids-threatpost/ 32 KB
12 KB 53ms
17ms Script
application/javascript 13.224.102.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.26 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-26.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1027ead12fb985bde9b340834ea38fbb7491930899329430a32e4f3963404157

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:08:01 GMT
content-encoding: gzip
age: 1085
x-cache: Hit from cloudfront
status: 200
content-length: 11963
x-amz-meta-git_commit: 8ce16fa
last-modified: Mon, 29 Jun 2020 15:55:04 GMT
server: AmazonS3
etag: "fa597e76d259325363500f49f1e54961"
x-amz-version-id: MSVCtNozXChfrHu_1SGJah0OKKqWfJTd
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: eCRnhJGd1JLOPXTZXRaa6iNthSjcLe0fCf8dzo711v6PeJStBktNTA==

GET
H2 200 ros-layout.js Show response
qd.admetricspro.com/js/threatpost/ 19 KB
2 KB 88ms
32ms Script
application/javascript 2606:4700:3030::ac43:d04a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:d04a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 482029b5f5f08818d7e14279dd72eb1f23e01c415bb43635776d139b36e4551b

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: br
cf-cache-status: HIT
age: 315
status: 200
cf-request-id: 03a54995fa00000631cf04d200000001
last-modified: Mon, 15 Jun 2020 18:57:17 GMT
server: cloudflare
etag: W/"4c51-5a823fee24e3a-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5ab578699bc60631-FRA
expires: Tue, 30 Jun 2020 05:24:24 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 48 KB
16 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1b5902c951e186f7accc263042e374ad0599189e319d0e947cdc8c801268626

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "557 / 765 of 1000 / last-modified: 1593468616"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 16080
x-xss-protection: 0
expires: Tue, 30 Jun 2020 05:26:05 GMT

GET
H2 200 cmp.js Show response
qd.admetricspro.com/js/threatpost/ 218 KB
61 KB 88ms
34ms Script
application/javascript 2606:4700:3030::ac43:d04a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/cmp.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:d04a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aaf45a172ec90c76bcecd61c68d998c2256fe9b1700371e80011d1161c5ab629

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: br
cf-cache-status: HIT
age: 315
status: 200
cf-request-id: 03a54995fa00000631cf04e200000001
last-modified: Fri, 27 Sep 2019 21:07:46 GMT
server: cloudflare
etag: W/"367ba-5938f47194c80-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5ab578699bc70631-FRA
expires: Tue, 30 Jun 2020 05:24:24 GMT

GET
H2 200 targeting.js Show response
qd.admetricspro.com/js/threatpost/ 275 B
260 B 595ms
540ms Script
application/javascript 2606:4700:3030::ac43:d04a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/targeting.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:d04a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 08 Feb 2020 20:49:18 GMT
server: cloudflare
status: 200
etag: W/"113-59e16a3cfb471-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5ab578699bc90631-FRA
cf-request-id: 03a54995fa00000631cf04f200000001
expires: Tue, 30 Jun 2020 05:34:25 GMT

GET
H2 200 prebid.js Show response
qd.admetricspro.com/js/threatpost/ 341 KB
99 KB 78ms
24ms Script
application/javascript 2606:4700:3030::ac43:d04a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:d04a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbca6fe6f2b8dbe341cd5b5a3e26f6df0d3d8820478ba173dcedf1a4279659b2

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: br
cf-cache-status: HIT
age: 315
status: 200
cf-request-id: 03a54995fa00000631cf050200000001
last-modified: Tue, 26 May 2020 21:20:08 GMT
server: cloudflare
etag: W/"55498-5a693a8f41e90-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5ab578699bca0631-FRA
expires: Tue, 30 Jun 2020 05:24:24 GMT

GET
H2 200 engine.js Show response
qd.admetricspro.com/js/threatpost/ 16 KB
13 KB 77ms
23ms Script
application/javascript 2606:4700:3030::ac43:d04a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qd.admetricspro.com/js/threatpost/engine.js
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:d04a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bcf391dd0b006a87698ac0894d71039d610480913d24fcdaa1f2fdeeeda943e3

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: br
cf-cache-status: HIT
age: 315
status: 200
cf-request-id: 03a54995fa00000631cf051200000001
last-modified: Sun, 24 Nov 2019 00:06:08 GMT
server: cloudflare
etag: W/"41f6-5980c69fe949d-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 5ab578699bcb0631-FRA
expires: Tue, 30 Jun 2020 05:24:45 GMT

GET
H2 200 /
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 89 KB
18 KB 500ms
442ms Stylesheet
text/css 2600:9000:2190:9e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=b0ee8769

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2190:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

15e9840f31982980328598c38e5c60434072901f2c902713ef9c4d4900e05307

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 18049
x-cache-hit: HIT
last-modified: Mon, 29 Jun 2020 07:42:53 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: CFyHZHzJx3C8uA9_szddUHnuAplOdb-MDEqU4bGJ0mruJ4F3kH1rgQ==
expires: Tue, 30 Jun 2020 21:15:19 GMT

GET
H/1.1 200
OK jquery.js Show response
threatpost.com/wp-includes/js/jquery/ 95 KB
37 KB 370ms
127ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Jun 2020 22:05:38 GMT
Server: nginx
ETag: W/"5ee15932-17a69"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 07 Jul 2020 05:26:05 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 175 KB
55 KB 497ms
439ms Script
application/x-javascript 2600:9000:2190:9e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-cookies-notification/scripts/alert_text.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js,wp-content/plugins/honeypot-comments/public/assets/js/public.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/themes/threatpost-2018/assets/js/main.js,wp-content/themes/threatpost-2018/assets/js/loadmore.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js&ver=b0ee8769

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2190:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3dbd06bf1d690a4c0fcbfcd77c26a032558b9f9698bb7261191bfb19656bf8ca

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 55954
x-cache-hit: HIT
last-modified: Mon, 29 Jun 2020 07:42:53 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: QSevOteHmBTqGP5O86LSUqS7uvD1h8vbAM11Aawb8SBj9RI-rdrYeA==
expires: Tue, 30 Jun 2020 21:15:02 GMT

GET
H/1.1 200
OK / Show response
kasperskycontenthub.com/ 0
398 B 590ms
117ms Script
application/javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=103&siteid=1&t=571799155&back=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-160-135.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:26:05 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/javascript
x-cache-hit: HIT
Transfer-Encoding: chunked
X-Debug-Auth: off
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Request-Host: kasperskycontenthub.com
X-XSS-Protection: 1; mode=block

GET
H2 200 botnet-e1573740377341.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/11/14090552/ 65 KB
66 KB 81ms
14ms Image
image/jpeg 2600:9000:2190:d600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/11/14090552/botnet-e1573740377341.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:d600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7f5c3c6b0989a6778b5229d468928a4f9a427d77c2b7f01342eae0edb00af9e2

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 18 Mar 2020 14:54:46 GMT
via: 1.1 0f820adb6671fcc6033a9aa95ec8e0fb.cloudfront.net (CloudFront), 1.1 01ec1718bcc130455b377ec6b38ad50d.cloudfront.net (CloudFront)
last-modified: Thu, 14 Nov 2019 14:06:20 GMT
server: AmazonS3
age: 8951479
etag: "e87161c043da8d51ac683abcc3dce079"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, ZRH50-C1
accept-ranges: bytes
content-length: 66561
x-amz-cf-id: ivwGNNBdECJZIO6gEAufQ2gCkUVI4llNMJ4yQqKRJH0oqjr1hXOEzA==
expires: Fri, 13 Nov 2020 14:06:19 GMT

GET
H2 200 Tara-headshot.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/08/15114841/ 13 KB
13 KB 82ms
16ms Image
image/jpeg 2600:9000:2190:d600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/08/15114841/Tara-headshot.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:d600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 89ce08431545cd3c6d42419d99ee0152027a68c1d0c7c82838cc9a51d9d52451

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 22:21:13 GMT
via: 1.1 42eda27a8f21acb511ddb91858ee5d5b.cloudfront.net (CloudFront), 1.1 01ec1718bcc130455b377ec6b38ad50d.cloudfront.net (CloudFront)
last-modified: Fri, 17 Aug 2018 16:22:08 GMT
server: AmazonS3
age: 27414293
etag: "dee18dfeea6de13bec60c1e5237eb723"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2, ZRH50-C1
accept-ranges: bytes
content-length: 13097
x-amz-cf-id: blMKWEwPfZBI56oUdcHuSNgBuJEd7D2RadAVmsEdcBzEKN-EddY-wA==
expires: Sat, 17 Aug 2019 16:22:07 GMT

GET
H2 200 subscribe2.jpg
media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/ 8 KB
9 KB 83ms
17ms Image
image/jpeg 2600:9000:2190:d600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:d600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 06:22:32 GMT
via: 1.1 7ce1191b390045e05b9cc74f7514b77b.cloudfront.net (CloudFront), 1.1 01ec1718bcc130455b377ec6b38ad50d.cloudfront.net (CloudFront)
last-modified: Tue, 19 Feb 2019 20:14:58 GMT
server: AmazonS3
age: 11747014
etag: "5ba45563f793f39ef6baf02645651654"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, ZRH50-C1
accept-ranges: bytes
content-length: 8281
x-amz-cf-id: uhtOtCe5G0FXvw-QaSkFaDmAKhAriQje0uhXu83t-WHUddpTtJgf8w==
expires: Wed, 19 Feb 2020 20:14:57 GMT

GET
H2 200 darkcrew-e1593203204625.png
media.threatpost.com/wp-content/uploads/sites/103/2020/06/26162458/ 123 KB
124 KB 93ms
45ms Image
image/png 2600:9000:2190:d600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/06/26162458/darkcrew-e1593203204625.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:d600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f17f094e82c4d18f33b47e74e6520314d7110522e4aa8d1b502976522e1551e5

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 26 Jun 2020 20:54:14 GMT
via: 1.1 182ef5a8d12abb5df1553676864737b1.cloudfront.net (CloudFront), 1.1 01ec1718bcc130455b377ec6b38ad50d.cloudfront.net (CloudFront)
last-modified: Fri, 26 Jun 2020 20:26:45 GMT
server: AmazonS3
age: 289912
etag: "ed7ba2d2d7a09895a8c6cc8aa53a6793"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2, ZRH50-C1
accept-ranges: bytes
content-length: 126377
x-amz-cf-id: sSbley1Qj9OWKQmeJq1_DAV21xRWi9thLVCAgQkOx60FVgmJ563qag==
expires: Sat, 26 Jun 2021 20:26:44 GMT

GET
H2 200 tenda-540x270.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/06/29122540/ 13 KB
13 KB 22ms
20ms Image
image/jpeg 2600:9000:2190:d600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/06/29122540/tenda-540x270.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:d600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 851f0e2e13ac8a7607bb8d71614d370035f007d9d1c527f94302e3f05a4b6fcb

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 16:48:50 GMT
via: 1.1 edee3ff8f335740e0ea86cf9f62b5ae9.cloudfront.net (CloudFront), 1.1 01ec1718bcc130455b377ec6b38ad50d.cloudfront.net (CloudFront)
last-modified: Mon, 29 Jun 2020 16:26:08 GMT
server: AmazonS3
age: 45436
etag: "4d24de816ac9815dda55be698a473343"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, ZRH50-C1
accept-ranges: bytes
content-length: 12946
x-amz-cf-id: lgVTkfrwKSghXJVQalYarVAZnnwQnnHlTiDtTU8j6JSfEqRepF_NsA==
expires: Tue, 29 Jun 2021 16:26:05 GMT

GET
H2 200 JailDoor-11-540x268.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/07/30120151/ 23 KB
23 KB 19ms
17ms Image
image/jpeg 2600:9000:2190:d600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/07/30120151/JailDoor-11-540x268.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:d600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4d3ea71f9e3abcbdef62c6b2d99c52798b78af9553d8d774eee43df390fb3ee6

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 26 Jun 2020 15:12:08 GMT
via: 1.1 511c8b6c7e903efca023a504d527516b.cloudfront.net (CloudFront), 1.1 01ec1718bcc130455b377ec6b38ad50d.cloudfront.net (CloudFront)
last-modified: Mon, 30 Jul 2018 16:01:54 GMT
server: AmazonS3
age: 310439
etag: "8e2417d4b8c3fde5f81758f026ff20d4"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, ZRH50-C1
accept-ranges: bytes
content-length: 23460
x-amz-cf-id: NV4cjtqdI9s4aAzUjhEe5IFWMC7JROM5Vckik23X0CrsJgarn3weBg==
expires: Tue, 30 Jul 2019 16:01:51 GMT

GET
H2 200 georgia-cyberattack-540x270.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2019/10/29085447/ 43 KB
44 KB 39ms
37ms Image
image/jpeg 2600:9000:2190:d600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/10/29085447/georgia-cyberattack-540x270.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:d600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bac82b174f1eb8ea37f49787d5412d9bd4d41b466bd597c6f6366c94d42c0a26

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 15 Feb 2020 22:30:47 GMT
via: 1.1 2f0580a0593ad9d3fb82aee9226d8179.cloudfront.net (CloudFront), 1.1 01ec1718bcc130455b377ec6b38ad50d.cloudfront.net (CloudFront)
last-modified: Tue, 29 Oct 2019 12:54:50 GMT
server: AmazonS3
age: 11688919
etag: "e79cc1007e68ac23c8b63a443a82757d"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1, ZRH50-C1
accept-ranges: bytes
content-length: 44251
x-amz-cf-id: vT7p3xOCAH6npe9QG-e1QxCDCyt_21CaiM3a1HbtVo2rcQGPWdHPqA==
expires: Wed, 28 Oct 2020 12:54:47 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 674 B
637 B 17ms
16ms Script
text/javascript 2a00:1450:4001:818::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cc15c325492dd5972c007635108f190eb6c75025e75c89d6b006ca7aeb4278a3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 446
x-xss-protection: 1; mode=block
expires: Tue, 30 Jun 2020 05:26:05 GMT

GET
H2 200 work-from-home-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/03/13163335/ 2 KB
2 KB 24ms
22ms Image
image/jpeg 2600:9000:2190:d600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/03/13163335/work-from-home-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:d600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3435531b595fb1b2b529346e1df8c979a1fd727f56ea8c0d792316035440cac5

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 20:00:09 GMT
via: 1.1 b454a0b154ae18408006bc2a9abd88ec.cloudfront.net (CloudFront), 1.1 01ec1718bcc130455b377ec6b38ad50d.cloudfront.net (CloudFront)
last-modified: Fri, 13 Mar 2020 20:33:52 GMT
server: AmazonS3
age: 1675557
etag: "fd4942a0704785b24b44d177f4a57d86"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, ZRH50-C1
accept-ranges: bytes
content-length: 2098
x-amz-cf-id: gA5GqR_AWKaOSCO1hVNR4eBjfAQsp59uhtvQbFnSTgXXS3y4F-oKjA==
expires: Sat, 13 Mar 2021 20:33:49 GMT

GET
H2 200 36c3-fake-emails-featured-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/01/31170549/ 2 KB
2 KB 26ms
24ms Image
image/jpeg 2600:9000:2190:d600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/01/31170549/36c3-fake-emails-featured-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:d600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1f152c8879492dd153cf7a47ad195151e20491e60985d86f9ef7a7ddc85062f6

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 04 Jun 2020 17:25:36 GMT
via: 1.1 5755f825ee6ab59b8a6349608c249e4e.cloudfront.net (CloudFront), 1.1 01ec1718bcc130455b377ec6b38ad50d.cloudfront.net (CloudFront)
last-modified: Fri, 31 Jan 2020 22:05:52 GMT
server: AmazonS3
age: 2203230
etag: "62a0a00cafda215547f47f6b6f52bdce"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, ZRH50-C1
accept-ranges: bytes
content-length: 1665
x-amz-cf-id: rhVFtJ0BbY5Xr9JxEDwouGFA5H4CsjpdzZ8uJVIOJ_6VtGdZkSAGvg==
expires: Sat, 30 Jan 2021 22:05:49 GMT

GET
H2 200 ai-safety-featured-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2018/06/08121133/ 2 KB
2 KB 27ms
25ms Image
image/jpeg 2600:9000:2190:d600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/08121133/ai-safety-featured-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:d600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5d363c974cd81869ce3fd8d76a06f12b273be51cb358a9a85c21d157eedde824

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 21 May 2020 19:01:41 GMT
via: 1.1 e3666efb6956ba7f03c75c3401b8c79e.cloudfront.net (CloudFront), 1.1 01ec1718bcc130455b377ec6b38ad50d.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jul 2018 02:40:26 GMT
server: AmazonS3
age: 3407065
etag: "29cb0a26bc7f2d80110ca80691f44ecd"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA54, ZRH50-C1
accept-ranges: bytes
content-length: 2089
x-amz-cf-id: bdIV3v0Z4YuDZ27yzqcO0UPGEdq6B2nyx0dXOprwTFLJcBMomQdhsg==
expires: Wed, 03 Jul 2019 02:40:23 GMT

GET
H2 200 microsoft-64x64.jpg
media.threatpost.com/wp-content/uploads/sites/103/2020/01/22095352/ 2 KB
3 KB 27ms
25ms Image
image/jpeg 2600:9000:2190:d600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2020/01/22095352/microsoft-64x64.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:d600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bcaa21df70fd10c5a594ac5996411eb517750a210903adaa56dc097d5936dc9e

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 19 May 2020 20:38:28 GMT
via: 1.1 8b5bc0831e6dab612582614c3009efa7.cloudfront.net (CloudFront), 1.1 01ec1718bcc130455b377ec6b38ad50d.cloudfront.net (CloudFront)
last-modified: Wed, 22 Jan 2020 14:53:54 GMT
server: AmazonS3
age: 3574058
etag: "872d8d15e18da7498f683a1a4b3d2477"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, ZRH50-C1
accept-ranges: bytes
content-length: 2145
x-amz-cf-id: Xv2M6WqaPxbjARxSea2F2Veot4S0rUXNT_dMsrgqldlK98UzxYu68w==
expires: Thu, 21 Jan 2021 14:53:52 GMT

GET
H2 200 forcepoint-vpn-64x64.jpeg
media.threatpost.com/wp-content/uploads/sites/103/2019/09/20105955/ 2 KB
2 KB 28ms
26ms Image
image/jpeg 2600:9000:2190:d600:0:5c46:4f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.threatpost.com/wp-content/uploads/sites/103/2019/09/20105955/forcepoint-vpn-64x64.jpeg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:d600:0:5c46:4f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 22bce61f4ab1cabf0df284f75cf064654e2c82fd992de9b8bd951f3bb43a87ca

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 04 May 2020 16:08:55 GMT
via: 1.1 befe3b8553d90339ecf78e5d7cefa60b.cloudfront.net (CloudFront), 1.1 01ec1718bcc130455b377ec6b38ad50d.cloudfront.net (CloudFront)
last-modified: Fri, 20 Sep 2019 14:59:58 GMT
server: AmazonS3
age: 4886231
etag: "f99bca485823b84c6c1ecf501c34469c"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA53-C1, ZRH50-C1
accept-ranges: bytes
content-length: 1822
x-amz-cf-id: 588uPRDQJSjb57HDov0LLBZwUzyNQaqgWCHAARw7F54fQbwe07PeOA==
expires: Sat, 19 Sep 2020 14:59:55 GMT

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ 28 KB
8 KB 138ms
37ms Script
text/javascript 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: 055ffddafced6da0d0c031c73654265c6725df20b05811cf51fbdfcfa93f81d3

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:05 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/javascript; charset=utf-8

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 2 KB
1 KB 367ms
363ms Script
application/x-javascript 2600:9000:2190:9e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/jquery.json.min.js&ver=b0ee8769

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2190:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:06 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 926
x-cache-hit: HIT
last-modified: Mon, 29 Jun 2020 07:42:50 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: KoxXL1rwUc2db7JekIyDBe-SXtlXku8QPhebLoipqNcZpdkwOsHhLg==
expires: Tue, 30 Jun 2020 21:15:02 GMT

GET
H/1.1 200
OK gravityforms.min.js Show response
threatpost.com/wp-content/plugins/gravityforms/js/ 34 KB
12 KB 839ms
123ms Script
application/x-javascript 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.4.17.15
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:51 GMT
Server: nginx
ETag: W/"5ef99b7b-88c2"
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 07 Jul 2020 05:26:06 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 7 KB
3 KB 366ms
363ms Script
application/x-javascript 2600:9000:2190:9e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/conditional_logic.min.js&ver=b0ee8769

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2190:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:06 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 2685
x-cache-hit: HIT
last-modified: Mon, 29 Jun 2020 07:42:50 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: -k5pHZySX-qLbTx-Ntqwg2tUzXe-oYr5bl9V-SaN-ar-bDwMBFtYmw==
expires: Tue, 30 Jun 2020 21:15:04 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 5 KB
2 KB 277ms
274ms Script
application/x-javascript 2600:9000:2190:9e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/js/placeholders.jquery.min.js&ver=b0ee8769

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2190:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 1747
x-cache-hit: HIT
last-modified: Mon, 29 Jun 2020 07:42:50 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: pOKLY7WIOyuZHUfC3bLVd0FVumAlwu-8T270mXGYCGx2i8wqkA7pxw==
expires: Tue, 30 Jun 2020 21:15:10 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 676 B
515 B 18ms
15ms Script
text/javascript 2a00:1450:4001:818::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=5.4.2

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ad237fb737d307f25e314306d8ef8ebddb21d9e56b8521ca9eb89f52883f3bca

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 447
x-xss-protection: 1; mode=block
expires: Tue, 30 Jun 2020 05:26:05 GMT

GET
H2 200 / Show response
assets.threatpost.com/wp-content/plugins/bwp-minify/min/ 2 KB
1 KB 370ms
367ms Script
application/x-javascript 2600:9000:2190:9e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/js/wp-embed.min.js,wp-content/plugins/akismet/_inc/form.js&ver=b0ee8769

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:2190:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

21e46fe44c6929876f5a413c843ae516c0ddfd1aad3e8e33446b7bc0a6781b08

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:06 GMT
content-encoding: gzip
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 973
x-cache-hit: HIT
last-modified: Wed, 10 Jun 2020 22:05:38 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-debug-auth: off
x-request-host: assets.threatpost.com
x-amz-cf-id: P2sreUpOA_Qq6s1bnNkZJHqHaT8SWBUIjtdC3rZsw11v-qHUPOtaZg==
expires: Tue, 30 Jun 2020 21:15:03 GMT

GET
H2 200 b-8ce16fa.js Show response
tagan.adlightning.com/math-aids-threatpost/ 35 KB
12 KB 20ms
18ms Script
application/javascript 13.224.102.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-8ce16fa.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.26 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-26.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82778d6bab0bf693d922b290e21dc5766bc0d7dcc15fb8cbf96223449f07a662

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 21 May 2020 21:03:32 GMT
content-encoding: gzip
age: 3399754
x-cache: Hit from cloudfront
status: 200
content-length: 12279
x-amz-meta-git_commit: 8ce16fa
last-modified: Thu, 21 May 2020 20:57:10 GMT
server: AmazonS3
etag: "1ee78bd32c1d4d051f9e148b667e3f17"
x-amz-version-id: AuxBHdwSL09yrCmxb.j1gjSlW7v1d09f
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: RvboGAz6G98wXolIz0jZdY5sz2zZnsidheVbMXB9mxLHEwl_1cdEDA==

GET
H2 200 bl-cc9018f-0230b781.js Show response
tagan.adlightning.com/math-aids-threatpost/ 90 KB
37 KB 28ms
27ms Script
application/javascript 13.224.102.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-cc9018f-0230b781.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.26 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-26.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5b5b4cc32a1cca6751686cf0f839a563725139cc45ff9b1fdd2c57ac54e1700f

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 16:25:18 GMT
content-encoding: gzip
age: 46848
x-cache: Hit from cloudfront
status: 200
content-length: 37792
x-amz-meta-git_commit: cc9018f
last-modified: Mon, 29 Jun 2020 15:54:47 GMT
server: AmazonS3
etag: "22c6c2e2b1e84e330775f7fdca3bebf5"
x-amz-version-id: k4xE79NGi7d0U05aeFs0DGty_j5DxvHW
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: H57lPN-f2KSG9OGmEMqxclekVvDTUyvGbHgU--wIazssGTxd5dC9bA==

GET
H2 200 pubads_impl_2020062201.js Show response
securepubads.g.doubleclick.net/gpt/ 248 KB
88 KB 30ms
26ms Script
text/javascript 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020062201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

789830aa9d02bfb21cf76d45b308d897fb56375aab65999723364a5a00e839b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Jun 2020 13:08:09 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89901
x-xss-protection: 0
expires: Tue, 30 Jun 2020 05:26:05 GMT

GET
H2 200 integrator.sync.js Show response
adservice.google.de/adsid/ 113 B
175 B 15ms
15ms Script
application/javascript 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.sync.js?domain=threatpost.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 108
x-xss-protection: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 263 B
2 KB 183ms
112ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=2&alt_size_ids=55%2C57&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&tk_flint=pbjs_lite_v3.20.0&x_source.tid=cf612c5e-e645-4690-8813-028270958337&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5095657290998015
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 2956336d0b52582c06b84bafb3f29ffff4c2387b28b790780ed509aa07a725e0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:05 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 263
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 241 B
2 KB 179ms
107ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=16&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&tk_flint=pbjs_lite_v3.20.0&x_source.tid=cd6c4d39-0fa3-4b76-837b-87ea67415520&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.09415046710339303
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: d8d7c1b1b1bf23b768acd49779615e47a3b2b18973e09aa5e815cc752a58b24b

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:05 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 241
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 261 B
2 KB 235ms
162ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509506&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&tk_flint=pbjs_lite_v3.20.0&x_source.tid=cb788bf2-78bf-4f1b-af9d-1d5b1355a442&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7159661264761013
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 87bb289b5e4ea0b0c838ef9c82c3aa36c7cfd014959d9f7c8a1d312265c74b22

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:05 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 261
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 261 B
2 KB 199ms
120ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=300372&zone_id=1509502&size_id=15&alt_size_ids=10&p_pos=atf&rp_schain=1.0,1!admetricspro.com,1005,1,,,&rf=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&tk_flint=pbjs_lite_v3.20.0&x_source.tid=cb788bf2-78bf-4f1b-af9d-1d5b1355a442&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.891186272476602
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 05632b246776d72900c4e43dc21015e6880cb92e2155add0180ac8f54f0d65ac

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:05 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Keep-Alive: timeout=5
Content-Length: 261
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
115 B 209ms
154ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 30 Jun 2020 05:26:05 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 376 B
1 KB 105ms
41ms XHR
application/json 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

0a3411caa491296107bd66c21922faf8d0269500831907798ff5f3f0fa19b72c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:07 GMT
X-Proxy-Origin: 185.236.201.148; 185.236.201.148; 731.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.7:80
AN-X-Request-Uuid: 4d33d2ec-8801-44d4-b345-d29c11bd5ce9
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 376
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

ADTECH;apid=1A326292cc-ba92-11ea-9976-12998b4eae46;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=492f46d2f8577b7;misc=1593494765659 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=492f46d2f8577b7;misc=1593494765659;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=492f46d2f8577b7;misc=1593494765659
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A326292cc-ba92-11ea-9976-12998b4eae46;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=492f46d2f8577b7;misc=15...

945 B
1 KB

135ms
135ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A326292cc-ba92-11ea-9976-12998b4eae46;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=492f46d2f8577b7;misc=1593494765659
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: ea0a80b8727df18cb54c324e2e5ec25d51b26f3c78f87d3fba99de39d9631f96

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:06 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:06 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166606/0/0/ADTECH;apid=1A326292cc-ba92-11ea-9976-12998b4eae46;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=492f46d2f8577b7;misc=1593494765659
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1A326b5600-ba92-11ea-8a7f-120ea4e1ae80;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=50a14982d457fa;misc=1593494765660 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=50a14982d457fa;misc=1593494765660;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=50a14982d457fa;misc=1593494765660
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A326b5600-ba92-11ea-8a7f-120ea4e1ae80;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=50a14982d457fa;misc=159...

944 B
1 KB

145ms
145ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A326b5600-ba92-11ea-8a7f-120ea4e1ae80;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=50a14982d457fa;misc=1593494765660
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: ae4b7b284eeb52a60117e8ad342f1b6c6de8737cb66a256352e41113f4878c45

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:06 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:06 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166847/0/0/ADTECH;apid=1A326b5600-ba92-11ea-8a7f-120ea4e1ae80;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=50a14982d457fa;misc=1593494765660
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1A323c7830-ba92-11ea-a3c7-120b32d93760;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=51042867144ee02;misc=1593494765660 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=51042867144ee02;misc=1593494765660;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=51042867144ee02;misc=1593494765660
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A323c7830-ba92-11ea-a3c7-120b32d93760;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=51042867144ee02;misc=15...

944 B
1 KB

135ms
135ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A323c7830-ba92-11ea-a3c7-120b32d93760;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=51042867144ee02;misc=1593494765660
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 7288ee7c57f827b33632f4da1cde82ca6101e1cb272bcd7cfd7604016cff341d

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:06 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 944
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:05 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166615/0/0/ADTECH;apid=1A323c7830-ba92-11ea-a3c7-120b32d93760;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=51042867144ee02;misc=1593494765660
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;apid=1A323c81ae-ba92-11ea-9c12-124c2db8624e;cfp=1;rndc=1593494764;v=2;cmd=bid;cors=yes;alias=52de1deaf6f8bb;misc=1593494765660 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=52de1deaf6f8bb;misc=1593494765660;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=52de1deaf6f8bb;misc=1593494765660
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A323c81ae-ba92-11ea-9c12-124c2db8624e;cfp=1;rndc=1593494764;v=2;cmd=bid;cors=yes;alias=52de1deaf6f8bb;misc=159...

945 B
1 KB

161ms
161ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A323c81ae-ba92-11ea-9c12-124c2db8624e;cfp=1;rndc=1593494764;v=2;cmd=bid;cors=yes;alias=52de1deaf6f8bb;misc=1593494765660
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: 9e748b25841a86b4205b0e7cb04922c12244e545bef2d83881e04271d56a146a

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:06 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:05 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166612/0/0/ADTECH;apid=1A323c81ae-ba92-11ea-9c12-124c2db8624e;cfp=1;rndc=1593494764;v=2;cmd=bid;cors=yes;alias=52de1deaf6f8bb;misc=1593494765660
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

GET
H2

200

ADTECH;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=5322c1c3f1e8467;misc=1593494765660 Show response
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/
Redirect Chain

https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=5322c1c3f1e8467;misc=1593494765660;
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=5322c1c3f1e8467;misc=1593494765660

945 B
1 KB

152ms
151ms

XHR
application/json

2606:2800:233:97b6:26be:138a:cba8:bb01
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=5322c1c3f1e8467;misc=1593494765660
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Adtech Adserver /
Resource Hash: e25f6776f07eecdef98579601a069df2066bcd1c5ba9dcfd5e85cb13b1e319b3

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:06 GMT
server: Adtech Adserver
status: 200
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 945
expires: Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:06 GMT
server: nginx
status: 302
location: https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5166617/0/0/ADTECH;cfp=1;rndc=1593494765;v=2;cmd=bid;cors=yes;alias=5322c1c3f1e8467;misc=1593494765660
access-control-allow-methods: POST,GET,HEAD,OPTIONS
p3p: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin: https://threatpost.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
content-length: 0
expires: Mon, 15 Jun 1998 00:00:00 GMT

POST
H2 200 adreq Show response
ads.servenobid.com/ 110 B
379 B 148ms
62ms XHR
application/json 34.253.1.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=1328
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.1.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-1-139.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e9021fe4383e9ded41297f8aecb83e70521adcea2107eae74bce1291c56eb817

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
status: 200
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
access-control-allow-credentials: true

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 25 B
988 B 203ms
143ms XHR
application/json 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=438654&v=7.2&r=%7B%22id%22%3A%2225fef160f0a3fbc%22%2C%22imp%22%3A%5B%7B%22id%22%3A%222630c1fcf741ca3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438654%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%222782efd899be471%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438649%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2228f03d168426d7b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22438650%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D&ac=j&sd=1
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: bb7b43ac92badb237d4480b3ab19b6ed538c2a36b236c410ba89d58c5cea8eba

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:05 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 45
Expires: Tue, 30 Jun 2020 05:26:05 GMT

POST
H2 200 v2 Show response
e.serverbid.com/api/ 711 B
984 B 361ms
125ms XHR
application/json 167.172.1.14
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://e.serverbid.com/api/v2
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.172.1.14 , United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
date: Tue, 30 Jun 2020 05:26:05 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com
content-length: 711
vary: Origin
content-type: application/json

GET
H2 200 arj Show response
teachingaids-d.openx.net/w/1.0/ 43 KB
6 KB 253ms
237ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=cf612c5e-e645-4690-8813-028270958337%2Ccf612c5e-e645-4690-8813-028270958337%2Ccd6c4d39-0fa3-4b76-837b-87ea67415520%2Ccb788bf2-78bf-4f1b-af9d-1d5b1355a442%2Ccb788bf2-78bf-4f1b-af9d-1d5b1355a442&nocache=1593494765666&pubcid=5c6ab14d-a2d5-4c0f-8f56-12dc45cd77cf&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&aus=728x90%2C970x250%2C970x90%7C728x90%2C970x250%2C970x90%7C300x250%2C336x280%7C300x250%2C300x600%7C300x250%2C300x600&divIds=div-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-2%2Cdiv-gpt-ad-6794670-3%2Cdiv-gpt-ad-6794670-5%2Cdiv-gpt-ad-6794670-5&auid=540932704%2C540932709%2C540932713%2C540932715%2C540932720
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.188.0 /
Resource Hash: 6edd87b2b97262fd8bf646bbbe2522017465404cd7a2739a90c55cc712c3c326

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: gzip
server: OXGW/16.188.0
status: 200
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 6046
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 379 B
1 KB 107ms
44ms XHR
application/json 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

bba3c5aaed9697f7dd53a15945011622d30231d491857c58fc26fa5b7598c9a6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:07 GMT
X-Proxy-Origin: 185.236.201.148; 185.236.201.148; 731.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.116:80
AN-X-Request-Uuid: fd72b2e8-a245-4a9d-a6d2-c39a1750f973
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 379
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 47 B
723 B 143ms
85ms XHR
application/json 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.20.0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: 9875494c4b4f213669320e8a6ee112706d667a92778cdca3f3937eeb8df89f2a

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 30 Jun 2020 05:26:05 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 65

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 111 KB
39 KB 50ms
18ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c7a3c8d6b3317f49e891ebde6e1c22e7bfa42a2d4085fb4d5d00d7ae863bbb5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:05 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39070
x-xss-protection: 0
last-modified: Tue, 30 Jun 2020 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jun 2020 05:26:05 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/ 11 KB
4 KB 342ms
118ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018//assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: W/"5ef99b7d-2b9f"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 07 Jul 2020 05:26:06 GMT

GET
H/1.1 200
OK icons.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/ 11 KB
4 KB 342ms
118ms Other
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: W/"5ef99b7d-2b9f"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 07 Jul 2020 05:26:06 GMT

GET
H/1.1 200
OK logo.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 19 KB
19 KB 700ms
116ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: "5ef99b7d-4a32"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 18994
Expires: Tue, 07 Jul 2020 05:26:06 GMT

GET
H/1.1 200
OK museosans-300-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 332ms
118ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-300-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: "5ef99b7d-51b8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20920
Expires: Wed, 30 Jun 2021 05:26:06 GMT

GET
H/1.1 200
OK museosans-700-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 439ms
213ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:52 GMT
Server: nginx
ETag: "5ef99b7c-51a4"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20900
Expires: Wed, 30 Jun 2021 05:26:06 GMT

GET
H/1.1 200
OK museosans-100-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 350ms
118ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-100-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: "5ef99b7d-50c8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20680
Expires: Wed, 30 Jun 2021 05:26:06 GMT

GET
H/1.1 200
OK museosans-500-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 20 KB
21 KB 351ms
119ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: "5ef99b7d-5194"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 20884
Expires: Wed, 30 Jun 2021 05:26:06 GMT

GET
H/1.1 200
OK museosans-500italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 23 KB
23 KB 466ms
229ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-500italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:52 GMT
Server: nginx
ETag: "5ef99b7c-5c74"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 23668
Expires: Wed, 30 Jun 2021 05:26:06 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/NMoy4HgGiLr5NAQaEQa2ho8X/ 323 KB
127 KB 53ms
6ms Script
text/javascript 2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/NMoy4HgGiLr5NAQaEQa2ho8X/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1533bc39e2dd8ede3893909d6f42760e0598d075951447afe88158e57b0961a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 16:39:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Jun 2020 20:56:25 GMT
server: sffe
age: 564393
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 129939
x-xss-protection: 0
expires: Wed, 23 Jun 2021 16:39:32 GMT

GET
H/1.1 200
OK mail-plane-light.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 828 B
722 B 695ms
122ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-light.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: W/"5ef99b7d-33c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 07 Jul 2020 05:26:06 GMT

GET
H/1.1 200
OK twitter-blue.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 868 B
847 B 677ms
120ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/twitter-blue.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: W/"5ef99b7d-364"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 07 Jul 2020 05:26:06 GMT

GET
H/1.1 200
OK museosans-700italic-webfont.woff2
threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/ 15 KB
16 KB 376ms
228ms Font
font/woff2 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/fonts/museosans-700italic-webfont.woff2
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
Origin: https://threatpost.com

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:52 GMT
Server: nginx
ETag: "5ef99b7c-3dcc"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000, public
Connection: close
Accept-Ranges: bytes
Content-Length: 15820
Expires: Wed, 30 Jun 2021 05:26:06 GMT

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame 9FFE 2 KB
1 KB 38ms
38ms Script
text/javascript 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593494765&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: 1dd195139c231e1ca1863f486c97fac3d6c45f0441b066dc3fe8b5b893ee9254

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:05 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/javascript; charset=utf-8

GET
H/1.1 200
OK mail-plane-large-dark.svg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 812 B
722 B 353ms
116ms Image
image/svg+xml 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/mail-plane-large-dark.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: W/"5ef99b7d-32c"
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: close
Expires: Tue, 07 Jul 2020 05:26:06 GMT

GET
H/1.1 200
OK logo-white.png
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 10 KB
10 KB 2401ms
2063ms Image
image/png 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/logo-white.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0

Request headers

Referer: https://threatpost.com/wp-content/themes/threatpost-2018/assets/css/main.css?v=1593416572
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:06 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: "5ef99b7d-260a"
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 9738
Expires: Tue, 07 Jul 2020 05:26:06 GMT

GET
H/1.1 200
OK iab_consent_sdk.v1.0.js Show response
live.sekindo.com/content/ClientDetections/ Frame 9FFE 19 KB
6 KB 36ms
34ms Script
application/javascript 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/ClientDetections/iab_consent_sdk.v1.0.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593494765&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:26:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 12 Feb 2020 15:01:36 GMT
Server: nginx
ETag: W/"5e441350-4be0"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Wed, 30 Jun 2021 05:26:05 GMT

GET
H/1.1 200
OK DetectGDPR2.v1.0.js Show response
live.sekindo.com/content/ClientDetections/ Frame 9FFE 8 KB
3 KB 70ms
33ms Script
application/javascript 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/ClientDetections/DetectGDPR2.v1.0.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593494765&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: ace61d80f3fe90bbb02ab328d9705b57a9c8a95d3a0bf6b4cd510d4dacd033df

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:26:05 GMT
Content-Encoding: gzip
Last-Modified: Sun, 26 Jan 2020 18:48:12 GMT
Server: nginx
ETag: W/"5e2ddeec-211f"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Wed, 30 Jun 2021 05:26:05 GMT

GET
H/1.1 200
OK DetectGDPR.v1.0.js Show response
live.sekindo.com/content/ClientDetections/ Frame 9FFE 7 KB
3 KB 97ms
32ms Script
application/javascript 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/ClientDetections/DetectGDPR.v1.0.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593494765&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: 993ebc45d9927d420801f05819222e8cc1aa523187e4c0b290df02b23ce18093

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:26:05 GMT
Content-Encoding: gzip
Last-Modified: Sun, 26 Jan 2020 11:58:13 GMT
Server: nginx
ETag: W/"5e2d7ed5-1d87"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Wed, 30 Jun 2021 05:26:05 GMT

GET
H/1.1 200
OK hls.0.12.4_1.min.js Show response
live.sekindo.com/content/video/hls/ Frame 9FFE 247 KB
85 KB 120ms
55ms Script
application/javascript 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593494765&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: 7d0492c66125b1c2bdc419641e41542857e7d90e323d355ee0b8bb268da121fb

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:26:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Jan 2020 15:31:55 GMT
Server: nginx
ETag: W/"5e1352eb-3dcb9"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Wed, 30 Jun 2021 05:26:05 GMT

GET
H/1.1 200
OK prebidVid.2.44.3_5.min.js Show response
live.sekindo.com/content/prebid/ Frame 9FFE 273 KB
101 KB 121ms
56ms Script
application/javascript 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593494765&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: e943dbcfb86d85f244a7297d32ba27e2efe5f46e242dfb838253cd52ab95d785

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:26:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 03 Jun 2020 12:19:26 GMT
Server: nginx
ETag: W/"5ed7954e-44236"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=31536000, public
Expires: Wed, 30 Jun 2021 05:26:05 GMT

GET
H/1.1 200
OK liveVideo.php Show response
live.sekindo.com/live/ Frame 9FFE 417 KB
118 KB 128ms
64ms Script
text/html 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30362D33305F30387D7B7331323334383830387D7B433236307D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E5341764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+5+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efaccede2058&debugInfo=12348808_ABT+%2F+Prebid+%2F+5+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=47.3925&geoLong=8.4546&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=101281&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed173akunvrojp&vp_template=6615&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,1005,1&cbuster=1593494765&pubUrlAuto=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&videoType=flow&floatWidth=320&floatHeight=180&floatDirection=br&floatVerticalOffset=10&floatHorizontalOffset=10&floatCloseBtn=1&flowMode=both&flowCloseButtonPosition=right
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: abbd831394d504d7bfb663ee0d4f806a809972f80b2ef5e76d706b1eee11204e

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:26:05 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 2788
date: Tue, 30 Jun 2020 04:39:38 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Tue, 30 Jun 2020 06:39:38 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
8 KB 11ms
9ms Script
application/x-javascript 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.quantserve.com/quant.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e6e50fd1047f835e02b1b4140c8a63062dff27f25906501694c4829624150955

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:06 GMT
content-encoding: gzip
last-modified: Tue, 30-Jun-2020 05:26:06 GMT
etag: M0-4cca824e
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: private, no-transform, max-age=604800
strict-transport-security: max-age=86400
content-length: 8082
expires: Tue, 07 Jul 2020 05:26:06 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 64ms
19ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PM29HLF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:06 GMT
content-encoding: gzip
age: 28460
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-hhn4035-HHN
last-modified: Tue, 23 Jan 2018 20:09:00 GMT
x-timer: S1593494766.083248,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 rules-p-_7kVx0t9Jqj90.js Show response
rules.quantcount.com/ 3 B
356 B 373ms
373ms Script
application/x-javascript 2600:9000:2190:4c00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-_7kVx0t9Jqj90.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:4c00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:25:41 GMT
via: 1.1 4ee178becf6bd81a5ce90c64ae0621b5.cloudfront.net (CloudFront)
last-modified: Fri, 03 Mar 2017 23:52:35 GMT
server: AmazonS3
age: 30
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Error from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=300
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 3
x-amz-cf-id: l7Xzm33dqjJCSGRIjTJ8wkd_Lf01Dhk4kjApgK6eOS-r6rmKON8zjA==

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&aip=1&a=2098283780&t=pageview&_s=1&dl=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&ul=en-us&de=UTF-8&dt=DarkCrewFr...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-35676203-21&cid=916429841.1593494766&jid=1185577720&_gid=1239874533.1593494766&gjid=1236442340&_v=j83&z=950982777
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=916429841.1593494766&jid=1185577720&_v=j83&z=950982777
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=916429841.1593494766&jid=1185577720&_v=j83&z=950982777&slf_rd=1&random=48890577

42 B
106 B

17ms
17ms

Image
image/gif

2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=916429841.1593494766&jid=1185577720&_v=j83&z=950982777&slf_rd=1&random=48890577

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:06 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-35676203-21&cid=916429841.1593494766&jid=1185577720&_v=j83&z=950982777&slf_rd=1&random=48890577
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
448 B 206ms
147ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 119
pragma: no-cache
last-modified: Tue, 30 Jun 2020 05:26:06 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 17b162d4c293159a556e06348d8e2590
x-transaction: 00d812a1001ba57b
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 9FFE 102 KB
26 KB 51ms
18ms Script
application/javascript 13.224.102.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30362D33305F30387D7B7331323334383830387D7B433236307D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E5341764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+5+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efaccede2058&debugInfo=12348808_ABT+%2F+Prebid+%2F+5+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=47.3925&geoLong=8.4546&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.234 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-234.zrh50.r.cloudfront.net
Software: Server /
Resource Hash: 7301462cb27dcb0cf467822211f6cdd478be091ed9d776b29f426ce78c4a414f

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:17:34 GMT
content-encoding: gzip
server: Server
age: 512
etag: b586b236f6b3db3c4ca9410451195336
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: public, max-age=900
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: hABCLrOqOPRrCyjENTiGRoDAcvoNQvx4N30CVf_4Zz-Q71Wds0pviw==
via: 1.1 792f70324a941726ce7e749514e6fc3c.cloudfront.net (CloudFront)

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 9FFE 6 KB
3 KB 45ms
15ms XHR
application/javascript 13.224.102.234
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.234 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-234.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 15:20:29 GMT
content-encoding: gzip
vary: Origin
age: 50738
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Tue, 23 Jun 2020 10:10:39 GMT
server: AmazonS3
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 697e9166a29142e018dae0e083c25f18.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: IxEeDU5cfUTaj06JQ1G5_woE1USQd_7SLnfyOPwy8R8tdIbAI8WK6w==

GET
H2 200 css
fonts.googleapis.com/ Frame 18F5 2 KB
669 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto&display=swap

Requested by

Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30362D33305F30387D7B7331323334383830387D7B433236307D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E5341764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+5+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efaccede2058&debugInfo=12348808_ABT+%2F+Prebid+%2F+5+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=47.3925&geoLong=8.4546&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 30 Jun 2020 04:53:22 GMT
server: ESF
date: Tue, 30 Jun 2020 05:26:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Jun 2020 05:26:06 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0543 2 KB
646 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 30 Jun 2020 04:28:40 GMT
server: ESF
date: Tue, 30 Jun 2020 05:26:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 30 Jun 2020 05:26:06 GMT

GET
H/1.1 200
OK user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 978A 0
0 107ms
32ms Document
text/html 104.111.215.68
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30362D33305F30387D7B7331323334383830387D7B433236307D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E5341764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+5+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efaccede2058&debugInfo=12348808_ABT+%2F+Prebid+%2F+5+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=47.3925&geoLong=8.4546&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.68 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-68.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

Last-Modified: Tue, 14 Apr 2020 10:28:34 GMT
ETag: "1300708-2eae-5a33da96f833f"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 4169
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=123714
Expires: Wed, 01 Jul 2020 15:48:00 GMT
Date: Tue, 30 Jun 2020 05:26:06 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

liveCS.php
live.sekindo.com/live/ Frame 0F49
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID&__user_chec...
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=94&advUuid=3296afd5-ba92-11ea-9afb-18b2794d0806

0
0

37ms
35ms

Document
text/html

185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=94&advUuid=3296afd5-ba92-11ea-9afb-18b2794d0806
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30362D33305F30387D7B7331323334383830387D7B433236307D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E5341764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+5+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efaccede2058&debugInfo=12348808_ABT+%2F+Prebid+%2F+5+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=47.3925&geoLong=8.4546&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash

Request headers

Host: live.sekindo.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

Server: nginx
Date: Tue, 30 Jun 2020 05:26:06 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
X-Powered-By: PHP/7.3.19
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-store
Pragma: no-cache
Age: 0
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Tue, 30 Jun 2020 05:26:06 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=3296afd5-ba92-11ea-9afb-18b2794d0806; expires=Wed, 30-Jun-2021 06:32:46 GMT; path=/; domain=.spotxchange.com; SameSite=none; Secure
Location: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=94&advUuid=3296afd5-ba92-11ea-9afb-18b2794d0806
X-fe: 73
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

GET
H/1.1

200
OK

liveCS.php
live.sekindo.com/live/ Frame EA20
Redirect Chain

https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D98%26advUuid%3D
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=98&advUuid=786368a4-4714-4b0b-91e5-4c17cda20727

0
0

37ms
36ms

Document
text/html

185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=98&advUuid=786368a4-4714-4b0b-91e5-4c17cda20727
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30362D33305F30387D7B7331323334383830387D7B433236307D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E5341764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+5+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efaccede2058&debugInfo=12348808_ABT+%2F+Prebid+%2F+5+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=47.3925&geoLong=8.4546&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash

Request headers

Host: live.sekindo.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

Server: nginx
Date: Tue, 30 Jun 2020 05:26:05 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
X-Powered-By: PHP/7.3.19
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-store
Pragma: no-cache
Age: 0
Content-Encoding: gzip

Redirect headers

status: 302
vary: Accept, Accept-Encoding
set-cookie: i=5c6ab14d-a2d5-4c0f-8f56-12dc45cd77cf|1593494765; Version=1; Expires=Wed, 30-Jun-2021 05:26:06 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.188.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=98&advUuid=786368a4-4714-4b0b-91e5-4c17cda20727
date: Tue, 30 Jun 2020 05:26:06 GMT
content-type: text/html
content-length: 0
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK placeHolder.png
live.sekindo.com/content/video/splayer/assets/ 23 KB
24 KB 44ms
37ms Image
image/png 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/content/video/splayer/assets/placeHolder.png
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx /
Resource Hash: 76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:26:05 GMT
Last-Modified: Sun, 11 Jun 2017 08:04:06 GMT
Server: nginx
ETag: "593cf976-5dbf"
Content-Type: image/png
Cache-Control: no-cache, private
Accept-Ranges: bytes
Content-Length: 23999
Expires: Tue, 30 Jun 2020 05:26:04 GMT

GET
H/1.1 200
OK vid5e53e246175a5158734501.jpg
video.sekindo.com/uploads/cn4/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0543 6 KB
6 KB 145ms
32ms Image
image/jpeg 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn4/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.jpg?cbuster=1582555723

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

14be6a0a8ec5070f1aac299ccff69379e9bf038148d5a1c5a66f772308f6e959

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:43 GMT
Last-Modified: Mon, 24 Feb 2020 14:49:43 GMT
Server: Tengine
ETag: "5e53e287-165d"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 5725
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5e86d7b9d2c91800058387.jpg
video.sekindo.com/uploads/cn12/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0543 13 KB
13 KB 146ms
34ms Image
image/jpeg 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn12/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5e86d7b9d2c91800058387.jpg?cbuster=1585895359

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

f1a73d1be169d95a5d478b3a6751e42b1f5c2c0a6e5486c709b90241004376c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:43 GMT
Last-Modified: Fri, 03 Apr 2020 06:30:14 GMT
Server: Tengine
ETag: "5e86d7f6-331c"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 13084
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5d5bb0d4dd9f6491894945.jpg
video.sekindo.com/uploads/cn1/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0543 9 KB
10 KB 146ms
33ms Image
image/jpeg 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn1/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5d5bb0d4dd9f6491894945.jpg?cbuster=1570431012

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

17d9041ab15483ed447874d58d24182f1ae11ba05320dde22f72bcc02492601c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:43 GMT
Last-Modified: Tue, 20 Aug 2019 08:42:04 GMT
Server: Tengine
ETag: "5d5bb25c-25ce"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 9678
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5da8e4fec081c998865812.jpg
video.sekindo.com/uploads/cn9/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0543 6 KB
6 KB 179ms
34ms Image
image/jpeg 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn9/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5da8e4fec081c998865812.jpg?cbuster=1571349765

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

1d69d1bc4891a0628f7313bd32355596c4a7e3e6de5a9214d03fbf327c8ae1f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:43 GMT
Last-Modified: Thu, 17 Oct 2019 22:03:36 GMT
Server: Tengine
ETag: "5da8e538-17e3"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 6115
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5e82652053bc0719376164.jpg
video.sekindo.com/uploads/cn11/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 0543 5 KB
5 KB 180ms
33ms Image
image/jpeg 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn11/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5e82652053bc0719376164.jpg?cbuster=1585603877

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

4e10c320e69dbec70da9b25b702c4d54d655d0b0ff3034e5deca574a18215f4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:43 GMT
Last-Modified: Mon, 30 Mar 2020 23:02:22 GMT
Server: Tengine
ETag: "5e827a7e-136d"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 4973
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5d977bfb34e37820188546.jpg
video.sekindo.com/uploads/cn9/video/users/converted/24485/video_5c74e337b0b1c456249184/ Frame 0543 9 KB
10 KB 181ms
36ms Image
image/jpeg 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn9/video/users/converted/24485/video_5c74e337b0b1c456249184/vid5d977bfb34e37820188546.jpg?cbuster=1591260697

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

ce5c7e164cf875e98fff52ba3e342eeca5ec65a29a5a4b205348f2f35ef99824

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:43 GMT
Last-Modified: Fri, 04 Oct 2019 17:09:22 GMT
Server: Tengine
ETag: "5d977cc2-2497"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 9367
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5cb1036e48189699601426.jpg
video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/ Frame 0543 11 KB
11 KB 37ms
36ms Image
image/jpeg 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/vid5cb1036e48189699601426.jpg?cbuster=1591260319

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

9eff853e0e48a1d66ee00e3daed67fbdbc2f15ddd89916c2492864c4bf00dcb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:43 GMT
Last-Modified: Fri, 12 Apr 2019 21:40:34 GMT
Server: Tengine
ETag: "5cb105d2-2a65"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 10853
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5d04354ca667b943276105.jpg
video.sekindo.com/uploads/cn2/video/users/converted/24485/video_5c74e337b0b1c456249184/ Frame 0543 20 KB
21 KB 83ms
51ms Image
image/jpeg 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn2/video/users/converted/24485/video_5c74e337b0b1c456249184/vid5d04354ca667b943276105.jpg?cbuster=1591260476

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

c3914fe5abc7b0c9c76570e823b64f7c7f0dc9e54a2efe35893b71e364c6fb36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:43 GMT
Last-Modified: Sat, 15 Jun 2019 00:02:32 GMT
Server: Tengine
ETag: "5d043598-5124"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 20772
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5e17f3a7d1e69717376754.jpg
video.sekindo.com/uploads/cn1/video/users/converted/24485/video_5c74e337b0b1c456249184/ Frame 0543 35 KB
36 KB 71ms
38ms Image
image/jpeg 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn1/video/users/converted/24485/video_5c74e337b0b1c456249184/vid5e17f3a7d1e69717376754.jpg?cbuster=1591260924

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

2ded17a92a2004d652360a7db4972a8ffe7ae602c3994ea2fff94e3d1b7145b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:43 GMT
Last-Modified: Fri, 10 Jan 2020 03:47:19 GMT
Server: Tengine
ETag: "5e17f3c7-8dd5"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 36309
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK vid5ca4be109a752170747339.jpg
video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/ Frame 0543 10 KB
10 KB 40ms
35ms Image
image/jpeg 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn7/video/users/converted/24485/video_5c74e337b0b1c456249184/vid5ca4be109a752170747339.jpg?cbuster=1591260298

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

bd5304916cb80676de16ef1b0d3103574577a8e64870b5606cb7e22e4c2627a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:43 GMT
Last-Modified: Wed, 03 Apr 2019 14:07:57 GMT
Server: Tengine
ETag: "5ca4be3d-2634"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 9780
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

sync
x.bidswitch.net/ul_cb/ Frame 9FFE
Redirect Chain

https://x.bidswitch.net/sync?ssp=sekindo&user_id=5efaccede2058&custom_data=5efaccede2058&gdpr=1&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5efaccede2058&custom_data=5efaccede2058&gdpr=1&gdpr_consent=

43 B
411 B

31ms
30ms

Image
image/gif

18.194.86.89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5efaccede2058&custom_data=5efaccede2058&gdpr=1&gdpr_consent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.86.89 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-86-89.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Tue, 30 Jun 2020 05:26:06 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

status: 302
date: Tue, 30 Jun 2020 05:26:06 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5efaccede2058&custom_data=5efaccede2058&gdpr=1&gdpr_consent=
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

liveCS.php
live.sekindo.com/live/ Frame 9FFE
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=bdd0ea39-e226-4f34-a22c-9a85e9cbc669

0
347 B

37ms
37ms

Image
text/html

185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=bdd0ea39-e226-4f34-a22c-9a85e9cbc669
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:06 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: no-store
Content-Type: text/html; charset=utf-8

Redirect headers

status: 307
date: Tue, 30 Jun 2020 05:26:06 GMT
content-length: 0
location: https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=bdd0ea39-e226-4f34-a22c-9a85e9cbc669

GET
H/1.1 200
OK vid5e53e246175a5158734501.jpg
video.sekindo.com/uploads/cn4/video/users/converted/28530/video_5d5baf9fe4c32389620327/ Frame 18F5 6 KB
6 KB 127ms
33ms Image
image/jpeg 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://video.sekindo.com/uploads/cn4/video/users/converted/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.jpg?cbuster=1582555723

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),

Reverse DNS

Software

Tengine /

Resource Hash

14be6a0a8ec5070f1aac299ccff69379e9bf038148d5a1c5a66f772308f6e959

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://amli.sekindo.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:43 GMT
Last-Modified: Mon, 24 Feb 2020 14:49:43 GMT
Server: Tengine
ETag: "5e53e287-165d"
X-Cache-Status: HIT
Strict-Transport-Security: max-age=31536000
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 5725
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame 18F5 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 18F5 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame 9FFE 87 KB
4 KB 113ms
113ms XHR
application/json 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=1&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn4%2Fvideo%2Fusers%2Fconverted%2F28530%2Fvideo_5d5baf9fe4c32389620327%2Fvid5e53e246175a5158734501.mp4&vid_content_id=672778&vid_content_desc=Samsung+sorry+for+mysterious+alert&vid_content_title=Samsung+sorry+for+mysterious+alert&vid_content_duration=44&debugInformation=ABT+%2F+Prebid+%2F+5+%2F+default&x=320&y=180&fpl=0&pubUrl=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30362D33305F30387D7B7331323334383830387D7B433236307D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E5341764947526C5A6D46316248513D7D7B4C363631357DFEFE&isApp=0&geoLati=47.3925&geoLong=8.4546&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efaccede2058&cbuster=1593494766422&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30362D33305F30387D7B7331323334383830387D7B433236307D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E5341764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+5+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efaccede2058&debugInfo=12348808_ABT+%2F+Prebid+%2F+5+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=47.3925&geoLong=8.4546&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: cc4ac9da964deed6d44ceedc4b09f532cec4b92911f1bd8bb7fd5be1a7090670

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:06 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Content-Length: 3325

GET
H/1.1 200
OK liveView.php Show response
live.sekindo.com/live/ Frame 9FFE 24 KB
2 KB 55ms
55ms XHR
application/json 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=0&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn4%2Fvideo%2Fusers%2Fconverted%2F28530%2Fvideo_5d5baf9fe4c32389620327%2Fvid5e53e246175a5158734501.mp4&vid_content_id=672778&vid_content_desc=Samsung+sorry+for+mysterious+alert&vid_content_title=Samsung+sorry+for+mysterious+alert&vid_content_duration=44&debugInformation=ABT+%2F+Prebid+%2F+5+%2F+default&x=320&y=180&fpl=0&pubUrl=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30362D33305F30387D7B7331323334383830387D7B433236307D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E5341764947526C5A6D46316248513D7D7B4C363631357DFEFE&isApp=0&geoLati=47.3925&geoLong=8.4546&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efaccede2058&cbuster=1593494766423&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30362D33305F30387D7B7331323334383830387D7B433236307D7B53644768795A5746306347397A6443356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583330307D7B593235307D7B66317D7B7251554A554943386755484A6C596D6C6B494338674E5341764947526C5A6D46316248513D7D7B4C363631357DFEFE&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=ABT+%2F+Prebid+%2F+5+%2F+default&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C1005%2C1&csuuid=5efaccede2058&debugInfo=12348808_ABT+%2F+Prebid+%2F+5+%2F+default&debugPlayerSession=&sta=12348808&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed173akunvrojp&secondaryContent=&x=300&y=250&pubUrl=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=2&flow_width=320&flow_height=180&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=47.3925&geoLong=8.4546&vpTemplate=6615&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: 5124d9ffaa6f5a8a341e57171615594e04b1c65ecb73cc8d4379dece38fb7878

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:06 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Content-Length: 1806

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 18F5 11 KB
11 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto&display=swap
Origin: https://threatpost.com

Response headers

date: Tue, 09 Jun 2020 00:43:54 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 1831332
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Wed, 09 Jun 2021 00:43:54 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 69 KB
9 KB 322ms
322ms XHR
text/plain 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2211539553510100&correlator=3302475862971209&output=ldjh&impl=fifs&adsid=NT&eid=21066465%2C21066393&vrg=2020062201&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200630&iu_parts=21707124336%2CThreatPost-970x250-ATF%2CThreatPost-300x250-ATF%2CThreatPost-300x600-ATF%2CThreatPost-2x2-Skin&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x90%7C970x250%7C970x90%2C300x250%7C336x280%2C300x250%7C300x600%2C2x2&prev_scp=%7C%7Chb_adid_openx%3D55c6970dde89e4e%26hb_bidder_openx%3Dopenx%26dyn_bids%3D0.32%26hb_adid%3D55c6970dde89e4e%26hb_bidder%3Dopenx%7C&eri=1&cust_params=urlhost%3Dhttps%253A%252F%252Fthreatpost.com%252F%26urlpath%3D%252Fdarkcrewfriends-returns-botnet%252F156963%252F%26urlquery%3Dgoogfc%26contentid%3D156963%26category%3Dmalware-2%26contenttags%3Dbotnet%252Ccheck-point%252Ccode-execution%252Ccontent-management-systems%252Cdarkcrewfriends%252Cfile-upload-vulnerability%252Cphp-servers%252Czero-day-0&cookie_enabled=1&bc=31&abxe=1&lmt=1593494766&dt=1593494766477&dlt=1593494764986&idt=574&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C1082%2C1082%2C0&adys=10%2C257%2C1544%2C0&adks=1015519800%2C654286612%2C375389812%2C3385906655&ucis=1%7C2%7C3%7C4&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&dssz=41&icsg=176173059&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x90%7C300x250%7C300x250%7C1600x2&msz=728x90%7C300x250%7C300x250%7C1600x2&ga_vid=916429841.1593494766&ga_sid=1593494766&ga_hid=2098283780&fws=0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020062201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

f1c5b151c572a28606abf9805487e0274993f217328e2c5cf89ede171dbc267b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9359
x-xss-protection: 0
google-lineitem-id: 5409322485,5409322485,5409322485,5283645110
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138315549122,138315977776,138315549194,138301519116
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://threatpost.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
4c4dbcdaf7106a197f7f1f31a711091f.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 52ms
14ms Other
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://4c4dbcdaf7106a197f7f1f31a711091f.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 6ms
5ms Other
text/html 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 pixel;r=249896190;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F;fpan=1;fpa=P0-695564061-1593494766510;ns=0;ce=1;qjs=1;qv=3d595974-2...
pixel.quantserve.com/ 35 B
371 B 8ms
8ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=249896190;source=gtm;rf=0;a=p-_7kVx0t9Jqj90;url=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F;fpan=1;fpa=P0-695564061-1593494766510;ns=0;ce=1;qjs=1;qv=3d595974-20200604132620;cm=;gdpr=0;ref=;d=threatpost.com;je=0;sr=1600x1200x24;enc=n;dst=1;et=1593494766509;tzo=-120;ogl=image.https%3A%2F%2Fmedia%252Ethreatpost%252Ecom%2Fwp-content%2Fuploads%2Fsites%2F103%2F2019%2F11%2F14090552%2Fbotne%2Ctype.article%2Ctitle.DarkCrewFriends%20Returns%20with%20Botnet%20Strategy%2Cdescription.The%20botnet%20can%20be%20used%20to%20mount%20different%20kinds%20of%20attacks%252C%20including%20code-execu%2Curl.https%3A%2F%2Fthreatpost%252Ecom%2Fdarkcrewfriends-returns-botnet%2F156963%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:06 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
status: 200
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 9FFE 0
215 B 325ms
234ms XHR
application/json 18.194.51.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.51.59 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-51-59.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 9FFE 0
59 B 158ms
158ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 30 Jun 2020 05:26:06 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

GET
H/1.1 200
OK chunklist_640.m3u8 Show response
video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/ Frame 9FFE 361 B
761 B 2392ms
2017ms XHR
application/vnd.apple.mpegurl 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/chunklist_640.m3u8
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 6e0596addc8d485b669ec71db4df85833e91fbb20a2ac431e8ab5d2333312e9f

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:46 GMT
Last-Modified: Mon, 24 Feb 2020 14:50:25 GMT
Server: Tengine
ETag: "5e53e2b1-169"
Content-Type: application/vnd.apple.mpegurl
Access-Control-Allow-Origin: *
Expires: Tue, 07 Jul 2020 05:25:46 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 361
X-Proxy-Cache: HIT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/NMoy4HgGiLr5NAQaEQa2ho8X/ 323 KB
127 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/NMoy4HgGiLr5NAQaEQa2ho8X/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=explicit&ver=5.4.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1533bc39e2dd8ede3893909d6f42760e0598d075951447afe88158e57b0961a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 16:39:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Jun 2020 20:56:25 GMT
server: sffe
age: 564394
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 129939
x-xss-protection: 0
expires: Wed, 23 Jun 2021 16:39:32 GMT

GET
H2 200 flipboard.svg
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/ 236 B
567 B 308ms
308ms Image
image/svg+xml 2600:9000:2190:9e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/img/flipboard.svg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70

Request headers

Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=b0ee8769
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Tue, 30 Jun 2020 05:26:06 GMT
content-encoding: gzip
last-modified: Mon, 29 Jun 2020 07:42:52 GMT
server: nginx
x-amz-cf-pop: ZRH50-C1
etag: W/"5ef99b7c-ec"
x-cache: Miss from cloudfront
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
x-amz-cf-id: DOlVCrLl9GomXyS5EJbo3ffW8DZ57WusvsIHTTZ6azUdILBdBg0bwA==
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
expires: Tue, 07 Jul 2020 05:26:06 GMT

GET
H2 200 fontawesome-webfont.woff2
assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 75 KB
76 KB 728ms
699ms Font
font/woff2 2600:9000:2190:9e00:2:9275:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.threatpost.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2190:9e00:2:9275:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://assets.threatpost.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/css/dist/block-library/style.min.css,wp-content/plugins/wds-rss-builder/includes/css/select2.min.css,wp-content/plugins/wds-rss-builder/includes/css/wds-rss.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/plugins/pullquote-shortcode/css/pullquote-shortcode.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css,wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=b0ee8769
Origin: https://threatpost.com

Response headers

date: Tue, 30 Jun 2020 05:26:07 GMT
via: 1.1 a4f3f56409fe4e0b42683dc15dd52ef8.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
status: 200
content-length: 77160
pragma: public
last-modified: Mon, 29 Jun 2020 07:42:53 GMT
server: nginx
etag: "5ef99b7d-12d68"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, public
accept-ranges: bytes
x-amz-cf-id: 73pX5MERIvL8UCVXyEhuJtbMrv8O6fBB4suqpyVaC2YXv-z3thaU9Q==
expires: Wed, 30 Jun 2021 05:26:07 GMT

GET
H/1.1 200
OK photo-newsletter.jpg
threatpost.com/wp-content/themes/threatpost-2018/assets/images/ 83 KB
83 KB 3403ms
241ms Image
image/jpeg 35.173.160.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://threatpost.com/wp-content/themes/threatpost-2018/assets/images/photo-newsletter.jpg
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.160.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-160-135.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 940e0c3385928422aae38e1a74f1d84b462d8ce1a056c686fde505a0bf3162bb

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: public
Date: Tue, 30 Jun 2020 05:26:09 GMT
Last-Modified: Mon, 29 Jun 2020 07:42:53 GMT
Server: nginx
ETag: "5ef99b7d-14c88"
Content-Type: image/jpeg
Cache-Control: max-age=604800, public
Connection: close
Accept-Ranges: bytes
Content-Length: 85128
Expires: Tue, 07 Jul 2020 05:26:09 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
652 B 2465ms
160ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=ntt0j&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 120
pragma: no-cache
last-modified: Tue, 30 Jun 2020 05:26:09 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 38a9fbc8829a13a51acc54c91fbb9fe4
x-transaction: 00551373008243f5
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame 0EE0 0
0 31ms
31ms Document
text/html 2a00:1450:4001:818::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&theme=standard&size=normal&cb=qvwq7ydq5nf3

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qWV3GWr4W6YatWg3+GmNgQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&theme=standard&size=normal&cb=qvwq7ydq5nf3
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 30 Jun 2020 05:26:06 GMT
content-security-policy: script-src 'report-sample' 'nonce-qWV3GWr4W6YatWg3+GmNgQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10414
server: GSE
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 / Show response
graph.facebook.com/ 76 B
488 B 61ms
47ms XHR
application/json 2a03:2880:f02d:e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ac53ffbc6bb9d9c246d72c17775a0f9803bd58760521417a44acbfbb194622fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
etag: "c2d79090399bc6a8cf6bbfef10ec4df65ca6bca3"
status: 200
x-fb-rev: 1002310961
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 76
pragma: no-cache
x-fb-debug: Lt/WuvgLGKOpxZ/hm6+Wso0qZkbMrL6zDiYTTfc8VyEZLQOQl2CPga0NJoVW3Cdipj2mIO8gC6kGDTSGYCRW+g==
x-fb-trace-id: Cdrgr4stAWB
date: Tue, 30 Jun 2020 05:26:06 GMT, Tue, 30 Jun 2020 05:26:06 GMT
content-type: application/json
access-control-allow-origin: *
x-fb-request-id: A2Qfexp9Wyjs74Q7VBeBgKY
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v3.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 404 share
www.linkedin.com/countserv/count/ 0
0 120ms
103ms Script
text/html 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.linkedin.com/countserv/count/share?url=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&format=jsonp&callback=jQuery112407044719804200226_1593494765685&_=1593494765686
Requested by: Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 info.json Show response
www.reddit.com/api/ 102 B
1 KB 3369ms
185ms XHR
application/json 199.232.53.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F

Requested by

Host: threatpost.com
URL: https://threatpost.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.53.140 Manchester, United Kingdom, ASN54113 (FASTLY, US),

Reverse DNS

Software

snooserv /

Resource Hash

f4f2c0a4763f01ee2b13b4f8189e6fd5f32bd704d71fed8d0f11883de9724198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:10 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
status: 200
content-length: 102
x-xss-protection: 1; mode=block
x-served-by: cache-man4135-MAN
x-moose: majestic
expires: -1
server: snooserv
x-timer: S1593494770.911047,VS0,VE130
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame 9442 0
0 30ms
30ms Document
text/html 2a00:1450:4001:818::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&theme=light&size=normal&cb=i4d0jsybnugy

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2xtQPnB7EaqRw9QiaUgpNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&co=aHR0cHM6Ly90aHJlYXRwb3N0LmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&theme=light&size=normal&cb=i4d0jsybnugy
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 30 Jun 2020 05:26:06 GMT
content-security-policy: script-src 'report-sample' 'nonce-2xtQPnB7EaqRw9QiaUgpNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10370
server: GSE
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bl-cc9018f-0230b781.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 72BB 90 KB
37 KB 19ms
17ms Script
application/javascript 13.224.102.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-cc9018f-0230b781.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.26 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-26.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5b5b4cc32a1cca6751686cf0f839a563725139cc45ff9b1fdd2c57ac54e1700f

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 16:25:18 GMT
content-encoding: gzip
age: 46849
x-cache: Hit from cloudfront
status: 200
content-length: 37792
x-amz-meta-git_commit: cc9018f
last-modified: Mon, 29 Jun 2020 15:54:47 GMT
server: AmazonS3
etag: "22c6c2e2b1e84e330775f7fdca3bebf5"
x-amz-version-id: k4xE79NGi7d0U05aeFs0DGty_j5DxvHW
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: ebotYzeJRhrBiXjTRexn_i5Es5JJewA_wlr27Qd5IblAPqjVZNpRnA==

GET
H2 200 b-8ce16fa.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 72BB 35 KB
12 KB 19ms
17ms Script
application/javascript 13.224.102.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-8ce16fa.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.26 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-26.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82778d6bab0bf693d922b290e21dc5766bc0d7dcc15fb8cbf96223449f07a662

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 21 May 2020 21:03:32 GMT
content-encoding: gzip
age: 3399755
x-cache: Hit from cloudfront
status: 200
content-length: 12279
x-amz-meta-git_commit: 8ce16fa
last-modified: Thu, 21 May 2020 20:57:10 GMT
server: AmazonS3
etag: "1ee78bd32c1d4d051f9e148b667e3f17"
x-amz-version-id: AuxBHdwSL09yrCmxb.j1gjSlW7v1d09f
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: Ygmhb4zJiWSv4gagi2Nm6NeIyljgf3Hutlw4reTGADIPgzc9fMCHaA==

GET
H2 200 bl-cc9018f-0230b781.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame AE79 90 KB
37 KB 16ms
15ms Script
application/javascript 13.224.102.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-cc9018f-0230b781.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.26 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-26.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5b5b4cc32a1cca6751686cf0f839a563725139cc45ff9b1fdd2c57ac54e1700f

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 16:25:18 GMT
content-encoding: gzip
age: 46849
x-cache: Hit from cloudfront
status: 200
content-length: 37792
x-amz-meta-git_commit: cc9018f
last-modified: Mon, 29 Jun 2020 15:54:47 GMT
server: AmazonS3
etag: "22c6c2e2b1e84e330775f7fdca3bebf5"
x-amz-version-id: k4xE79NGi7d0U05aeFs0DGty_j5DxvHW
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: miak4P2BBiO60smPBsK15FnM3HiC2OhuFG9-Bj6HYk2RaLM3TUIYRA==

GET
H2 200 b-8ce16fa.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame AE79 35 KB
12 KB 16ms
16ms Script
application/javascript 13.224.102.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-8ce16fa.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.26 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-26.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82778d6bab0bf693d922b290e21dc5766bc0d7dcc15fb8cbf96223449f07a662

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 21 May 2020 21:03:32 GMT
content-encoding: gzip
age: 3399755
x-cache: Hit from cloudfront
status: 200
content-length: 12279
x-amz-meta-git_commit: 8ce16fa
last-modified: Thu, 21 May 2020 20:57:10 GMT
server: AmazonS3
etag: "1ee78bd32c1d4d051f9e148b667e3f17"
x-amz-version-id: AuxBHdwSL09yrCmxb.j1gjSlW7v1d09f
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: rhNxKpvNdKPRUjbcazyA59NodvdsMHdcfTkchp8Mw_4wz1eMNGeXiw==

GET
H2 200 bl-cc9018f-0230b781.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame BE2D 90 KB
37 KB 16ms
15ms Script
application/javascript 13.224.102.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-cc9018f-0230b781.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.26 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-26.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5b5b4cc32a1cca6751686cf0f839a563725139cc45ff9b1fdd2c57ac54e1700f

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 16:25:18 GMT
content-encoding: gzip
age: 46849
x-cache: Hit from cloudfront
status: 200
content-length: 37792
x-amz-meta-git_commit: cc9018f
last-modified: Mon, 29 Jun 2020 15:54:47 GMT
server: AmazonS3
etag: "22c6c2e2b1e84e330775f7fdca3bebf5"
x-amz-version-id: k4xE79NGi7d0U05aeFs0DGty_j5DxvHW
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: _9tPZZK_ntaeNd_pFhbmVGuOR-WAmIGUrjx8-0hrHPUWqEkz08pXcA==

GET
H2 200 b-8ce16fa.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame BE2D 35 KB
12 KB 16ms
16ms Script
application/javascript 13.224.102.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-8ce16fa.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.26 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-26.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82778d6bab0bf693d922b290e21dc5766bc0d7dcc15fb8cbf96223449f07a662

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 21 May 2020 21:03:32 GMT
content-encoding: gzip
age: 3399755
x-cache: Hit from cloudfront
status: 200
content-length: 12279
x-amz-meta-git_commit: 8ce16fa
last-modified: Thu, 21 May 2020 20:57:10 GMT
server: AmazonS3
etag: "1ee78bd32c1d4d051f9e148b667e3f17"
x-amz-version-id: AuxBHdwSL09yrCmxb.j1gjSlW7v1d09f
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 2dXAN4ev99-XNODUyB6sbNlnMD6VvtN2pUFiFIeE8VbUH7kGrwKEFw==

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 9FFE 0
215 B 2061ms
2061ms XHR
application/json 18.194.51.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.51.59 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-51-59.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 9FFE 143 B
838 B 2057ms
2057ms XHR
application/json 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

e78c534980130d16ea4995e561be8fe0d0fb0acd62182032360513c86149963b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:08 GMT
X-Proxy-Origin: 185.236.201.148; 185.236.201.148; 731.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.41:80
AN-X-Request-Uuid: 2ad04542-56a1-4348-a864-30f3112c8692
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ Frame 9FFE 24 B
1 KB 2057ms
2056ms XHR
application/json 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=435870&v=8.1&r=%7B%22id%22%3A%22978adc2a5340c6%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2210c2240071b80e7%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22320x180%22%7D%2C%22bidfloor%22%3A1.8%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22api%22%3A%5B1%2C2%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A320%2C%22h%22%3A180%2C%22placement%22%3A1%7D%7D%2C%7B%22id%22%3A%2211f31bf69324d26%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435871%22%2C%22sid%22%3A%22320x180%22%7D%2C%22bidfloor%22%3A1.8%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22api%22%3A%5B1%2C2%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A320%2C%22h%22%3A180%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&nf=1&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7761b2ea03767958824d78022ef5f3cea3c82f06472465b3925ce967921f23e9

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:07 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 44
Expires: Tue, 30 Jun 2020 05:26:07 GMT

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame 9FFE 92 B
286 B 2056ms
2056ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=6453cf19-a065-48c5-b1a0-cc20b6b4975c&nocache=1593494766907&gdpr_consent=&gdpr=1&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&skip=1&auid=540882778&vwd=320&vht=180&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.188.0 /
Resource Hash: 004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:06 GMT
via: 1.1 google
server: OXGW/16.188.0
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 92
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 9FFE 0
59 B 2054ms
2053ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 30 Jun 2020 05:26:06 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

GET
H2 200 bl-cc9018f-0230b781.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 07A8 90 KB
37 KB 2285ms
2284ms Script
application/javascript 13.224.102.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/bl-cc9018f-0230b781.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.26 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-26.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5b5b4cc32a1cca6751686cf0f839a563725139cc45ff9b1fdd2c57ac54e1700f

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 16:25:18 GMT
content-encoding: gzip
age: 46851
x-cache: Hit from cloudfront
status: 200
content-length: 37792
x-amz-meta-git_commit: cc9018f
last-modified: Mon, 29 Jun 2020 15:54:47 GMT
server: AmazonS3
etag: "22c6c2e2b1e84e330775f7fdca3bebf5"
x-amz-version-id: k4xE79NGi7d0U05aeFs0DGty_j5DxvHW
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: _p6gNr1YwSadE17Ah2EquxpBR-URo-0KTOCYaRzRpvgxfF-dEbj6aw==

GET
H2 200 b-8ce16fa.js Show response
tagan.adlightning.com/math-aids-threatpost/ Frame 07A8 35 KB
12 KB 2311ms
2311ms Script
application/javascript 13.224.102.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/math-aids-threatpost/b-8ce16fa.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.26 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-26.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82778d6bab0bf693d922b290e21dc5766bc0d7dcc15fb8cbf96223449f07a662

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 21 May 2020 21:03:32 GMT
content-encoding: gzip
age: 3399757
x-cache: Hit from cloudfront
status: 200
content-length: 12279
x-amz-meta-git_commit: 8ce16fa
last-modified: Thu, 21 May 2020 20:57:10 GMT
server: AmazonS3
etag: "1ee78bd32c1d4d051f9e148b667e3f17"
x-amz-version-id: AuxBHdwSL09yrCmxb.j1gjSlW7v1d09f
via: 1.1 d4ab4520827d99650a0d233539c37425.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: -NKivKKl5ulzIMO7GzPhPoT0IN1QeJRKdWcp6xCniyeM2aGSSx1-vA==

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012005272217000/ Frame 72BB 202 KB
55 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005272217000/amp4ads-v0.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5233691dffa51e70ae8b66c53b31324e7dfb405de2b01b0bebb41ed2fd52f58a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 25466
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56211
x-xss-protection: 0
server: sffe
date: Mon, 29 Jun 2020 22:21:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9687f63ba3c32530"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Jun 2021 22:21:41 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012005272217000/v0/ Frame 72BB 97 KB
29 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005272217000/v0/amp-analytics-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97361dda3d036caf25e270fe716db15f530cfa40f3c6a165d1a6e76a4ac17183

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 25493
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29912
x-xss-protection: 0
server: sffe
date: Mon, 29 Jun 2020 22:21:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8ebd5537ed53cc8f"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Jun 2021 22:21:14 GMT

GET
H2 200 12315433651301751458
tpc.googlesyndication.com/simgad/ Frame 72BB 82 KB
82 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12315433651301751458

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a22d2d046d97851fda2dc73adf31826b4ab7f7fe44f4856a8570c73b5102102

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 18:50:03 GMT
x-content-type-options: nosniff
age: 38164
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 83748
x-xss-protection: 0
last-modified: Mon, 29 Jun 2020 18:09:14 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Jun 2021 18:50:03 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 72BB 0
312 B 1879ms
1878ms Image
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv1iO9d1rc2Eo1HXIJGxxtnJN7y2Yo01cPyr1j4kaXDCQGwOY5bLF842DO_6Fn8V5Utpp-ibwu-eUnUOD4Niz2Fy1MUg6RMtHaURldCaVFaNits26AuuNSmnhdS_Q7HB4UoGkpR83jtD3I571d-8XWygctQTj1-b_1h48FtFcryLloHNosLOnjEREzEHpZXYfKh1YkG5e-ag7zV_GXKUSwJKr-cLXW40tVy2sEvFYMAWCbn1uZGymihu-cSUs2dOIlmIzZlRW_FSZkjnCj1GWxkpxWu&sai=AMfl-YQuekIfcnAEPXCV5ha8XUaAScMCHxgUlOE6xv2cBppsNGCRYjns76QNkYSbZlLsFFlgU3aCG0lawDgCGXUsoQrV0af8XfSSnTTovIgGEg&sig=Cg0ArKJSzDyGxRNnyB9WEAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Jun 2020 05:26:08 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 30 Jun 2020 05:26:08 GMT

GET
DATA 200
OK truncated
/ Frame 72BB 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7802c6b2bc2624efc01241b88b2b2fb96030b95f46771a0f437addeb86060a61

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012005272217000/ Frame AE79 202 KB
55 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005272217000/amp4ads-v0.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5233691dffa51e70ae8b66c53b31324e7dfb405de2b01b0bebb41ed2fd52f58a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 25466
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56211
x-xss-protection: 0
server: sffe
date: Mon, 29 Jun 2020 22:21:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9687f63ba3c32530"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Jun 2021 22:21:41 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012005272217000/v0/ Frame AE79 97 KB
29 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005272217000/v0/amp-analytics-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97361dda3d036caf25e270fe716db15f530cfa40f3c6a165d1a6e76a4ac17183

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 25493
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29912
x-xss-protection: 0
server: sffe
date: Mon, 29 Jun 2020 22:21:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8ebd5537ed53cc8f"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Jun 2021 22:21:14 GMT

GET
H2 200 4367145008806213335
tpc.googlesyndication.com/simgad/ Frame AE79 33 KB
33 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4367145008806213335

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8011927266f67730cbd0fa135ce4180e5a671d39310d44eca866461408d19d7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 18:29:04 GMT
x-content-type-options: nosniff
age: 39423
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33598
x-xss-protection: 0
last-modified: Mon, 29 Jun 2020 18:09:12 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Jun 2021 18:29:04 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame AE79 0
274 B 1816ms
1815ms Image
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstRIsLCz_65rMLWaC6LPPvB4jtD_lfXuRrY-msoxX4zCqTtyFPG7JlgnOzelBlntZplB-yYQv6udHQPL_Eq3RRBq6PA9SG5lVVGgD4E9-0bbJTxCo2d4v0xEv3CM8mH3R5ptLr-6GB8lEfetbqTm6LrYHcmyDR-kijvDjbYPpQ7WZ9ZYWwBJCh_pIk17EgJWlfMmWN9YESv7Vu5fqZEct95v1axpaQUd30WOHTHPOE3DMAWbLG68sIyF9rBTYWlbDQLKeCq0Gig5pXnkc_oO7HHFm2v&sai=AMfl-YQPoH6W1M_kpM3kmVXjyIgiJS1Q0UgXbrDnQPYcL5vg7M2rsLrHcbHL5dtwzyfRJmryGCzDgb51dkHt-A3t71sQKw5rG_Sa19KNSVbwjg&sig=Cg0ArKJSzHhceMJ3glxSEAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Jun 2020 05:26:08 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 30 Jun 2020 05:26:08 GMT

GET
DATA 200
OK truncated
/ Frame AE79 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b2c7f85c5fcb5c67c99797b48affc9b3dece6f7b4db4aeef6f7674f498103a37

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012005272217000/ Frame BE2D 202 KB
55 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005272217000/amp4ads-v0.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5233691dffa51e70ae8b66c53b31324e7dfb405de2b01b0bebb41ed2fd52f58a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 25466
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56211
x-xss-protection: 0
server: sffe
date: Mon, 29 Jun 2020 22:21:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9687f63ba3c32530"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Jun 2021 22:21:41 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012005272217000/v0/ Frame BE2D 97 KB
29 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005272217000/v0/amp-analytics-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97361dda3d036caf25e270fe716db15f530cfa40f3c6a165d1a6e76a4ac17183

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 25493
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29912
x-xss-protection: 0
server: sffe
date: Mon, 29 Jun 2020 22:21:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8ebd5537ed53cc8f"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Jun 2021 22:21:14 GMT

GET
H2 200 8306132717291254282
tpc.googlesyndication.com/simgad/ Frame BE2D 59 KB
59 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8306132717291254282

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40f766cd64caff04695f4a8fb4311663c9ff4b6f9a8480c80d6394943f3f6bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 29 Jun 2020 18:50:03 GMT
x-content-type-options: nosniff
age: 38164
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60186
x-xss-protection: 0
last-modified: Mon, 29 Jun 2020 18:09:12 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Jun 2021 18:50:03 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame BE2D 0
273 B 1775ms
1775ms Image
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssVWwLhPS8R_aH3PbRO2UV4c1M5bqzWqifTjOyAStCBG5T0ESFlgI2x7mspWe5GJHxRmXATeyDjR3pulsT07DXjzsXRDVl2B6k_wBa59_Ui0vQdWpGzNBWS6SUTCfhxePoqeYEupVB7dW5Va6RumCrR7PIV826suQsDHoykdeIq1wGI1-K7BqJ1gwzFO6Ba3qM2ho2-avlC97hgHGvuDbpEQwtytVNWxoY1J_VlBSJfmpvWR9LMqbDtCKocXzcjH7kFIycJBxicD-uLyV3iDyzsCWOR&sai=AMfl-YQB7QxvBvwB9rzbbcYFrWrqP7TFzP-PHBbaCE8CqKY-AjjK-sJyzFBPgbT9SE_0tyJdn4a9RCUFBP_5gUW5MZNTMoTjyTsMdC3gNtV03g&sig=Cg0ArKJSzDxHEinj7FX3EAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Jun 2020 05:26:08 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 30 Jun 2020 05:26:08 GMT

GET
DATA 200
OK truncated
/ Frame BE2D 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 72ca323974fe6363c3c952135cb6f0ed119f95012a79813215ec93b98417535b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bframe
www.google.com/recaptcha/api2/ Frame 9689 0
0 20ms
17ms Document
text/html 2a00:1450:4001:818::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=v3yuiyt7481w

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MK+MVLB+6Lw7pVib+PJc8g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6Lfgf_8SAAAAADYbQAnKFOk7cvnWbkqo6y57-4-U&cb=v3yuiyt7481w
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 30 Jun 2020 05:26:07 GMT
content-security-policy: script-src 'report-sample' 'nonce-MK+MVLB+6Lw7pVib+PJc8g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1178
server: GSE
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bframe
www.google.com/recaptcha/api2/ Frame B9DA 0
0 18ms
18ms Document
text/html 2a00:1450:4001:818::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=suoag717n2bz

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids-threatpost/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fiXWGVvIkUKdoo3oBE8H0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6LehhAETAAAAAAcsm2ZGDsLCqyGhesy4Yn43WNBe&cb=suoag717n2bz
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 30 Jun 2020 05:26:07 GMT
content-security-policy: script-src 'report-sample' 'nonce-fiXWGVvIkUKdoo3oBE8H0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1174
server: GSE
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 72BB 0
273 B 1479ms
1479ms Image
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstqybCjVUftthRTjoS45FOSNj9Fi8ktI8ggZDxxW217CVivbDaq052tsz1YKAqIzTqlLX6Eta596K30v4brKTn4t21xQbvXEDhGg_4cUPwSFpw1IjBUyW7QX-yKlBwmaARQGZMjmJg75ZnZ2CfVS1MaEJiPNoMk5b-p13tVbjpdjDmyXjwkLq09E3tSpdM5fT1c37-7lsFYMDYi5nA3bAXA4O2ytuStsCkt4t3k4OE3qTXZlq8c_T6r94FAi_-trX4aIocvF2sQkzViuJku21DfLYmCqvk&sai=AMfl-YRmbn-f5QuxpMvl8NOkbQF8Dcx2-SO3b0Ai3AeQMv3_xVsc04WqlZzvbQPEvCdUCSNgM1EWjdwugZ7sDzLw9Q3oss-DQOlIcLBshc0FVQ&sig=Cg0ArKJSzEyUxPSIPq-EEAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Jun 2020 05:26:09 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 30 Jun 2020 05:26:09 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame AE79 0
296 B 1443ms
1443ms Image
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvxFx67B-voIFO9RbnvsLsd5NqvnT1TLeO9sr7f2ej_sOfE3BhTjZv0LU12XyR1Yu1MebIWKIHnAIIkwSdFxBNH7-8ld5l4smOLkfu5JSk7OmClHP8lP16495PzTsEAkaEttnGSdulVzMDS63jtYczVN4hzpTR98clHDKxYZK0UByXZ1e1FTPA_SdMP0mHVbSoOAdp6fgF-_7EucK0ghYP5j4jxhGd7SuSKROu1pYYuQq6uQECKu_4_nJPU1EsrUeuVuZngf9H2Xfzr0IcMMWqSme3qF-c&sai=AMfl-YSWXYikU2p_imaVmotxHkF_omjYf5iBn0PJS8-tsGQN5iqigwKihIRhafhrBF6_UT9hV3bQupj0PfZiWuO0ExL2Wf0LgiDCdsPzh4YZHQ&sig=Cg0ArKJSzMarCGxRZR6UEAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Jun 2020 05:26:09 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 30 Jun 2020 05:26:09 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame BE2D 0
272 B 1438ms
1438ms Image
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsudnneZoB3fdLNVJ6LkKcQ9cLR9V9eqlyaPv1asNtGbd-MtGNDPw17YOdsKGEfxzOuBOZJ3eVHnW6QyYSnVRmvnBDNUVOUsGkNrVoC5kOSlpXy2mkGRp9dlb0b027K4Ax1BbH-IXQXHk7OOoRjw-Cx7JX5XNKnS_eoNlt4W1Tw4eUXIDv_-K3W4Jq-9Opv11gs7qUbUO1nez2KQuu8PPEI_G8OQKUX-ZmSnhUF1bIxLU5YfG59BfpHIDzDfT5AFMa6mZC6rNEwIDE2qcTBj6DT264EgZCE&sai=AMfl-YRJj7JrvDRama2wq_eZYwy1Bz3WrWa20v48rA3i9KSukhrHe6QT2BfY2XcgZ18Vc35a_-OwXe1WvfdKhR4w07LxOAUtAPyxhtdTzMiHfg&sig=Cg0ArKJSzAuKcnqFkrS0EAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Jun 2020 05:26:09 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 30 Jun 2020 05:26:09 GMT

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 0169 0
0 1071ms
1070ms Document
text/html 104.111.215.68
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.68 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-68.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=159196:2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

Last-Modified: Tue, 14 Apr 2020 10:27:52 GMT
ETag: "13006b6-a4bb-5a33da6f1a023"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 15243
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=82723
Expires: Wed, 01 Jul 2020 04:24:51 GMT
Date: Tue, 30 Jun 2020 05:26:08 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

204

sync
pixel.advertising.com/ups/55953/ Frame 9FFE
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
https://pixel.advertising.com/ups/55953/sync?uid=151f9701-e432-4b28-8df9-a3137db374f4&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=151f9701-e432-4b28-8df9-a3137db374f4

0
124 B

23ms
22ms

Image
text/plain

52.59.138.183
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55953/sync?uid=151f9701-e432-4b28-8df9-a3137db374f4&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=151f9701-e432-4b28-8df9-a3137db374f4

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.59.138.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-59-138-183.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Tue, 30 Jun 2020 05:26:09 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:09 GMT
x-aspnet-version: 4.0.30319
status: 302
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.advertising.com/ups/55953/sync?uid=151f9701-e432-4b28-8df9-a3137db374f4&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=151f9701-e432-4b28-8df9-a3137db374f4
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 369

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/57304/ Frame 9FFE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc
https://pixel.advertising.com/ups/57304/sync?uid=CAESEMIsvAUQEA8qwSMAyIFuaMY&google_cver=1
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEMIsvAUQEA8qwSMAyIFuaMY&google_cver=1&apid=1A326b5600-ba92-11ea-8a7f-120ea4e1ae80
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEMIsvAUQEA8qwSMAyIFuaMY&google_cver=1&apid=1A326b5600-ba92-11ea-8a7f-120ea4e1ae80&verify=true

0
977 B

30ms
29ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEMIsvAUQEA8qwSMAyIFuaMY&google_cver=1&apid=1A326b5600-ba92-11ea-8a7f-120ea4e1ae80&verify=true

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.113 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:26:09 GMT
Server: ATS/7.1.2.113
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

Date: Tue, 30 Jun 2020 05:26:09 GMT
Server: ATS/7.1.2.113
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEMIsvAUQEA8qwSMAyIFuaMY&google_cver=1&apid=1A326b5600-ba92-11ea-8a7f-120ea4e1ae80&verify=true
Connection: keep-alive
Content-Length: 0

GET

sync
sync.adap.tv/ Frame 9FFE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D&_test=XvrM8QAAAIkzhAFU
https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XvrM8QAAAIkzhAFU&_test=XvrM8QAAAIkzhAFU

0
0

GET
H2 200 %7Bcombo_uid%7D
pr-bh.ybp.yahoo.com/sync/adaptv_ortb/ Frame 9FFE 43 B
841 B 140ms
43ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/adaptv_ortb/%7Bcombo_uid%7D

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 30 Jun 2020 05:26:09 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
status: 200
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0543 0
379 B 37ms
36ms Image
text/html 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=36&serverTime=1593494766&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%205%20%2F%20default&isApp=0&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efaccede2058&contentFileId=0&mediaPlayListId=0&cbuster=1593494768527&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:09 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 72BB 42 B
107 B 14ms
14ms Image
image/gif 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsut0rQatXJ6gMtfXEYdsjr24ioq_N93T9BcN2t_EhRFc8r98AgnBnbqMAV5XVVvIJuIXd3_iQgEwoXD02z1PMoDpcQWJH9tk0YzBo0IaM8&sig=Cg0ArKJSzCVaSqghK9yoEAE&id=ampim&o=315,10&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,0,1001,1001&tos=0,0,0,1001,0&tfs=224&tls=1225&g=100&h=100&tt=1225&r=v&avms=ampa&adk=1015519800

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame AE79 42 B
107 B 15ms
14ms Image
image/gif 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstPbx9_IR6WLTXlPtqD5agCfIluc6Ino9bgRe6kaJ9zr1DDhcbCP9jzQdR0LMrjRvB3pcCcXmf16zu2gyBtxRWyUcwr7u5l5b4qyEycMCE&sig=Cg0ArKJSzG-JF5QTwczLEAE&id=ampim&o=1082,417&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=200&tls=1200&g=100&h=100&tt=1200&r=v&avms=ampa&adk=654286612

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 9FFE 0
1 KB 123ms
61ms XHR
application/json 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:08 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://threatpost.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame 9FFE 173 B
381 B 62ms
20ms XHR
application/json 52.58.66.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.66.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-66-178.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: ddfa1fb89c91c56f44a4d620e75247c3fa7e8d2e0b88ea0dbc4efc770cbef00d

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:09 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 168
expires: 0

GET
H2 200 avjp Show response
primis-d.openx.net/v/1.0/ Frame 9FFE 92 B
400 B 108ms
107ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://primis-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=a71de21f-5b07-4bde-8650-ef92ff0eeb6b&nocache=1593494768977&gdpr_consent=&gdpr=1&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C!primis.tech%2C19668%2C1%2C%2C%2C&skip=1&auid=540392761&vwd=320&vht=180&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.188.0 /
Resource Hash: 004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:09 GMT
via: 1.1 google
server: OXGW/16.188.0
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 92
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 204
No Content 171621 Show response
search.spotxchange.com/openrtb/2.3/dados/ Frame 9FFE 0
1 KB 151ms
65ms XHR
application/json 185.94.180.123
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/171621
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.123 , Netherlands, ASN35220 (SPOTX-AMS, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 30 Jun 2020 05:26:09 GMT
X-SpotX-Timing-Transform: 0.000273
X-SpotX-Timing-SpotMarket: 0.031985
X-SpotX-Timing-Page-Mux: 0.000267
X-SpotX-Timing-Page-Require: 0.000338
X-fe: 110
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000025
X-SpotX-Timing-Page: 0.035878
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000323
Last-Modified: Tue, 30 Jun 2020 05:26:09 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.012011
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
X-SpotX-Timing-Page-Misc: 0.002630
X-SpotX-Timing-Page-Exception: 0.000000
X-SpotX-Timing-SpotMarket-Secondary: 0.019974
X-SpotX-Timing-Page-URI: 0.000037
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK w_640_000.ts Show response
video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/ Frame 9FFE 463 KB
463 KB 52ms
51ms XHR
video/mp2t 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/w_640_000.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 2887ab4d533195dfe9fdfc547ef7f1aedaea57c79c91e6340f77a9ebe56de328

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:46 GMT
Last-Modified: Mon, 24 Feb 2020 14:50:21 GMT
Server: Tengine
ETag: "5e53e2ad-73c18"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 07 Jul 2020 05:25:46 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 474136
X-Proxy-Cache: HIT

GET
BLOB 200
OK 23b414f2-5745-4544-9c92-da4adbcdde52
https://threatpost.com/ Frame 9FFE 63 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://threatpost.com/23b414f2-5745-4544-9c92-da4adbcdde52
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 64352
Content-Type: text/javascript

GET
H/1.1 200
OK w_640_001.ts Show response
video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/ Frame 9FFE 462 KB
462 KB 35ms
33ms XHR
video/mp2t 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/w_640_001.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: b9074b1b24c8737faa58c4bfb5026386c9b09f231a124b9f3c6c4d72610ceecc

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:46 GMT
Last-Modified: Mon, 24 Feb 2020 14:50:21 GMT
Server: Tengine
ETag: "5e53e2ad-73638"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 07 Jul 2020 05:25:46 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 472632
X-Proxy-Cache: HIT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0543 0
379 B 37ms
35ms Image
text/html 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=16&serverTime=1593494766&s=0&sta=12348808&x=320&y=180&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%205%20%2F%20default&isApp=0&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efaccede2058&contentFileId=672778&mediaPlayListId=5946&playerVer=3.0.0&contentMatchType=&isExcludeFromOpt=0&cbuster=1593494769180&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:08 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/012005272217000/ Frame 07A8 202 KB
55 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005272217000/amp4ads-v0.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5233691dffa51e70ae8b66c53b31324e7dfb405de2b01b0bebb41ed2fd52f58a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 25468
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56211
x-xss-protection: 0
server: sffe
date: Mon, 29 Jun 2020 22:21:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9687f63ba3c32530"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Jun 2021 22:21:41 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/012005272217000/v0/ Frame 07A8 97 KB
29 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012005272217000/v0/amp-analytics-0.1.js

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97361dda3d036caf25e270fe716db15f530cfa40f3c6a165d1a6e76a4ac17183

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 25495
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29912
x-xss-protection: 0
server: sffe
date: Mon, 29 Jun 2020 22:21:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8ebd5537ed53cc8f"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Jun 2021 22:21:14 GMT

GET
H2 200 7464639028652035684
tpc.googlesyndication.com/simgad/ Frame 07A8 330 B
444 B 10ms
9ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7464639028652035684

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f19e7ee6cdf20bd478c037707c447b7cd469051de4dadeac32a795efb463c2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 14:30:09 GMT
x-content-type-options: nosniff
age: 1695360
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 330
x-xss-protection: 0
last-modified: Tue, 28 Jan 2020 23:02:00 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Jun 2021 14:30:09 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 07A8 0
54 B 59ms
58ms Image
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsumdDhWixaaUlYMjeQK4SpbCy3xEisawKXrOsEgD2iwgEaIPWqfKET5RaUkRHlxhsnpXidHPn48Cv4ozGRHisJ9sxRJCpOVNZ0rsYkPA3mk_1haggE2u0ZHVuokf79NznhE5LMTYYZ_aLPcuZLU3IBq7w0CXTueTVxg7OH8ICwOU0TGTu89-6_7F9J6EYDELOqKPBfs_8-YRfN3a9ag5ko_IvpBeIniNk9VPB0f2SvTPlRCSuE5q1-PknLw25DMuBSQbIuKOnBuqeFIpwU&sai=AMfl-YTaeldHNc0tWGI0EUNfcj-7Nmvb3Ni6dVgNZXWAFq_xJzoJL2Gnkw9vFgPx0bQPEtoaFtA0_1o1Zr4mLDV25LuGYbtKH09ELv8uKV84Xw&sig=Cg0ArKJSzE6iA1FKzemAEAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Jun 2020 05:26:09 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 07A8 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d725053c8c8259dc71b1e1f1bc2c8a13cafc32832a3a4737f6ed50d72af9280

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK w_640_002.ts Show response
video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/ Frame 9FFE 545 KB
545 KB 34ms
34ms XHR
video/mp2t 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/w_640_002.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 4b99fa6a086f3d0c2aa5f4237ab0dd87aec3ad58f845064ddc0c7b5e9ad1d336

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:46 GMT
Last-Modified: Mon, 24 Feb 2020 14:50:22 GMT
Server: Tengine
ETag: "5e53e2ae-883a0"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 07 Jul 2020 05:25:46 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 557984
X-Proxy-Cache: HIT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 07A8 0
54 B 57ms
56ms Image
image/gif 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssaFwfrBd_Y-Ic5gf2DAxRubxAS67T4YwWru_4ljv-FKdBo6FGRhD5SUEAPeOIheYSpMxmFSG3Jf-ggRI0UuYv48LCM4kuisPaau59QClJBu-IdUuENjw2kcY04IsHV0vhzesrNv9f0GjTr5A6VbNP5YRrtueWNZo0VhuiuHpRfQOauNVsjS6-FuyQbtYTlPijfEosuCS0IDiQI32LNJvcZgEQ7IkTllv1H1I-Nm2bpWF2GCsBeOn49uUHLoeHmIuyEBvhz02M20OAkmBikdQ&sai=AMfl-YSx1EOJvKOBtXRMYDzmsG5a0bMAEuEYtqM1tg2H6P7jeleEG5_qbsazsXXtpH2vs1WOkPlu_gYjmh0H-KdoRbuxnvGG486tRwCxY6kOSw&sig=Cg0ArKJSzMAubs1sk7kIEAE&adurl=

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 30 Jun 2020 05:26:09 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 7464639028652035684
tpc.googlesyndication.com/simgad/ Frame 07A8 330 B
388 B 6ms
6ms Image
image/png 2a00:1450:4001:816::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7464639028652035684

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012005272217000/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f19e7ee6cdf20bd478c037707c447b7cd469051de4dadeac32a795efb463c2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Jun 2020 14:30:09 GMT
x-content-type-options: nosniff
age: 1695360
x-dns-prefetch-control: off
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 330
x-xss-protection: 0
last-modified: Tue, 28 Jan 2020 23:02:00 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Jun 2021 14:30:09 GMT

GET
H/1.1 200
OK w_640_003.ts Show response
video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/ Frame 9FFE 512 KB
512 KB 34ms
33ms XHR
video/mp2t 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/w_640_003.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 205afbefaf0c95822b0d59a4347dbc2244044dbe3922339859c45d5c942bea90

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:46 GMT
Last-Modified: Mon, 24 Feb 2020 14:50:23 GMT
Server: Tengine
ETag: "5e53e2af-8002c"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 07 Jul 2020 05:25:46 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 524332
X-Proxy-Cache: HIT

GET
H/1.1 200
OK showad.js
ads.pubmatic.com/AdServer/js/ Frame 1593 0
0 58ms
58ms Document
text/html 104.111.215.68
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.68 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-68.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; KCCH=YES; pi=159196:2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

Last-Modified: Tue, 14 Apr 2020 10:27:52 GMT
ETag: "13006b6-a4bb-5a33da6f1a023"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 15243
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=82722
Expires: Wed, 01 Jul 2020 04:24:51 GMT
Date: Tue, 30 Jun 2020 05:26:09 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK Cookie set beacon
ap.lijit.com/ Frame D1DE 0
0 58ms
58ms Document
text/html 72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13394437
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D; ljt_reader=e224ec3297ce68d75279243e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

Server: nginx
Date: Tue, 30 Jun 2020 05:26:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJxlkDsSgEAIQ%2B%2BytQUsf6%2FmeHd1Zxti%2BWBCEq7B42QrsWT2Oob7Yg1S%2BXh2lI7BnY0IJkydq8rgxnakd7MU86eI3yTBBVInuCbcTOiRCgwZE78C%2Bun7ixK1OHonAb1CHoV7WvBX0Bv2p57ofgAsdl1i;Path=/;Domain=.lijit.com;Expires=Wed, 30-Jun-2021 05:26:09 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=e224ec3297ce68d75279243e;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None ljtrtb=eJyrrgUAAXUA%2BQ%3D%3D;Path=/;Domain=.lijit.com;Expires=Wed, 30-Jun-2021 05:26:09 GMT;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap2ams1

GET
H2 200 sync.html
public.servenobid.com/ Frame 0253 0
0 184ms
14ms Document
text/html 13.224.102.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.102.91 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-102-91.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: public.servenobid.com
:scheme: https
:path: /sync.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

status: 200
content-type: text/html
content-length: 2238
date: Tue, 30 Jun 2020 02:11:21 GMT
last-modified: Wed, 05 Feb 2020 04:43:10 GMT
etag: "b6a3577c8173652d03faf98111a4c16a"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 7245e91891539560c1f484b1e46159c9.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: OsdRexIMRMn1ZY--6dfGSVssw24LQv541o3v1WDQl8kQbuAtdbTu5w==
age: 11689

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 35C6 0
0 152ms
91ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: icu=ChgI8ppIEAoYASABKAEw75nr9wU4AUABSAEQ75nr9wUYAA..; uuid2=2366249563834325431
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

Connection: keep-alive
Content-Length: 506
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Thu, 06 May 2021 05:24:22 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 30 Jun 2020 05:26:09 GMT
Age: 4752108
X-Served-By: cache-lga21948-LGA, cache-hhn4074-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 236858, 1105203
X-Timer: S1593494770.578734,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1

200
OK

2000891.html
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame B190
Redirect Chain

https://sync.serverbid.com/ss/2000891.html
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

0
0

5122ms
1970ms

Document
text/html

205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html

Requested by

Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

map2.hwcdn.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Host: serverbid-sync.nyc3.cdn.digitaloceanspaces.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

Date: Tue, 30 Jun 2020 05:26:15 GMT
Connection: Keep-Alive
Cache-Control: max-age=85581
Content-Length: 4947
Content-Type: text/html
Last-Modified: Wed, 20 Nov 2019 20:29:05 GMT
Accept-Ranges: bytes
ETag: "1b0ebac83fe30af80513039edbdf566f"
x-amz-request-id: tx000000000000024e0829a-005efac9c3-35d9c92-nyc3a
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1593494773.dop001.pa1.t,1593494774.cds001.pa1.shn,1593494774.cds001.pa1.c

Redirect headers

status: 302
content-length: 0
location: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
cache-control: no-cache

GET
H/1.1 200
OK ixmatch.html
js-sec.indexww.com/um/ Frame 9C0A 0
0 245ms
84ms Document
text/html 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

Server: Apache
Last-Modified: Mon, 19 Jun 2017 19:18:19 GMT
ETag: "74087b-112-55254ff6699bb"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 211
Date: Tue, 30 Jun 2020 05:26:09 GMT
Connection: keep-alive

GET
H2 200 pd
eu-u.openx.net/w/1.0/ Frame 1796 0
0 44ms
36ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.188.0 /
Resource Hash

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=5c6ab14d-a2d5-4c0f-8f56-12dc45cd77cf|1593494765
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=5c6ab14d-a2d5-4c0f-8f56-12dc45cd77cf|1593494765; Version=1; Expires=Wed, 30-Jun-2021 05:26:09 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1593494769|gekin0vNiygu; Version=1; Expires=Wed, 15-Jul-2020 05:26:09 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.188.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 30 Jun 2020 05:26:09 GMT
content-type: text/html
content-length: 419
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 338F 0
0 240ms
88ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/threatpost/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rsid=1|AIfsdBUH+v3fWCPuzNowDE/csJlhKa2tgyNRUZWfOQd1pof5OGnhQqqTCqCJieGkTxzCtz/GWjvGSkTNWjmsGgfE/2wGlVwK8BMqZcvhERs6p2/GCb9YP8X4JPKBYjCRbro=; ses15=; vis15=300372^1; ses2=; vis2=300372^1; khaos=KC1HN2DK-1N-K0TK; audit=1|hLZGFuTafB0+lWuXbXyogBxZXcJNOYA1vEFG3YtYdk1Sj+Bo1/60EkD3pCcW8TpHcpj76PKZXj8oT2OqK/B16qwRNgFmLHdP
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Fri, 29 May 2020 23:03:21 GMT
Content-Encoding: gzip
Content-Length: 9233
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=54703
Expires: Tue, 30 Jun 2020 20:37:52 GMT
Date: Tue, 30 Jun 2020 05:26:09 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 204 sync
pixel.advertising.com/ups/56465/ 0
124 B 50ms
48ms Image
text/plain 52.59.138.183
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.59.138.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-59-138-183.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Tue, 30 Jun 2020 05:26:09 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

204

sync
pixel.advertising.com/ups/55965/
Redirect Chain

https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent=
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=zWCSxJtmkcDVMpGTzzPZxJ09xZzVYZCSmTMufBeB

0
124 B

95ms
92ms

Image
text/plain

52.59.138.183
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=zWCSxJtmkcDVMpGTzzPZxJ09xZzVYZCSmTMufBeB

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.59.138.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-59-138-183.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
date: Tue, 30 Jun 2020 05:26:09 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:09 GMT
status: 302
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=zWCSxJtmkcDVMpGTzzPZxJ09xZzVYZCSmTMufBeB
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
aol-match.dotomi.com/match/bounce/ 0
104 B 151ms
90ms Image
text/plain 2a02:fa8:8806:20::2040
VCLK-EU-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aol-match.dotomi.com/match/bounce/current?networkId=60&version=1&nuid=1A323c7830-ba92-11ea-a3c7-120b32d93760&gdpr=1&gdpr_consent=&rurl=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55853%2Fsync%3Fuid%3D%24UID%26_origin%3D0%26gdpr%3D1%26gdpr_consent%3D
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2040 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Tue, 30 Jun 2020 05:26:09 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
264 B 51ms
50ms Image
image/gif 63.32.144.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech&gdpr=1&gdpr_consent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.144.14 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-144-14.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:09 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status: 200
cache-control: private,no-cache, must-revalidate
content-type: image/gif
content-length: 70

GET
H/1.1 200
OK w_640_004.ts Show response
video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/ Frame 9FFE 363 KB
364 KB 109ms
92ms XHR
video/mp2t 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/w_640_004.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: b371d8260a81b2faa41aff2108c1e316ef8bb4adc2576d7c7b77f9db5607d6ef

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:47 GMT
Last-Modified: Mon, 24 Feb 2020 14:50:24 GMT
Server: Tengine
ETag: "5e53e2b0-5ac98"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 07 Jul 2020 05:25:47 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 371864
X-Proxy-Cache: HIT

GET
H/1.1 200
OK w_640_005.ts Show response
video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/ Frame 9FFE 507 KB
507 KB 64ms
33ms XHR
video/mp2t 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/w_640_005.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: abeae5c223ec6a87748efe8b60d18a4457fbde97d65e6882b2ef30495cf72f90

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:47 GMT
Last-Modified: Mon, 24 Feb 2020 14:50:25 GMT
Server: Tengine
ETag: "5e53e2b1-7eb9c"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 07 Jul 2020 05:25:47 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 519068
X-Proxy-Cache: HIT

GET
H2 200 pd
u.openx.net/w/1.0/ Frame 8EB1 0
0 79ms
79ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.188.0 /
Resource Hash

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd?gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=5c6ab14d-a2d5-4c0f-8f56-12dc45cd77cf|1593494765; pd=v2|1593494769|mWkigqiysLommOgevNgunsn0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=5c6ab14d-a2d5-4c0f-8f56-12dc45cd77cf|1593494765; Version=1; Expires=Wed, 30-Jun-2021 05:26:10 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1593494769.1|mWkigqiysLommOgevNgunsn0.rsj8fcsHqGiS; Version=1; Expires=Wed, 15-Jul-2020 05:26:10 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.188.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 30 Jun 2020 05:26:10 GMT
content-type: text/html
content-length: 396
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 0293 0
0 20ms
20ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: icu=ChgI8ppIEAoYASABKAEw75nr9wU4AUABSAEQ75nr9wUYAA..; uuid2=2366249563834325431
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

Connection: keep-alive
Content-Length: 506
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Thu, 06 May 2021 05:24:22 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Accept-Ranges: bytes
Date: Tue, 30 Jun 2020 05:26:10 GMT
Age: 4752108
X-Served-By: cache-lga21948-LGA, cache-hhn4074-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 236858, 1105204
X-Timer: S1593494770.001815,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 pd
u.openx.net/w/1.0/ Frame 74C3 0
0 71ms
64ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.188.0 /
Resource Hash

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/pd?gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=5c6ab14d-a2d5-4c0f-8f56-12dc45cd77cf|1593494765; pd=v2|1593494769|mWkigqiysLommOgevNgunsn0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

status: 200
vary: Accept, Accept-Encoding
set-cookie: i=5c6ab14d-a2d5-4c0f-8f56-12dc45cd77cf|1593494765; Version=1; Expires=Wed, 30-Jun-2021 05:26:10 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1593494769.1|mWkigqiysLommOgevNgunsn0.rsj8fcsHqGiS; Version=1; Expires=Wed, 15-Jul-2020 05:26:10 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.188.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 30 Jun 2020 05:26:10 GMT
content-type: text/html
content-length: 396
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame A544 0
0 66ms
65ms Document
text/html 104.111.230.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-230-142.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rsid=1|AIfsdBUH+v3fWCPuzNowDE/csJlhKa2tgyNRUZWfOQd1pof5OGnhQqqTCqCJieGkTxzCtz/GWjvGSkTNWjmsGgfE/2wGlVwK8BMqZcvhERs6p2/GCb9YP8X4JPKBYjCRbro=; ses15=; vis15=300372^1; ses2=; vis2=300372^1; khaos=KC1HN2DK-1N-K0TK; audit=1|hLZGFuTafB0+lWuXbXyogBxZXcJNOYA1vEFG3YtYdk1Sj+Bo1/60EkD3pCcW8TpHcpj76PKZXj8oT2OqK/B16qwRNgFmLHdP; pux=1512%3D91998%262231%3D91998%262249%3D91998%262307%3D91998%263778%3D91998%26goog%3D91998%262249-DV360-Hosted%3D91998%26brx%3D91998%26
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Fri, 29 May 2020 23:03:21 GMT
Content-Encoding: gzip
Content-Length: 9233
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=54702
Expires: Tue, 30 Jun 2020 20:37:52 GMT
Date: Tue, 30 Jun 2020 05:26:10 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 07A8 42 B
107 B 41ms
15ms Image
image/gif 2a00:1450:4001:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvdrGV4pbib_XDnhBkHjx8eZ_lzd5tzldzamG778VNOBhpbxqLr3LB-Av2tzCsCpRl1g3hSRVPt2iwZM20UzJTXD_mxJlWm19MY4YrEVuE&sig=Cg0ArKJSzCLMCce6yuFfEAE&id=ampim&o=0,0&d=2,2&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=80&tls=1081&g=100&h=100&tt=1081&r=v&avms=ampa&adk=3385906655

Requested by

Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
status: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0543 0
379 B 36ms
36ms Image
text/html 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1593494766&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%205%20%2F%20default&isApp=0&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efaccede2058&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1593494771586&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:10 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK w_640_006.ts Show response
video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/ Frame 9FFE 344 KB
344 KB 51ms
51ms XHR
video/mp2t 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/w_640_006.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: 5ddb1224f3b8ffa44e592fdb5a95fe83ba090c7e4d061a2a853ea5d68982c5bd

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:52 GMT
Last-Modified: Mon, 24 Feb 2020 14:50:25 GMT
Server: Tengine
ETag: "5e53e2b1-56038"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 07 Jul 2020 05:25:52 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 352312
X-Proxy-Cache: HIT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0543 0
379 B 101ms
36ms Image
text/html 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=25&serverTime=1593494766&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%205%20%2F%20default&isApp=0&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efaccede2058&contentFileId=0&mediaPlayListId=0&dur=1000&cbuster=1593494776390&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:15 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0543 0
379 B 37ms
36ms Image
text/html 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1593494766&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%205%20%2F%20default&isApp=0&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efaccede2058&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1593494776586&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:16 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK w_640_007.ts Show response
video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/ Frame 9FFE 33 KB
33 KB 51ms
51ms XHR
video/mp2t 185.167.96.10
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://video.sekindo.com/uploads/cn4/video/users/hls/28530/video_5d5baf9fe4c32389620327/vid5e53e246175a5158734501.mp4/w_640_007.ts
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.167.96.10 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: Tengine /
Resource Hash: fee62c5f63993d7919ef389cd9a28a667caf100a14af5545f1b11b38753e890d

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 30 Jun 2020 05:25:58 GMT
Last-Modified: Mon, 24 Feb 2020 14:50:25 GMT
Server: Tengine
ETag: "5e53e2b1-8374"
Content-Type: video/mp2t
Access-Control-Allow-Origin: *
Expires: Tue, 07 Jul 2020 05:25:58 GMT
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=25
Content-Length: 33652
X-Proxy-Cache: HIT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0543 0
379 B 99ms
35ms Image
text/html 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1593494766&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%205%20%2F%20default&isApp=0&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efaccede2058&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1593494781586&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:20 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 9FFE 0
59 B 76ms
75ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Tue, 30 Jun 2020 05:26:23 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://threatpost.com

GET
H2 200 avjp Show response
teachingaids-d.openx.net/v/1.0/ Frame 9FFE 92 B
283 B 95ms
95ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=246f00c0-2e9b-48e7-8ec0-21c629102f87&nocache=1593494783139&gdpr_consent=&gdpr=1&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C&skip=1&auid=540882779&vwd=320&vht=180&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.188.0 /
Resource Hash: 004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:23 GMT
via: 1.1 google
server: OXGW/16.188.0
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 92
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 9FFE 0
215 B 270ms
231ms XHR
application/json 18.194.51.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.51.59 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-51-59.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://threatpost.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 9FFE 144 B
839 B 105ms
40ms XHR
application/json 185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

8a7a7b46bbc0fece8a34ef4c87a65f13bd6df5efd64cac4a474bdb74526f39cc

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:25 GMT
X-Proxy-Origin: 185.236.201.148; 185.236.201.148; 731.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.46:80
AN-X-Request-Uuid: 61e39d04-833e-4f13-9117-8d5d30d5c370
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ Frame 9FFE 24 B
987 B 155ms
98ms XHR
application/json 104.111.215.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=435870&v=8.1&r=%7B%22id%22%3A%2237d06ca65fdc3f%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22381df4b0311b5e5%22%2C%22ext%22%3A%7B%22siteID%22%3A%22435870%22%2C%22sid%22%3A%22320x180%22%7D%2C%22bidfloor%22%3A1.8%2C%22bidfloorcur%22%3A%22USD%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22api%22%3A%5B1%2C2%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A320%2C%22h%22%3A180%2C%22placement%22%3A1%7D%7D%5D%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22admetricspro.com%22%2C%22sid%22%3A%221005%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&nf=1&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.135 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-135.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5e0705d4a6580ed452d0a293c339e9a374aed4dc10983d38730a59d2caed5ac0

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:23 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://threatpost.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 44
Expires: Tue, 30 Jun 2020 05:26:23 GMT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0543 43 B
463 B 105ms
40ms Image
image/gif 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=6&serverTime=1593494766&s=58057&sta=12381355&x=320&y=180&msta=12348808&vid_vastType=3&vid_viewabilityState=1&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%205%20%2F%20default&playbackMethod=auto&isApp=0&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efaccede2058&rvn=${VP_RVN_MACRO}&attemptMultiplier=10&contentFileId=0&mediaPlayListId=0&playerVer=3.0.0&cbuster=1593494783134&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:22 GMT
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Content-Disposition: inline; filename="pixel.gif"
Content-Type: image/gif
Expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ Frame 9FFE 173 B
381 B 22ms
20ms XHR
application/json 52.58.66.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.66.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-66-178.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e83403e69202bb52f4748a182e46f45d9139a4b364b05e96840463878e37bb49

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:23 GMT
content-encoding: gzip
status: 200
content-type: application/json
access-control-allow-origin: https://threatpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 168
expires: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 9FFE 0
1 KB 119ms
61ms XHR
application/json 185.86.137.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:23 GMT
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://threatpost.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json
content-length: 0

GET
H2 200 avjp Show response
primis-d.openx.net/v/1.0/ Frame 9FFE 92 B
283 B 1037ms
1035ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://primis-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthreatpost.com%2Fdarkcrewfriends-returns-botnet%2F156963%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=bd60f097-0d09-4a46-bca9-53bc7b787b33&nocache=1593494783427&gdpr_consent=&gdpr=1&schain=1.0%2C1!admetricspro.com%2C1005%2C1%2C%2C%2C!primis.tech%2C19668%2C1%2C%2C%2C&skip=1&auid=540392761&vwd=320&vht=180&
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.188.0 /
Resource Hash: 004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 30 Jun 2020 05:26:24 GMT
via: 1.1 google
server: OXGW/16.188.0
status: 200
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://threatpost.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 92
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 204
No Content 171621 Show response
search.spotxchange.com/openrtb/2.3/dados/ Frame 9FFE 0
1 KB 65ms
64ms XHR
application/json 185.94.180.123
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/openrtb/2.3/dados/171621
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_5.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.123 , Netherlands, ASN35220 (SPOTX-AMS, NL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 30 Jun 2020 05:26:23 GMT
X-SpotX-Timing-Transform: 0.000304
X-SpotX-Timing-SpotMarket: 0.030991
X-SpotX-Timing-Page-Mux: 0.000266
X-SpotX-Timing-Page-Require: 0.000378
X-fe: 127
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000121
X-SpotX-Timing-Page: 0.035158
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000341
Last-Modified: Tue, 30 Jun 2020 05:26:23 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary: 0.011311
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://threatpost.com
X-SpotX-Timing-Page-Misc: 0.002743
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.019680
X-SpotX-Timing-Page-URI: 0.000013
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0543 0
379 B 80ms
80ms Image
text/html 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=25&serverTime=1593494766&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%205%20%2F%20default&isApp=0&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efaccede2058&contentFileId=0&mediaPlayListId=0&dur=1000&cbuster=1593494786389&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:25 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0543 0
379 B 36ms
35ms Image
text/html 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1593494766&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%205%20%2F%20default&isApp=0&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efaccede2058&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1593494786586&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:26 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0543 0
379 B 37ms
36ms Image
text/html 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1593494766&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%205%20%2F%20default&isApp=0&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efaccede2058&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1593494791586&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:31 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0543 0
379 B 37ms
37ms Image
text/html 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=25&serverTime=1593494766&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%205%20%2F%20default&isApp=0&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efaccede2058&contentFileId=0&mediaPlayListId=0&dur=1000&cbuster=1593494796389&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:35 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK liveView.php
live.sekindo.com/live/ Frame 0543 0
379 B 36ms
35ms Image
text/html 185.220.205.220
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1593494766&s=101281&sta=0&x=300&y=250&vid_passDomain=threatpost.com&subId=threatpost.com&debugInformation=ABT%20%2F%20Prebid%20%2F%205%20%2F%20default&isApp=0&userIpAddr=185.236.201.148&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&csuuid=5efaccede2058&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1593494796586&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Requested by: Host: threatpost.com
URL: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software: nginx / PHP/7.3.19
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatpost.com/darkcrewfriends-returns-botnet/156963/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 30 Jun 2020 05:26:36 GMT
Content-Encoding: gzip
Server: nginx
Age: 0
X-Powered-By: PHP/7.3.19
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Cache-Control: no-store
Content-Type: text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.adap.tv
URL: https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XvrM8QAAAIkzhAFU&_test=XvrM8QAAAIkzhAFU

Verdicts & Comments Add Verdict or Comment

243 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

32 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 325) Message: gBrowserWidth =1600
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 350) Message: OpenX Slot defined for /21707124336/ThreatPost-970x250-ATF div-gpt-ad-6794670-2
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 350) Message: OpenX Slot defined for /21707124336/ThreatPost-300x250-ATF div-gpt-ad-6794670-3
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 350) Message: OpenX Slot defined for /21707124336/ThreatPost-300x600-ATF div-gpt-ad-6794670-5
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/ros-layout.js(Line 350) Message: OpenX Slot defined for /21707124336/ThreatPost-2x2-Skin div-gpt-ad-6794670-1
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 3) Message: CMP: Locale=en-us gdpr= false
console-api	log	URL: https://qd.admetricspro.com/js/threatpost/cmp.js(Line 3) Message: GDPR is not applicable, skipping initialization of CMP
console-api	log	(Line 3) Message: Not calling apstag.init() typeof(kAmazonPublisherID)=undefined
console-api	log	(Line 3) Message: ENGINE: gSChainNodes found, prebid configured with 1 supply chain object(s)
console-api	log	(Line 3) Message: Initial Ad Load
console-api	log	(Line 3) Message: sendBidRequests() gPBJSTimeoutTimer=null pbjs.adserverRequestSent=undefined
console-api	log	(Line 3) Message: pbjs bids returned
console-api	log	(Line 3) Message: gPBJSTimeoutTimer cleared
console-api	log	(Line 3) Message: sendAdserverRequest(): pbjsBidsBack
console-api	log	(Line 3) Message: sendAdserverRequest()
console-api	log	(Line 3) Message: Not calling apstag.setDisplayBids() gAmazonBidsBack=false
console-api	log	(Line 3) Message: pbjs.getAdserverTargeting: >> Prebid
console-api	log	(Line 3) Message: [object Object]
console-api	log	(Line 3) Message: pbjs.getBidResponses:
console-api	log	(Line 3) Message: [object Object]
console-api	log	(Line 3) Message: gThisRefreshSlots=
console-api	log	(Line 3) Message: [object Object],[object Object],[object Object],[object Object]
console-api	log	(Line 3) Message: sendAdserverRequest(): ---> Calling googletag.pubads().refresh()
console-api	log	(Line 3) Message: console.groupEnd
console-api	info	URL: https://cdn.ampproject.org/rtv/012005272217000/amp4ads-v0.js(Line 410) Message: Powered by AMP ⚡ HTML – Version 2005272217000 https://threatpost.com/darkcrewfriends-returns-botnet/156963/
console-api	info	URL: https://cdn.ampproject.org/rtv/012005272217000/amp4ads-v0.js(Line 410) Message: Powered by AMP ⚡ HTML – Version 2005272217000 https://threatpost.com/darkcrewfriends-returns-botnet/156963/
console-api	info	URL: https://cdn.ampproject.org/rtv/012005272217000/amp4ads-v0.js(Line 410) Message: Powered by AMP ⚡ HTML – Version 2005272217000 https://threatpost.com/darkcrewfriends-returns-botnet/156963/
console-api	warning	URL: https://cdn.ampproject.org/rtv/012005272217000/amp4ads-v0.js(Line 21) Message: [amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsudnneZoB3fdLNVJ6LkKcQ9cLR9V9eqlyaPv1asNtGbd-MtGNDPw17YOdsKGEfxzOuBOZJ3eVHnW6QyYSnVRmvnBDNUVOUsGkNrVoC5kOSlpXy2mkGRp9dlb0b027K4Ax1BbH-IXQXHk7OOoRjw-Cx7JX5XNKnS_eoNlt4W1Tw4eUXIDv_-K3W4Jq-9Opv11gs7qUbUO1nez2KQuu8PPEI_G8OQKUX-ZmSnhUF1bIxLU5YfG59BfpHIDzDfT5AFMa6mZC6rNEwIDE2qcTBj6DT264EgZCE&sai=AMfl-YRJj7JrvDRama2wq_eZYwy1Bz3WrWa20v48rA3i9KSukhrHe6QT2BfY2XcgZ18Vc35a_-OwXe1WvfdKhR4w07LxOAUtAPyxhtdTzMiHfg&sig=Cg0ArKJSzAuKcnqFkrS0EAE&adurl=
console-api	warning	URL: https://cdn.ampproject.org/rtv/012005272217000/amp4ads-v0.js(Line 21) Message: [amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvxFx67B-voIFO9RbnvsLsd5NqvnT1TLeO9sr7f2ej_sOfE3BhTjZv0LU12XyR1Yu1MebIWKIHnAIIkwSdFxBNH7-8ld5l4smOLkfu5JSk7OmClHP8lP16495PzTsEAkaEttnGSdulVzMDS63jtYczVN4hzpTR98clHDKxYZK0UByXZ1e1FTPA_SdMP0mHVbSoOAdp6fgF-_7EucK0ghYP5j4jxhGd7SuSKROu1pYYuQq6uQECKu_4_nJPU1EsrUeuVuZngf9H2Xfzr0IcMMWqSme3qF-c&sai=AMfl-YSWXYikU2p_imaVmotxHkF_omjYf5iBn0PJS8-tsGQN5iqigwKihIRhafhrBF6_UT9hV3bQupj0PfZiWuO0ExL2Wf0LgiDCdsPzh4YZHQ&sig=Cg0ArKJSzMarCGxRZR6UEAE&adurl=
console-api	warning	URL: https://cdn.ampproject.org/rtv/012005272217000/amp4ads-v0.js(Line 21) Message: [amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstqybCjVUftthRTjoS45FOSNj9Fi8ktI8ggZDxxW217CVivbDaq052tsz1YKAqIzTqlLX6Eta596K30v4brKTn4t21xQbvXEDhGg_4cUPwSFpw1IjBUyW7QX-yKlBwmaARQGZMjmJg75ZnZ2CfVS1MaEJiPNoMk5b-p13tVbjpdjDmyXjwkLq09E3tSpdM5fT1c37-7lsFYMDYi5nA3bAXA4O2ytuStsCkt4t3k4OE3qTXZlq8c_T6r94FAi_-trX4aIocvF2sQkzViuJku21DfLYmCqvk&sai=AMfl-YRmbn-f5QuxpMvl8NOkbQF8Dcx2-SO3b0Ai3AeQMv3_xVsc04WqlZzvbQPEvCdUCSNgM1EWjdwugZ7sDzLw9Q3oss-DQOlIcLBshc0FVQ&sig=Cg0ArKJSzEyUxPSIPq-EEAE&adurl=
console-api	info	URL: https://cdn.ampproject.org/rtv/012005272217000/amp4ads-v0.js(Line 410) Message: Powered by AMP ⚡ HTML – Version 2005272217000 https://threatpost.com/darkcrewfriends-returns-botnet/156963/
console-api	warning	URL: https://cdn.ampproject.org/rtv/012005272217000/amp4ads-v0.js(Line 21) Message: [amp-analytics/transport] Response unparseable or failed to send image request https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssaFwfrBd_Y-Ic5gf2DAxRubxAS67T4YwWru_4ljv-FKdBo6FGRhD5SUEAPeOIheYSpMxmFSG3Jf-ggRI0UuYv48LCM4kuisPaau59QClJBu-IdUuENjw2kcY04IsHV0vhzesrNv9f0GjTr5A6VbNP5YRrtueWNZo0VhuiuHpRfQOauNVsjS6-FuyQbtYTlPijfEosuCS0IDiQI32LNJvcZgEQ7IkTllv1H1I-Nm2bpWF2GCsBeOn49uUHLoeHmIuyEBvhz02M20OAkmBikdQ&sai=AMfl-YSx1EOJvKOBtXRMYDzmsG5a0bMAEuEYtqM1tg2H6P7jeleEG5_qbsazsXXtpH2vs1WOkPlu_gYjmh0H-KdoRbuxnvGG486tRwCxY6kOSw&sig=Cg0ArKJSzMAubs1sk7kIEAE&adurl=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4c4dbcdaf7106a197f7f1f31a711091f.safeframe.googlesyndication.com
acdn.adnxs.com
ads.adaptv.advertising.com
ads.pubmatic.com
ads.servenobid.com
adserver-us.adtech.advertising.com
adservice.google.de
analytics.twitter.com
aol-match.dotomi.com
ap.lijit.com
as-sec.casalemedia.com
assets.threatpost.com
c.amazon-adsystem.com
cdn.ampproject.org
cm.g.doubleclick.net
csync.loopme.me
e.serverbid.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
graph.facebook.com
hbopenbid.pubmatic.com
ib.adnxs.com
js-sec.indexww.com
kasperskycontenthub.com
live.sekindo.com
match.adsrvr.org
media.threatpost.com
pagead2.googlesyndication.com
pixel.advertising.com
pixel.quantserve.com
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
prg.smartadserver.com
primis-d.openx.net
public.servenobid.com
qd.admetricspro.com
rules.quantcount.com
search.spotxchange.com
secure.quantserve.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
static.ads-twitter.com
stats.g.doubleclick.net
sync.adap.tv
sync.search.spotxchange.com
sync.serverbid.com
t.co
tagan.adlightning.com
teachingaids-d.openx.net
threatpost.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
video.sekindo.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.reddit.com
x.bidswitch.net
sync.adap.tv
104.111.215.135
104.111.215.68
104.111.230.142
104.244.42.3
104.244.42.69
13.224.102.234
13.224.102.26
13.224.102.91
138.201.86.121
151.101.112.157
151.101.113.108
167.172.1.14
172.217.23.162
18.194.51.59
18.194.86.89
185.167.96.10
185.220.205.220
185.33.220.244
185.64.189.112
185.86.137.32
185.94.180.123
185.94.180.126
199.232.53.140
205.185.216.10
216.58.212.130
2600:9000:2190:4c00:6:44e3:f8c0:93a1
2600:9000:2190:9e00:2:9275:3d40:93a1
2600:9000:2190:d600:0:5c46:4f40:93a1
2606:2800:233:97b6:26be:138a:cba8:bb01
2606:4700:3030::ac43:d04a
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2620:1ec:21::14
2a00:1288:110:c305::8000
2a00:1450:4001:801::2001
2a00:1450:4001:801::200a
2a00:1450:4001:808::2003
2a00:1450:4001:809::200e
2a00:1450:4001:816::2001
2a00:1450:4001:816::2002
2a00:1450:4001:818::2003
2a00:1450:4001:818::2004
2a00:1450:4001:81e::2003
2a00:1450:4001:824::2008
2a00:1450:400c:c04::9c
2a02:fa8:8806:20::2040
2a03:2880:f02d:e:face:b00c:0:2
3.126.56.137
34.253.1.139
34.98.64.218
35.173.160.135
35.244.159.8
52.58.66.178
52.59.138.183
63.32.144.14
69.173.144.140
72.251.249.13
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14
00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7
055ffddafced6da0d0c031c73654265c6725df20b05811cf51fbdfcfa93f81d3
05632b246776d72900c4e43dc21015e6880cb92e2155add0180ac8f54f0d65ac
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06fc565587b8b700936a1677218cb269a6cc31ca5f701eb45461e86a3d54d5c7
0a3411caa491296107bd66c21922faf8d0269500831907798ff5f3f0fa19b72c
1027ead12fb985bde9b340834ea38fbb7491930899329430a32e4f3963404157
14be6a0a8ec5070f1aac299ccff69379e9bf038148d5a1c5a66f772308f6e959
15e9840f31982980328598c38e5c60434072901f2c902713ef9c4d4900e05307
172314ff74044b918766ed4763279b5e8798622087c0a2930f59c9d44662213d
17aee1fe3d7d16e647b97f568230c2ff36c1855ce35ce930c26aec5d2c58eaf4
17d9041ab15483ed447874d58d24182f1ae11ba05320dde22f72bcc02492601c
1d69d1bc4891a0628f7313bd32355596c4a7e3e6de5a9214d03fbf327c8ae1f9
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1dd195139c231e1ca1863f486c97fac3d6c45f0441b066dc3fe8b5b893ee9254
1f152c8879492dd153cf7a47ad195151e20491e60985d86f9ef7a7ddc85062f6
205afbefaf0c95822b0d59a4347dbc2244044dbe3922339859c45d5c942bea90
21e46fe44c6929876f5a413c843ae516c0ddfd1aad3e8e33446b7bc0a6781b08
22bce61f4ab1cabf0df284f75cf064654e2c82fd992de9b8bd951f3bb43a87ca
2887ab4d533195dfe9fdfc547ef7f1aedaea57c79c91e6340f77a9ebe56de328
2956336d0b52582c06b84bafb3f29ffff4c2387b28b790780ed509aa07a725e0
2a22d2d046d97851fda2dc73adf31826b4ab7f7fe44f4856a8570c73b5102102
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2de77164bb9924542e1dea4ee4a0ff27d40b51a3d7939dac7db11a95045c9b7d
2ded17a92a2004d652360a7db4972a8ffe7ae602c3994ea2fff94e3d1b7145b5
3097d0444becd9d089b52b7074072f19201525de874d0775012572fb375b7838
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
3435531b595fb1b2b529346e1df8c979a1fd727f56ea8c0d792316035440cac5
39af7c1116fb967a330e8770f775e6b5ee871add01ed45c98a1634911cebfb0a
3dbd06bf1d690a4c0fcbfcd77c26a032558b9f9698bb7261191bfb19656bf8ca
40f766cd64caff04695f4a8fb4311663c9ff4b6f9a8480c80d6394943f3f6bcf
420508fc523520f35de5c851905543294123d7676b5a5668744691f2abe9e730
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
45ddc09b0ad6ab916bd9a0282070b161045e186fc025303f4aa1aa821fc45ac7
482029b5f5f08818d7e14279dd72eb1f23e01c415bb43635776d139b36e4551b
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b99fa6a086f3d0c2aa5f4237ab0dd87aec3ad58f845064ddc0c7b5e9ad1d336
4d3ea71f9e3abcbdef62c6b2d99c52798b78af9553d8d774eee43df390fb3ee6
4d725053c8c8259dc71b1e1f1bc2c8a13cafc32832a3a4737f6ed50d72af9280
4e10c320e69dbec70da9b25b702c4d54d655d0b0ff3034e5deca574a18215f4a
506d565f94cecbb486394c545a96e8459217f8d045496b511e8c815142abfc70
5124d9ffaa6f5a8a341e57171615594e04b1c65ecb73cc8d4379dece38fb7878
5233691dffa51e70ae8b66c53b31324e7dfb405de2b01b0bebb41ed2fd52f58a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a7ed822968963e31d88424c96387ad9f4fd4f4b5a5b581a33f65e3784d162cf
5b5b4cc32a1cca6751686cf0f839a563725139cc45ff9b1fdd2c57ac54e1700f
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d363c974cd81869ce3fd8d76a06f12b273be51cb358a9a85c21d157eedde824
5ddb1224f3b8ffa44e592fdb5a95fe83ba090c7e4d061a2a853ea5d68982c5bd
5e0705d4a6580ed452d0a293c339e9a374aed4dc10983d38730a59d2caed5ac0
6cdc57f82f4b0d09e5b4e584ca4736cd3871f20563d4ce25120b057d8ffb4eb2
6e0596addc8d485b669ec71db4df85833e91fbb20a2ac431e8ab5d2333312e9f
6edd87b2b97262fd8bf646bbbe2522017465404cd7a2739a90c55cc712c3c326
7288ee7c57f827b33632f4da1cde82ca6101e1cb272bcd7cfd7604016cff341d
72ca323974fe6363c3c952135cb6f0ed119f95012a79813215ec93b98417535b
7301462cb27dcb0cf467822211f6cdd478be091ed9d776b29f426ce78c4a414f
76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e
76ba07e059d9e2113f9c940f1a31efc95bd9d5badd68bbc3637177e892a08099
7761b2ea03767958824d78022ef5f3cea3c82f06472465b3925ce967921f23e9
7802c6b2bc2624efc01241b88b2b2fb96030b95f46771a0f437addeb86060a61
789830aa9d02bfb21cf76d45b308d897fb56375aab65999723364a5a00e839b9
7d0492c66125b1c2bdc419641e41542857e7d90e323d355ee0b8bb268da121fb
7d9944f6f4e2d0330ca2a9d758a404fdca5937f4a0ddf939247ca3505f9f0bbc
7ecd32c109df34a893202119762c2a13f7b8f812bfe21a2e5c4623bbe59c6c94
7f5c3c6b0989a6778b5229d468928a4f9a427d77c2b7f01342eae0edb00af9e2
8011927266f67730cbd0fa135ce4180e5a671d39310d44eca866461408d19d7f
82778d6bab0bf693d922b290e21dc5766bc0d7dcc15fb8cbf96223449f07a662
851f0e2e13ac8a7607bb8d71614d370035f007d9d1c527f94302e3f05a4b6fcb
859faa9b9ed0990288b2f393a102b1fe2668ac79088b113b6f0beaee521221eb
87bb289b5e4ea0b0c838ef9c82c3aa36c7cfd014959d9f7c8a1d312265c74b22
89ce08431545cd3c6d42419d99ee0152027a68c1d0c7c82838cc9a51d9d52451
8a7a7b46bbc0fece8a34ef4c87a65f13bd6df5efd64cac4a474bdb74526f39cc
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
940e0c3385928422aae38e1a74f1d84b462d8ce1a056c686fde505a0bf3162bb
97361dda3d036caf25e270fe716db15f530cfa40f3c6a165d1a6e76a4ac17183
9875494c4b4f213669320e8a6ee112706d667a92778cdca3f3937eeb8df89f2a
993ebc45d9927d420801f05819222e8cc1aa523187e4c0b290df02b23ce18093
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9e748b25841a86b4205b0e7cb04922c12244e545bef2d83881e04271d56a146a
9eff853e0e48a1d66ee00e3daed67fbdbc2f15ddd89916c2492864c4bf00dcb4
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd
a9d2b2df99c1a115d5394c70a898d8801092208dc582f8bd6fb01b35c30d6b22
aa64fa30a3263fa3105736228a6feaaa4f7d32d8ef96b12e56f6fb95511b66a7
aaf45a172ec90c76bcecd61c68d998c2256fe9b1700371e80011d1161c5ab629
abbd831394d504d7bfb663ee0d4f806a809972f80b2ef5e76d706b1eee11204e
abeae5c223ec6a87748efe8b60d18a4457fbde97d65e6882b2ef30495cf72f90
ac53ffbc6bb9d9c246d72c17775a0f9803bd58760521417a44acbfbb194622fc
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ace61d80f3fe90bbb02ab328d9705b57a9c8a95d3a0bf6b4cd510d4dacd033df
ad237fb737d307f25e314306d8ef8ebddb21d9e56b8521ca9eb89f52883f3bca
ae00ae9c862bc8b8923efd1d9a18befa912678a869d4dd01179a59ed3de731be
ae4b7b284eeb52a60117e8ad342f1b6c6de8737cb66a256352e41113f4878c45
b1b5902c951e186f7accc263042e374ad0599189e319d0e947cdc8c801268626
b2c7f85c5fcb5c67c99797b48affc9b3dece6f7b4db4aeef6f7674f498103a37
b371d8260a81b2faa41aff2108c1e316ef8bb4adc2576d7c7b77f9db5607d6ef
b9074b1b24c8737faa58c4bfb5026386c9b09f231a124b9f3c6c4d72610ceecc
bac82b174f1eb8ea37f49787d5412d9bd4d41b466bd597c6f6366c94d42c0a26
bb7b43ac92badb237d4480b3ab19b6ed538c2a36b236c410ba89d58c5cea8eba
bba3c5aaed9697f7dd53a15945011622d30231d491857c58fc26fa5b7598c9a6
bbca6fe6f2b8dbe341cd5b5a3e26f6df0d3d8820478ba173dcedf1a4279659b2
bcaa21df70fd10c5a594ac5996411eb517750a210903adaa56dc097d5936dc9e
bcf391dd0b006a87698ac0894d71039d610480913d24fcdaa1f2fdeeeda943e3
bd5304916cb80676de16ef1b0d3103574577a8e64870b5606cb7e22e4c2627a4
c1533bc39e2dd8ede3893909d6f42760e0598d075951447afe88158e57b0961a
c3914fe5abc7b0c9c76570e823b64f7c7f0dc9e54a2efe35893b71e364c6fb36
c7a3c8d6b3317f49e891ebde6e1c22e7bfa42a2d4085fb4d5d00d7ae863bbb5a
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc15c325492dd5972c007635108f190eb6c75025e75c89d6b006ca7aeb4278a3
cc4ac9da964deed6d44ceedc4b09f532cec4b92911f1bd8bb7fd5be1a7090670
ce5c7e164cf875e98fff52ba3e342eeca5ec65a29a5a4b205348f2f35ef99824
d62a7b7ec5313469ebff5c006b9068dc44d6d1c122cf787ffa29a10113b34060
d8d7c1b1b1bf23b768acd49779615e47a3b2b18973e09aa5e815cc752a58b24b
ddfa1fb89c91c56f44a4d620e75247c3fa7e8d2e0b88ea0dbc4efc770cbef00d
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796
e25f6776f07eecdef98579601a069df2066bcd1c5ba9dcfd5e85cb13b1e319b3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4058d4ee9da1ceaddfa91ddb63650ba67285f1bbfee487d9dfe648bced669a0
e6e50fd1047f835e02b1b4140c8a63062dff27f25906501694c4829624150955
e78c534980130d16ea4995e561be8fe0d0fb0acd62182032360513c86149963b
e83403e69202bb52f4748a182e46f45d9139a4b364b05e96840463878e37bb49
e9021fe4383e9ded41297f8aecb83e70521adcea2107eae74bce1291c56eb817
e943dbcfb86d85f244a7297d32ba27e2efe5f46e242dfb838253cd52ab95d785
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
ea0a80b8727df18cb54c324e2e5ec25d51b26f3c78f87d3fba99de39d9631f96
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f17f094e82c4d18f33b47e74e6520314d7110522e4aa8d1b502976522e1551e5
f19e7ee6cdf20bd478c037707c447b7cd469051de4dadeac32a795efb463c2e2
f1a73d1be169d95a5d478b3a6751e42b1f5c2c0a6e5486c709b90241004376c9
f1c5b151c572a28606abf9805487e0274993f217328e2c5cf89ede171dbc267b
f4b064d961dd5c30917481f9cf22f400d352737e7dac10d70e574877eef1e8ea
f4f2c0a4763f01ee2b13b4f8189e6fd5f32bd704d71fed8d0f11883de9724198
f75166e3f70100b65a6ce1d4128bc15286e92b19a546fa7709f739e9bcfe52c6
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
fee62c5f63993d7919ef389cd9a28a667caf100a14af5545f1b11b38753e890d

threatpost.com Open in urlscan Pro 35.173.160.135 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

217 Requests

99 %HTTPS

38 %IPv6

43 Domains

66 Subdomains

53 IPs

8 Countries

6005 kBTransfer

9901 kBSize

0 Cookies

15 Outgoing links

Redirected requests

217 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

threatpost.com Open in urlscan Pro
35.173.160.135 Public Scan

Screenshot
Live screenshot

Full Image

217
Requests

99 %
HTTPS

38 %
IPv6

43
Domains

66
Subdomains

53
IPs

8
Countries

6005 kB
Transfer

9901 kB
Size

0
Cookies

217 HTTP transactions
6 data transactions